What is AI regulation in the Dominican Republic?
AI regulation: countries and regions
The Dominican Republic does not yet have a dedicated AI law in force. AI is governed through a mix of the 2023 National AI Strategy, Law 172-13 on personal data and habeas data, sector and public administration rules, and ordinary constitutional and administrative law. Bills are still under study, so the country currently relies more on policy, data protection and institutional governance than on a standalone AI Act.
What this means
If you are asking whether the Dominican Republic already has an EU-style AI Act, the answer is no. The most important AI-specific instrument in force is the national strategy, ENIA, approved by decree in 2023. It sets direction for the state, public administration and the wider digital economy, but it is not the same thing as a detailed private-sector AI code.
The main enforceable baseline today is older and broader: Law 172-13 on personal data. That law applies to public and private data processing, gives people rights to access, correct, cancel and oppose data use, and creates judicial and sectoral enforcement routes. In practice, many AI questions in the Dominican Republic are really questions about data handling, security, accuracy, human review, administrative legality and sector supervision.
That means organisations should treat Dominican AI governance as an emerging framework. There is real law, but it sits in data protection, administrative law and sector rules, while AI-specific legislation is still moving through policy and legislative channels rather than being fully settled.
Why it matters
This matters because a team can easily assume that "no AI law" means "no rules". That would be a mistake. If your model uses personal data, influences lending, supports public service delivery, profiles users, routes cases, or sends data to overseas vendors, you are already inside a legal and governance perimeter.
For founders, buyers and operators, the practical stakes are simple. You need to know what data you are allowed to use, what information people can request from you, how quickly records must be corrected, what security and internal procedures are expected, whether a public body actually has legal authority to automate a task, and who handles complaints or review. In the Dominican Republic, those questions are answered less by one AI statute and more by a combination of ENIA, Law 172-13, public administration rules and sector bodies.
For policymakers and governance leads, the country is also a useful example of an emerging Latin American and Caribbean model: strategy first, digital-state governance next, and bespoke AI legislation later. That makes institutional design, procurement practice and internal controls especially important during the gap between policy ambition and fully developed AI legislation.
How it works
There is no dedicated AI act yet
As of June 2026, the Dominican Republic does not have a standalone AI law in force. Official sources instead show an active but unfinished legislative picture: Senate committees have continued studying AI bills, and another public body, Procompetencia, issued formal recommendations on a draft AI bill in March 2026. The plain reading is that AI-specific legislation is still being shaped, not yet settled.
ENIA is the policy backbone
The current AI architecture starts with the Estrategia Nacional de Inteligencia Artificial, or ENIA. Decree 498-23 approved ENIA and its action plan in October 2023. The decree says ENIA is in force until 31 December 2030, can be updated annually, and is to be implemented through plans led by the Gabinete de Innovacion y Desarrollo Digital. It also says executive branch entities must coordinate their AI projects with that cabinet and reflect them in planning and budgeting.
In substance, ENIA is a state roadmap. It frames AI around public-sector governance and ethics, AI in the administration, public-private collaboration, talent and education, research and innovation, and data and infrastructure. For the wider market, that makes ENIA more important as a national direction-setting instrument than as a day-to-day compliance manual.
Law 172-13 is the main enforceable baseline
Law 172-13 is the Dominican Republic's key hard-law baseline for AI deployments that touch personal data. It applies across the national territory to personal data in public and private banks, records and files. Its concept of processing is broad and includes systematic electronic and non-electronic operations, so it comfortably reaches modern AI workflows.
The law matters for AI because it sets the working rules for data use. It requires lawful and quality-focused processing, addresses consent, protects sensitive data, regulates certain international transfers, and gives individuals rights of access, rectification, cancellation and opposition. It also lets individuals go to court through habeas data when rights are not respected. Controllers must keep data secure, process correction requests, handle consultations and complaints, and adopt an internal manual of policies and procedures.
That is why Dominican AI compliance often begins with data mapping rather than model taxonomy. If a system trains on personal data, enriches user profiles, scores people, or shares records with a foreign vendor, Law 172-13 is usually the first serious legal checkpoint.
Public sector AI sits inside administrative law and data governance
For government use, ENIA does not by itself authorise automation. Public bodies still need legal authority, due procedure, data governance and institutional controls. That is why the public administration layer matters so much.
In 2025, the Ministry of Public Administration issued Resolution 073-2025 on interoperability and data governance across the administration. It created a committee chaired by MAP and including bodies such as INDOTEL, OGTIC, the JCE and the national cybersecurity centre. That is not an AI law, but it is part of the operating environment for any state AI project because it deals with secure exchange of data, governance structures and common rules for state systems.
In April 2026, the Consultoria Juridica opened public consultation on a draft regulation for the National Strategy of Proactive Services. The draft is important because it shows the government's likely control model for AI-enabled public services: legal basis, prior risk review, bias control where appropriate, version records, traceability, human review where the legal order requires it, accessible explanation and a complaint channel. But it is still only a draft from the sources reviewed, so it should be treated as directional, not as binding final law.
Institutions are distributed rather than centralised
There is no single all-purpose AI regulator. Instead, responsibilities are spread.
The Gabinete de Innovacion y Desarrollo Digital and OGTIC sit near the centre of the national AI strategy and digital transformation effort. MAP is central for public administration design, interoperability, service modernisation and data-governance method. The courts remain important because Law 172-13 relies in part on habeas data and judicial protection. The Superintendencia de Bancos has a clearer control role for credit-reporting files and Sociedades de Informacion Crediticia under Law 172-13. INDOTEL remains a telecoms and digital-infrastructure regulator and appears in the state's interoperability governance arrangements, but official sources reviewed do not show it acting as a general AI regulator.
