What is AI regulation in Grenada?
AI regulation: countries and regions
Grenada has no dedicated artificial intelligence law, no AI regulator and no published national AI strategy as of June 2026. AI is governed indirectly through laws of general application. The Data Protection Act, No. 1 of 2023 was passed and assented to but is not yet in force, awaiting a ministerial commencement order, and its Information Commission has not been constituted. Regional bodies (OECS, ECCU and CARICOM) are developing harmonised data and AI policy.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
Grenada is a small Eastern Caribbean state that has not enacted any law written specifically for artificial intelligence. There is no AI Act, no statutory risk tiers, and no national AI strategy document. Anyone deploying AI in Grenada is governed by laws of general application: contract, negligence, consumer protection, the Electronic Transactions Act, the Electronic Crimes Act 2013, and, once it is commenced, the Data Protection Act, No. 1 of 2023.
The Data Protection Act, No. 1 of 2023 is the closest thing Grenada has to a rulebook for automated processing of personal data, but it is not yet operational. It was passed by the House of Representatives on 14 March 2023, passed by the Senate on 6 April 2023, assented to by Deputy Governor-General Dessima Williams on 9 May 2023, and published in an Extraordinary Gazette on 10 May 2023. Section 1(2) provides that the Act comes into operation on a day appointed by the Minister by Order in the Gazette. No such commencement order has been located, so the Act and its Information Commission are not yet in force.
Grenada's digital agenda is therefore driven mainly by policy and regional cooperation rather than binding AI rules. The Division of ICT in the Cabinet Office leads digital transformation, supported by the World Bank-financed Caribbean Digital Transformation Project, while initiatives at OECS, ECCU and CARICOM level are shaping the future direction of data and AI governance.
Why it matters
Organisations deploying AI in Grenada operate in a low-specificity environment: there is no AI-specific compliance regime to map against, but neither is there a safe harbour. General duties (consumer protection, confidentiality, the law of negligence, and the Electronic Crimes Act 2013) still apply to AI-driven decisions. The Data Protection Act, once commenced, will impose consent, purpose limitation, security and data-subject-rights duties enforced by an Information Commission. Financial institutions face nearer-term privacy-style duties through Eastern Caribbean Currency Union (ECCU) banking reforms. Multinationals should also note that the Act, when in force, has potential extraterritorial reach over persons who use equipment or network services in Grenada to process personal data.
How it works
No dedicated AI statute or regulator
There is no AI law and no AI authority in Grenada. AI is governed by laws of general application and by sector rules. The National Telecommunications Regulatory Commission (NTRC), established under the Telecommunications Act 31 of 2000 and the Eastern Caribbean Telecommunications Authority (ECTEL) Treaty, regulates the communications sector; it is not an AI regulator.
The Data Protection Act, No. 1 of 2023 (not yet in force)
The Act promotes the protection of personal data processed by public and private bodies and provides for the establishment of an Information Commission. It sets out data protection principles (a general or consent principle, notice and choice, disclosure, security, retention, data integrity and access) and data-subject rights including access and rectification. Penalties for individuals are up to EC$50,000 or three years imprisonment on summary conviction and up to EC$100,000 or five years on indictment; for bodies corporate the figures are up to EC$250,000 (summary) and up to EC$500,000 (indictment). Commencement depends on a ministerial order in the Gazette, which has not been issued. The Bill was sponsored by Senator the Honourable Claudette Joseph, Grenada's Attorney-General and Minister for Legal Affairs, who is the responsible minister.
Adjacent statutes
The Electronic Transactions Act provides legal recognition for electronic records and signatures. The Electronic Crimes Act 2013 creates cyber offences. Grenada deposited its instrument of accession to the Budapest Convention on Cybercrime on 22 April 2024, becoming the 72nd State Party and the first OECS and CARICOM member to do so.
