What is AI regulation in Fiji?
AI regulation: countries and regions
Fiji has no dedicated artificial intelligence law and no standalone AI regulator. As of mid 2026, AI is governed indirectly through the 2013 Constitution's privacy right, the Online Safety Act 2018, the Cybercrime Act 2021 and sector rules, plus a Cabinet endorsed National Privacy and Personal Data Protection Policy (October 2025) and the National Digital Strategy 2025 to 2030, which schedules a national AI framework. Binding AI specific duties do not yet exist; they are planned, not in force.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
Fiji does not regulate artificial intelligence through a single law or a single agency. There is no Fijian equivalent of the EU AI Act, and there is no AI commissioner. Anyone building or buying AI in Fiji is governed by general laws that happen to touch data, communications and online harm, together with policy documents that describe where the government intends to go next.
The most important point for a slow dating reference is that the architecture is policy led and still forming. The government has set out its direction in the National Digital Strategy 2025 to 2030 and through a National Privacy and Personal Data Protection Policy that Cabinet endorsed in October 2025. These are statements of intent. They signal future legislation on privacy and a future national AI framework, but they do not by themselves create enforceable AI obligations.
In practice, then, an organisation deploying AI in Fiji should think in terms of existing duties: respect the constitutional right to privacy, avoid harmful electronic communication, stay within the Cybercrime Act, follow any sector regulator's rules, and prepare for a data protection statute that is expected to follow the 2025 policy.
Why it matters
For founders, operators and governance leads, the absence of a dedicated AI statute does not mean a free hand. It means the rules that apply to your AI system are scattered across constitutional rights, criminal law, telecoms regulation, consumer protection and financial sector guidance, and that the baseline is about to rise. The October 2025 privacy policy is described by Prime Minister Sitiveni Rabuka as laying "the foundation for the development of a National Privacy and Personal Data Protection legislation, a crucial step in modernising Fiji's approach to data governance and digital trust", and the National Digital Strategy schedules a national AI framework. Buyers and advisers who design now for transparency, consent and accountability will face less rework when that legislation lands. Anyone treating Fiji as a jurisdiction with no privacy expectations at all is misreading both the constitutional baseline and the clear policy trajectory.
How it works
No dedicated AI law yet
There is no AI specific Act, bill or regulator in Fiji. The government's stated approach, articulated by Deputy Prime Minister and Minister for Communications Manoa Kamikamica, is to fold AI governance into the wider cybersecurity strategy and the National Digital Strategy rather than to create a single AI ministry or a bespoke AI law first. In his words, "We are looking at it from a cybersecurity lens, so we are developing a cybersecurity strategy for Fiji and National Digital Strategy, so AI governance will be part of it as well." AI duties are therefore inferred from general law plus forthcoming policy.
The constitutional privacy baseline
Section 24 of the 2013 Constitution gives every person the right to personal privacy, including the confidentiality of personal information, the confidentiality of communications and respect for private and family life. Section 25 gives a right of access to information and to correction or deletion of false or misleading information about a person. These rights may be limited by law to the extent necessary. This is the durable backbone of data and AI accountability in Fiji, but it is a high level constitutional right rather than a detailed operational regime.
Data protection: policy now, statute later
Fiji has long lacked a comprehensive data protection statute. Protection has rested on the constitutional right plus sector specific confidentiality duties in instruments such as the Banking Act 1995, the Fiji Revenue and Customs Service Act 1998, the Medical and Dental Practitioner Act 2010 and the Legal Practitioners Act 2009. In October 2025 Cabinet endorsed the National Privacy and Personal Data Protection Policy, which sets safeguards for processing sensitive and personal data, strengthens protection of children's information, and is described as the foundation for a future National Privacy and Personal Data Protection law. The government also signalled an intention to accede to the Council of Europe Convention 108+ on automatic processing of personal data: per Prime Minister Rabuka, "Fiji will take steps to accede to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108+), aligning national efforts with international standards." A binding statute and any privacy regulator are still to come.
