Cybersecurity ยท Timor-Leste
Cybersecurity law & regulation in Timor-Leste (2026)
Timor-Leste shaded by its cybersecurity status
Cybersecurity in Timor-Leste: proposed, anchored by Draft Cybercrime/Cyber Law (Ministry of Justice, 2025) plus a National Cyber(security) Strategy under development; no comprehensive cybersecurity statute in force. Constitutional privacy rights (Arts. 36-38) and the 2017 National ICT Policy / Timor Digital 2032 provide the policy backdrop..
Timor-Leste currently has no comprehensive, in-force cybersecurity or cybercrime law and no general data protection statute. In 2025 the Ministry of Justice circulated a draft Cyber/Cybercrime Law (covering unauthorised access, interception, computer-related forgery, system/data damage, and online content offences) which remains in the proposal/consultation stage and has drawn civil-society criticism, while a national cybersecurity strategy and CIRT capability are being developed with international partners.
Key points
Timor-Leste has not enacted a dedicated cybersecurity or cybercrime statute; the country is classified in the 'Building' (T5) tier of the ITU Global Cybersecurity Index, with notably weak technical and organizational measures.
The Ministry of Justice advanced a draft cybercrime bill in early 2025 covering unauthorised access, interception and damage to computer systems/data, computer-related forgery, and child/'revenge' pornography, alongside provisions on online content and social-media misuse.
Journalists' and civil-society groups warn the draft focuses on shielding leaders from criticism, lacks whistleblower protections, sets a low threshold for interception of communications, and imposes no limit on warrant duration, raising free-speech and privacy concerns.
There is no general personal data protection law and no statutory data-breach or incident-reporting duty; privacy rests on Constitution Articles 36-38, with a Data Protection Law reported to be in preparation.
A National Cyber Strategy and implementation plan are being developed with international support (e.g., ITU and partners), and Timor-Leste is building incident-response/CIRT capacity rather than operating an established national CERT.
E-government and ICT security functions sit with bodies such as TIC TIMOR, ANC and DDSIA under the 2017 National ICT Policy and Timor Digital 2032; Timor-Leste has engaged Australia on cybersecurity cooperation to build capacity.
Timor-Leste - other topics
Cybersecurity in other countries
Last verified 5/24/2026 ยท Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite ยท Explore the full world map โ