What is AI regulation in Nauru?
AI regulation: countries and regions
Nauru has no AI-specific law, strategy or regulator. Artificial intelligence is governed indirectly by general instruments: the 1968 Constitution's privacy and protection-of-law provisions, the Cybercrime Act 2015, the Communications and Broadcasting Act 2018 (which created the Nauru Communications Authority), and consumer law. The National Digital Transformation Strategy 2025-2030 flags data protection, cybersecurity and electronic transactions reforms but does not mention AI. Nauru aligns loosely with UNESCO and UN AI instruments.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
AI regulation in Nauru is best understood by what is absent rather than what exists. Nauru, the world's third-smallest state with 11,680 people recorded at its most recent census (conducted on 30 October 2021 by the Nauru Bureau of Statistics), has no statute, bill, regulation or national strategy that targets artificial intelligence, and no dedicated AI authority. It also has no comprehensive data-protection law and no national data-protection regulator. This places it among the many Pacific island states that have recognised AI's importance but have not yet built governance frameworks for it.
In the absence of AI-specific rules, AI in Nauru is governed by laws of general application. The Constitution protects privacy of person and property and the protection of the law. The Cybercrime Act 2015 criminalises unauthorised access, interception and data interference. The Communications and Broadcasting Act 2018 regulates telecommunications, broadcasting and content, and established the sector regulator. Consumer and contract law apply to AI-enabled products like any other product.
Nauru's forward-looking digital document, the National Digital Transformation Strategy 2025-2030, prioritises connectivity, e-government and a digital ID, and commits to legislative reform on data protection, cybersecurity and electronic transactions. It does not name AI at all. So the practical position is: AI is lawful, largely unregulated as a distinct category, and touched only at the edges by general law and by Nauru's broad international commitments.
Why it matters
For organisations, the absence of AI-specific law does not mean the absence of legal risk. It means the risk sits inside older, general instruments that were not designed for AI, and inside a gap where no dedicated remedy or regulator exists. An operator deploying an AI tool in Nauru cannot point to an AI statute for either a safe harbour or a compliance checklist, and a person harmed by an automated decision cannot complain to an AI or data-protection authority because none exists.
This matters in three practical ways. First, because Nauru has no comprehensive data-protection law, the privacy duties most operators assume exist elsewhere (lawful basis, data-subject rights, breach notification) are not codified, so contractual terms, sectoral confidentiality duties and constitutional protections do the work instead. Second, cross-border services that touch Nauruan users may still be caught by stronger foreign regimes through their extraterritorial reach, so the binding constraint is often someone else's law rather than Nauru's. Third, the direction of travel is toward more digital legislation, so the durable question for leaders is how to deploy responsibly now in a way that will survive whatever data-protection and digital rules Nauru adopts next.
How it works
No dedicated AI law or strategy
There is no Nauruan AI Act, no AI bill before Parliament, no national AI strategy and no AI regulator. Nauru's central digital document, the National Digital Transformation Strategy 2025-2030, does not use the words "artificial intelligence" or "AI" anywhere in its text. Its acronym list defines Internet of Things but not AI. This is consistent with the AI Asia Pacific Institute's report "The State of Artificial Intelligence in the Pacific Islands" (August 2024), which found that no Pacific island country had yet published a national AI strategy, with only Fiji and Papua New Guinea making progress on developing theirs, and effort otherwise directed at broader digital and ICT foundations. In regulatory terms, Nauru is a horizontal-gap jurisdiction: it has neither a dedicated horizontal AI law nor AI-specific sectoral rules, so the relevant distinctions between sectoral and horizontal AI regulation, and between risk-based regulation and general law, are mostly theoretical here.
The Constitution as the baseline
The Constitution of Nauru 1968 (as amended) protects fundamental rights in Part II, including protection of the law and protection against being subjected, without consent, to the search of one's person or property or entry on one's premises. These privacy and due-process protections bind the state and provide the highest-level constraint on government use of automated systems, for example in surveillance or administrative decision-making. They are general and untested against AI, and there is no constitutional right framed around automated decisions, data protection or algorithmic fairness.