Online Safety Act 2018 and the Online Safety Commission
The Online Safety Act 2018 created the Online Safety Commission, an independent body that promotes online safety and addresses harmful electronic communication. It can receive and investigate complaints, seek removal of offending material and direct people to High Court remedies. This is the closest thing Fiji has to a dedicated online content regulator, and it is directly relevant to AI generated content, deepfakes and image based abuse. The Act is under review: in a ministerial statement, Minister Kamikamica noted that the 2018 Act "requires biennial review, yet none has occurred", and that "The Online Safety Commission is already working in close collaboration with the Fiji Law Reform Commission, the AG's Office and my Ministry to prepare for this important process", which may include a possible duty of care on platforms.
Cybercrime Act 2021
The Cybercrime Act 2021 criminalises unauthorised access, interception and interference with computer data and systems, and aligns Fiji with the Council of Europe Budapest Convention. Fiji acceded to that Convention on 20 June 2024 in Strasbourg, alongside Benin and Kiribati, bringing the treaty to 75 Parties. The Act defines computer data broadly enough to capture personal data held in a system. It is not a data protection or AI law, but it governs the security and misuse dimension that AI systems sit inside.
Telecoms, competition and consumer regulators
The Telecommunications Authority of Fiji regulates the communications sector under the Telecommunications Promulgation 2008. The Fijian Competition and Consumer Commission and the Consumer Council of Fiji address competition and consumer protection. The Reserve Bank of Fiji issued a Protection of Consumer Data and Privacy guideline for financial service providers in 2024. None of these is an AI regulator, but each can reach AI enabled services within its remit. The Ministry responsible for communications and the Digital Government Transformation Office lead digital policy.
The National Digital Strategy 2025 to 2030
The National Digital Strategy 2025 to 2030, Fiji's first, is published by the Ministry of Trade, Co-operatives, Micro, Small and Medium Enterprises and Communications through the Digital Government Transformation Office. It treats AI as an emerging technology to be adopted across government and the economy, and it commits to developing a National AI Framework to, in the document's words, "address ethical use, data privacy, accountability, and governance of AI systems", alongside a review and development of a data protection legal framework. The roadmap sequences foundational steps first (a cybersecurity strategy and a data protection review) and a national AI framework later in the period. Minister Kamikamica has framed this as one of three planned frameworks (Privacy and Personal Data Protection, National Cloud Policy and National AI Policy), with the AI policy expected to be completed within two years of his 2025 statement.
Pacific, Forum and Commonwealth context
Fiji is a small island developing state, a member of the Pacific Islands Forum and a Commonwealth member. There is no unified Pacific Islands Forum data protection or AI framework. Fiji participates in regional cyber networks such as PaCSON and PILON, has received UNESCO support for human centric digital policy, and co-sponsored the 2024 UN General Assembly resolution on safe, secure and trustworthy AI. Regional analysts position Fiji as a likely Pacific digital hub but note that no Pacific Island country had published a standalone national AI strategy at the time of writing.
Examples
A social media platform receives a complaint that an AI generated deepfake image of a Fijian is circulating. The route to redress is the Online Safety Commission under the Online Safety Act 2018, which can investigate and seek removal, and the High Court, rather than any AI specific law.
A bank in Fiji deploys an AI chatbot and an AI scoring model using customer data. It must work within the constitutional privacy right, the Reserve Bank of Fiji's 2024 Protection of Consumer Data and Privacy guideline for financial service providers, and confidentiality duties under the Banking Act 1995, and it should anticipate the privacy statute foreshadowed by the October 2025 policy.
A government agency pilots an AI service on the digitalFIJI platform. Its guardrails today come from the National Digital Strategy's governance commitments, the Cybercrime Act 2021 for system security, and constitutional privacy, with a dedicated National AI Framework and data protection statute still in development rather than in force.
Common misunderstandings
"Fiji has an AI law." It does not. There is no dedicated AI statute and no AI regulator; governance is via general law plus policy documents that signal future rules.