Regional layer: OECS, ECCU and CARICOM
The OECS has run a workstream to draft harmonised data protection legislation for the ECCU under the Caribbean Digital Transformation Project, including consideration of a shared regional data protection authority. The Eastern Caribbean Central Bank (ECCB) published policy considerations for ECCU data protection and privacy legislation on 3 March 2025. At CARICOM level, the CTU Caribbean AI Task Force (CAITF), chaired by Dr Craig Ramlal of the University of the West Indies and drawing on a multidisciplinary group of more than thirty-five experts, released an Interim Report titled "Toward Harmonised AI Policies and Recommendations for the Caribbean" on 13 December 2025, responding to a mandate approved at the CTU's 31st General Conference of Ministers in October 2025; a Final Report is due at a CTU Caribbean AI Forum in 2026. The earlier UNESCO Caribbean Artificial Intelligence Policy Roadmap (published June 2021), developed through consultations spanning 20 Caribbean countries and anchored in the 2021 UNESCO Recommendation on the Ethics of Artificial Intelligence, set out four pillars: Culture and Creativity; Governance and Transformation; Education and Upskilling; and Resiliency and Sustainability. These instruments are advisory; they are not binding law in Grenada.
Examples
1. A Grenadian bank deploying an AI credit-scoring tool cannot yet be enforced against under the Data Protection Act, because it is not in force. ECCU banking reforms, however, are expected to require financial institutions to protect non-public customer data, publish written privacy policies and limit processing to disclosed purposes, with the ECCB as conduct regulator.
2. A government ministry piloting AI in public administration relies on the National Sustainable Development Plan 2020 to 2035 and the Division of ICT's agenda rather than on any AI statute; data handling defaults to general confidentiality and security expectations until the Data Protection Act commences.
3. A foreign software vendor that uses equipment or network services in Grenada to process personal data would, once the Act is in force, fall within its scope and would need to nominate a representative established in Grenada.
Common misunderstandings
1. "Grenada has an AI law." It does not. There is no AI-specific statute, no statutory risk tiers and no published national AI strategy.
2. "The Data Protection Act is already enforceable." It was passed and assented to in 2023 but is not yet in force; no commencement order has been issued.
3. "There is an operating data protection regulator." The Information Commission exists on paper in the Act, but it has not been constituted and is not operational.
4. "Regional roadmaps are binding." The CTU and UNESCO instruments are advisory; they are not law in Grenada.
5. "The NTRC regulates AI." The NTRC regulates telecommunications under the Telecommunications Act and the ECTEL Treaty, not artificial intelligence.
Risks and boundaries
The single biggest uncertainty is commencement timing: the Data Protection Act could be brought into force at any time by ministerial order, switching on data protection duties and an Information Commission relatively quickly. The Act also has gaps, notably no clear regime for international data transfers. Regional harmonisation could change the architecture, for example through a shared ECCU data protection authority or CARICOM model AI laws. This article describes durable architecture, duties and institutions rather than transient effective dates; the legal status should be verified against the Government Gazette before any organisation relies on it. What is confirmed: there is no AI law and the Data Protection Act is not in force. What is pending: a commencement order, the constitution of the Information Commission, ECCU banking reforms and regional AI policy. What could change: any of these, at short notice.
What to do next
Treat the Data Protection Act as imminent rather than dormant, and build consent, purpose-limitation, security and data-subject-rights processes now so that commencement does not catch you unprepared. Map your personal data flows, especially for customer onboarding, credit assessment and any automated decisioning. Financial institutions should prepare for ECCB conduct rules and the prospect of oversight from both the ECCB and a future Information Commission. Monitor the Government Gazette for a commencement order and watch the CTU Caribbean AI Forum 2026 for regional direction. In the absence of binding AI rules, adopt recognised AI governance and impact-assessment practices voluntarily as a defensible baseline.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Grenada have an AI law?
No. As of June 2026 Grenada has no dedicated AI statute, no AI regulator and no published national AI strategy.
Is the Data Protection Act, No. 1 of 2023 in force?
No. It was assented to in May 2023 but has not been commenced; it awaits a ministerial order in the Gazette.
Is there a data protection authority in Grenada?
The Act provides for an Information Commission, but it has not been constituted and is not operational.
What laws apply to AI in Grenada now?
Laws of general application apply, including contract, negligence, consumer protection, the Electronic Transactions Act and the Electronic Crimes Act 2013.
What is the regional picture?
The OECS, ECCU and CARICOM are developing harmonised data protection and AI governance; the CTU Caribbean AI Task Force released an interim report on 13 December 2025 and a final report is due at a Caribbean AI Forum in 2026.
Who is the responsible minister for data protection?
The Attorney-General, Senator the Honourable Claudette Joseph, who sponsored the Bill, is the responsible minister.
Will the Act apply to foreign companies?
Once in force, it can apply to persons who use equipment or network services in Grenada to process personal data, who would need to nominate a local representative.