The instruments that actually bite
Several general statutes are the working law for AI-adjacent activity. The Cybercrime Act 2015 (No. 14 of 2015) criminalises illegal access, illegal interception, and data and system interference, plus computer-related fraud and forgery and child-exploitation offences. It governs misuse of computer systems, including AI-enabled misuse, but is a criminal-enforcement tool, not a governance framework. The Communications and Broadcasting Act 2018 established the Nauru Communications Authority and regulates licensing, spectrum, telecommunications and broadcasting, and includes content-filtering powers and confidentiality duties for subscriber information and communications. The Consumer Protection Act 2024 is relevant to online commerce and consumer rights, and the Command Ridge Virtual Asset Authority Act 2025 created a dedicated authority for virtual-asset service providers, showing Nauru can and does build bespoke regulators when it chooses to, but it has not done so for AI.
Responsible institutions
There is no AI regulator and no data-protection authority. The Department of ICT, under the responsible communications ministry, leads government digital work and implements the digital strategy. The Nauru Communications Authority is the sector regulator for communications and broadcasting. A Cyber Security Awareness Team was established on 29 November 2019 to provide cyber-safety awareness across government. For most AI-specific harms, the practical forum is the ordinary courts applying general law, not a specialist body.
Data protection: a gap, not a regime
Nauru does not have a comprehensive data-protection or privacy law and has no privacy regulator. Personal-data protection appears only in fragments: constitutional privacy, the confidentiality provisions for subscribers in the Communications and Broadcasting Act 2018, and the offence provisions of the Cybercrime Act 2015. Because this article concerns AI governance rather than privacy generally, the key point is narrow: the data-protection scaffolding that underpins AI accountability in most jurisdictions is largely missing here, and the National Digital Transformation Strategy 2025-2030 lists data protection and privacy, cybersecurity and electronic transactions as reform areas still to be legislated.
Regional and international alignment
Nauru is a UNESCO member state (since 1996) and a UN member (since 1999), and is therefore within the scope of the UNESCO Recommendation on the Ethics of Artificial Intelligence, adopted by acclamation by all UNESCO member states in November 2021. That Recommendation is a soft-law instrument that states apply on a voluntary basis; it is not directly enforceable in Nauru and there is no public evidence that Nauru has conducted UNESCO's Readiness Assessment Methodology or implemented the Recommendation domestically. UN General Assembly Resolution A/78/L.49, adopted on 21 March 2024, was sponsored by the United States and co-sponsored by 123 other member states, then adopted by consensus with a bang of the gavel and without a vote, meaning it has the support of all 193 UN member nations. Nauru, as a UN member, is among those that agreed to its adoption, but Nauru was not one of the 123 co-sponsoring states, unlike Pacific neighbours Fiji, Kiribati, the Marshall Islands, Palau and Papua New Guinea. Regionally, Nauru is again a member of the Pacific Islands Forum and is covered by the 2050 Strategy for the Blue Pacific Continent, whose Technology and Connectivity thematic area calls for appropriate regional regulatory arrangements and data sovereignty, but contains no binding AI rules.
Examples
A government department piloting an AI chatbot or automated triage for public services has no AI statute or data-protection law to comply with, but is bound by constitutional privacy and protection-of-law duties, by confidentiality obligations, and in practice by the absence of any complaints mechanism for affected individuals. Regional health guidance stresses national readiness assessment, privacy-by-design and procurement safeguards before scaling, which is a sensible default where domestic law is silent.
A foreign SaaS vendor offering an AI product to Nauruan users will generally find that Nauru imposes few specific obligations, but that stronger foreign regimes, reached through their extraterritorial scope, plus the vendor's own contracts, are the real compliance drivers. Nauru Airlines' own privacy policy, for instance, expressly addresses the EU General Data Protection Regulation, illustrating how external law fills the domestic gap.
A telecommunications or broadcasting operator using AI for network management, content filtering or moderation operates under the Communications and Broadcasting Act 2018 and the Nauru Communications Authority's oversight, including content-filtering powers, rather than under any AI-specific rule.