"Fiji already has a GDPR style data protection act." It does not. Comprehensive data protection legislation is foreshadowed by the October 2025 policy but has not been enacted; protection currently rests on the Constitution and sector specific duties.
"The Online Safety Commission regulates AI." It regulates harmful electronic communication, which can include AI generated content, but it is not a general AI regulator and cannot license or audit AI systems as such.
"There is nothing to comply with, so anything goes." Wrong. Constitutional privacy, the Cybercrime Act, sector regulator rules and consumer protection all apply now, regardless of the absence of an AI specific regime.
"A Privacy Act 2021 governs data in Fiji." This is a common error in secondary write ups. There is no enacted Fijian Privacy Act 2021; the relevant 2021 statute is the Cybercrime Act, and privacy specific legislation remains in development.
Risks and boundaries
This article describes governance architecture, not legal advice. The central caveat is that much of Fiji's AI relevant framework is pending rather than in force. The National Privacy and Personal Data Protection Policy is a Cabinet endorsed policy, not a statute; the promised privacy legislation, any privacy regulator, accession to Convention 108+ and the National AI Framework are all planned and could change in scope or timing. The National Digital Strategy is a roadmap; year by year milestones are intentions. The Online Safety Act is under active review, so its powers may expand. What is confirmed today is the constitutional privacy right, the Online Safety Act 2018, the Cybercrime Act 2021 and the 20 June 2024 Budapest Convention accession, sector confidentiality duties and the Reserve Bank guideline. Specific penalty figures and effective dates for forthcoming instruments should be verified against primary sources before reliance.
What to do next
Treat the constitutional privacy right and sector rules as your live baseline, and do not wait for an AI statute to put governance in place. Map where your AI systems touch personal data, communications and consumers, and identify which existing regulator (Online Safety Commission, Telecommunications Authority of Fiji, Fijian Competition and Consumer Commission, Reserve Bank of Fiji) could reach each system. Design now for transparency, consent, human oversight and record keeping, in line with the direction of the October 2025 privacy policy, so you are ready for the expected privacy statute and National AI Framework. Watch three triggers that should change your plans: enactment of the privacy legislation, publication of the National AI Framework, and any amendment to the Online Safety Act. For cross border services, track Fiji's stated intention to accede to Convention 108+, which would raise transfer expectations.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Fiji have an AI law?
No. As of mid 2026 there is no dedicated AI statute and no AI regulator in Fiji. AI is governed indirectly through general law and through policy documents that signal future rules.
Is there a data protection law in Fiji?
Not a comprehensive one yet. Protection rests on the 2013 Constitution's privacy right and sector specific confidentiality duties. A National Privacy and Personal Data Protection Policy was endorsed by Cabinet in October 2025 as the foundation for future legislation.
Who regulates online content and harm in Fiji?
The Online Safety Commission under the Online Safety Act 2018. It addresses harmful electronic communication, which can include AI generated content such as deepfakes, and it can seek removal and refer matters to the High Court.
What does the National Digital Strategy say about AI?
The National Digital Strategy 2025 to 2030 treats AI as an emerging technology and commits to developing a National AI Framework covering ethical use, data privacy, accountability and governance, alongside a data protection legal framework.
Has Fiji joined any international frameworks relevant to AI and data?
Fiji acceded to the Council of Europe Budapest Convention on Cybercrime on 20 June 2024 and has signalled an intention to accede to Convention 108+ on automatic processing of personal data. It co-sponsored the 2024 UN resolution on safe AI.
Does the Cybercrime Act 2021 regulate AI?
Not specifically. It criminalises unauthorised access to and interference with computer data and systems, which governs the security dimension of AI systems, but it is not a data protection or AI law.
Is there a Pacific regional AI rulebook Fiji must follow?
No. There is no unified Pacific Islands Forum data protection or AI framework. Fiji participates in regional cyber cooperation networks and receives donor and UNESCO support, but AI governance remains national.
What should organisations do now?
Comply with constitutional privacy, the Cybercrime Act and sector regulator rules, design AI systems for transparency and accountability, and prepare for the privacy statute and National AI Framework that are in development.