What this means for actual compliance
Today, Dominican AI governance works as a layered system. ENIA tells you where the state wants to go. Law 172-13 tells you what you cannot ignore when personal data are involved. Sector and administrative instruments shape the operating environment, especially in finance and public services. Pending bills may later add more explicit AI duties, but they do not remove the need to comply with the rules already in force.
Examples
A Dominican business buying an overseas AI API for customer support or internal analysis should not stop at procurement. If personal data flow into that tool, the team should check notice and consent logic, whether the data are accurate and necessary, how correction and access requests will be handled, what security measures apply, and whether any international transfer condition under Law 172-13 is being relied on.
A lender, credit-information provider or vendor working around automated scoring, consumer identity checks or credit reports has to remember that Dominican law is unusually specific in this area. Law 172-13 regulates Sociedades de Informacion Crediticia, places them under banking supervision, requires security and correction procedures, restricts sensitive categories in credit reporting, and even addresses biometric identification in that context. So "AI in finance" is not a blank space just because there is no AI act.
A ministry or public body planning a proactive or predictive service cannot assume ENIA alone gives it permission to automate. The current legal path still runs through existing administrative powers, data-governance rules and sector competence. The 2026 draft Proactive Services regulation is useful as a preview of where the state appears to be heading: legal basis first, then risk review, bias controls, traceability, explanation and a complaints path.
Common misunderstandings
"ENIA is already a full AI compliance code." No. It is a national strategy and action framework, not a complete AI statute for every deployer.
"Law 172-13 is the same thing as the UK GDPR." No. It is a real data-protection law, but it is older, structured differently and does not create a single modern GDPR-style AI supervision model.
"If there is no AI law, there are no AI duties." No. Personal-data rules, security duties, administrative legality and sector supervision still apply.
"INDOTEL is the Dominican AI regulator." Not on the official sources reviewed. It is a telecoms and digital-sector regulator that appears in broader state digital-governance structures.
"A bill under study already changes the law." No. Pending bills and draft regulations may signal direction, but they are not the same as enacted law.
Risks and boundaries
The biggest boundary is honesty about what exists. There is no dedicated AI act in force that comprehensively classifies AI systems, sets a full risk-based model across the economy, or creates one general AI regulator. Anyone implying otherwise is overstating the current legal position.
A second boundary is that some of the most interesting public-sector material in 2026 is still draft material. The draft regulation on proactive services contains clear AI governance safeguards, but the consultation notice itself shows it was still a draft and that the period for comments closed on 22 May 2026. Until a final text is issued and published, it should be treated as a policy signal, not settled law.
A third boundary is institutional fit. Law 172-13 is important and enforceable, but it is not a modern AI statute and it is partly structured around broader data rights and credit-information systems. That means some AI governance questions, especially on model risk, transparency depth, testing or prohibited practices, are not answered with the same level of detail that readers may expect from newer AI laws elsewhere.
Finally, legislative movement remains possible. Senate committee work and Procompetencia's recommendations show that AI-specific legislation is still live. The direction may become more explicit, but the timing and final content could still change.
What to do next
Start with a use-case inventory. Separate tools that only assist staff from systems that profile people, influence eligibility, rank users, support lending, or touch sensitive personal data. Then map the data flows behind each use case, including overseas vendors, training data, logs and prompts.
Next, build a Dominican-law control set even before a dedicated AI act arrives. That usually means data minimisation, lawful basis and consent analysis where needed, security controls, correction and complaint handling, human review for consequential uses, version control, testing records and clear internal ownership. Law 172-13 already supports that discipline, and for public bodies it is wise to align with the state's interoperability and traceability approach rather than wait for a final AI regulation.
For boards, founders and buyers, the practical move is to treat pending Dominican AI legislation as a horizon issue, not as a reason to delay governance. Contracts with AI vendors should address data use, security, transfer conditions, incident handling, retention, audit support and change management. Public-sector teams should monitor MAP, OGTIC, the Consultoria Juridica and the Presidency for final regulations. Private-sector teams should monitor sector regulators as well as the Senate process, especially in finance, telecoms and public-facing services.
FAQs
Does the Dominican Republic already have an AI law?
No. As of June 2026, there is no dedicated AI act in force. The current framework is made up of ENIA, Law 172-13, public administration rules and sector law.
What is ENIA?
ENIA is the National AI Strategy approved by Decree 498-23 in 2023. It is the main national policy roadmap for AI and runs to 31 December 2030, with annual updates possible.
Does Law 172-13 apply to AI systems?
Yes, where personal data are involved. The law covers public and private processing, including electronic processing, and gives people rights over their data.
Is there one Dominican AI regulator?
Not from the official sources reviewed. Responsibility is distributed across strategy bodies, public administration institutions, sector regulators and the courts.
Are public bodies free to automate decisions because ENIA exists?
No. ENIA sets direction, but public bodies still need legal authority, administrative legality, data governance and proper controls for automation.
Are new AI rules being prepared?
Yes. Official sources show Senate committee work on AI bills and a 2026 public consultation on a draft regulation for proactive public services that includes AI safeguards.
Do cross-border AI vendors raise legal issues in the Dominican Republic?
Yes. Law 172-13 addresses international data transfers, so sending personal data to foreign AI providers should be analysed rather than assumed to be frictionless.