Common misunderstandings
"Nauru must have some AI rules by now." It does not. There is no AI statute, bill, strategy or regulator, and the national digital strategy does not even mention AI.
"No AI law means no rules at all." General law still applies: constitutional privacy, cybercrime offences, communications regulation, consumer and contract law all bite on AI activity.
"Nauru has data-protection law like the EU." It does not have a comprehensive data-protection law or a privacy regulator; protection is fragmentary and constitutional.
"The UNESCO Recommendation is binding on Nauru." It is soft law applied voluntarily; it is not directly enforceable, and there is no evidence Nauru has implemented it or run the readiness assessment.
"Nauru co-sponsored the UN AI resolution." It did not formally co-sponsor the March 2024 resolution; it is bound only in the sense that the resolution was adopted by consensus of all UN members.
Risks and boundaries
This page describes a jurisdiction with little to govern AI directly, and that should be stated plainly rather than dressed up. The main boundary is that nothing here is AI-specific: there is no risk-tiering, no mandatory impact assessment, no transparency duty, no algorithmic-accountability obligation and no specialist enforcement. Relying on general law leaves clear gaps, especially around automated decision-making, data-subject rights and redress, because there is no data-protection regime or regulator to invoke.
Legal status is also fluid. The National Digital Transformation Strategy 2025-2030 commits to legislating on data protection and privacy, cybersecurity and electronic transactions, so the baseline could change materially within the strategy period, and any future data-protection law would become the most important indirect AI control. Several cited descriptions of Nauruan law come from secondary trackers rather than the statutes themselves, and Nauru's online legal database (RONLAW) should be treated as the authoritative source for current text and effective dates. Finally, this is not legal advice; anyone deploying AI that touches Nauru should verify current law and seek qualified local counsel.
What to do next
Treat Nauru as a thin-law jurisdiction and govern to a higher external standard. Adopt a recognised baseline (for example the UNESCO Recommendation's principles or a mainstream risk-based framework) voluntarily, because no local floor exists and a future data-protection law is signalled.
Map which law actually binds your use case: constitutional privacy for government deployments, the Cybercrime Act 2015 for misuse, the Communications and Broadcasting Act 2018 and the Nauru Communications Authority for communications and content, consumer law for products, and any stronger foreign regime that reaches your users.
Build privacy-by-design and human oversight into deployments now, document data flows and lawful purposes, and keep procurement safeguards, since there is no regulator to backstop you and no statutory data-subject remedy.
Watch for change: the trigger to revisit your posture is the introduction of a Nauruan data-protection, electronic-transactions or cybersecurity bill, any sign Nauru runs a UNESCO readiness assessment, or any Pacific Islands Forum regional AI instrument. Verify current status against RONLAW and official ministry pages before acting.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Nauru have an AI law?
No. There is no AI-specific statute, bill, regulation or national AI strategy, and no AI regulator.
What governs AI in Nauru instead?
Laws of general application: the 1968 Constitution's privacy and protection-of-law provisions, the Cybercrime Act 2015, the Communications and Broadcasting Act 2018, and consumer and contract law.
Is there a data-protection law or privacy regulator?
No. Nauru has no comprehensive data-protection law and no privacy authority; protection is fragmentary, drawn from the Constitution and confidentiality provisions in sector law.
Did Nauru endorse the UNESCO AI Recommendation?
As a UNESCO member it is within the scope of the 2021 Recommendation, which was adopted by all member states, but the Recommendation is voluntary soft law and there is no evidence Nauru has implemented it domestically.
Did Nauru support the UN AI resolution?
The March 2024 UN General Assembly AI resolution was adopted by consensus of all members, so Nauru is among them, but Nauru did not formally co-sponsor it.
Who regulates communications and digital services?
The Nauru Communications Authority under the Communications and Broadcasting Act 2018, with the Department of ICT leading government digital work.
Is AI regulation likely to change soon?
The National Digital Transformation Strategy 2025-2030 commits to new laws on data protection, cybersecurity and electronic transactions, which would indirectly shape AI governance, but no AI-specific law is currently proposed.