What is AI regulation in Samoa?
AI regulation: countries and regions
Samoa has no dedicated AI law or strategy. AI use is governed under its existing ICT and data rules. Its draft National ICT Policy 2025-2030 focuses on digital infrastructure, data privacy and trust. Data protection comes from the Privacy Act 2013 and the new Digital ID Act. In practice, AI must comply with general privacy, telecom and cyber laws. Samoa also supports international AI ethics principles (e.g. UNESCO's 2021 Recommendation), though these are not binding law.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
Samoa currently has no AI-specific law or formal regulation. Instead, any AI applications are covered by its broad digital and data frameworks. The government's draft ICT Policy (2025-2030) stresses digital access, "trust and safety," and responsible data use. For example, Samoa has launched a national digital ID system with built-in privacy protections, and it has held workshops (with UNDP support) on AI trust and safety.
In effect, organisations in Samoa must follow general laws when using AI. The *Privacy Act 2013* and related guidelines protect personal information. The 2024 *National Digital Identification Act* adds rights for individuals and requires notifying people if automated profiling or data breaches occur. Sector regulators (e.g. telecom, broadcasting, finance) apply their usual rules to any AI systems in those fields. Samoa also endorses global AI ethics principles (like UNESCO's Recommendation) as guidance, but these principles currently inform policy rather than impose legal duties.
Why it matters
Even without an AI-specific law, deploying AI in Samoa has real consequences. Any AI processing personal data must comply with Samoa's privacy laws. For instance, under the Digital ID Act, organisations must notify affected people of any data breach or if they use automated profiling. Failing to protect data or misusing AI (e.g. causing biased decisions) could trigger liability under existing laws. Likewise, cybersecurity and fraud provisions still apply: a 2017 Samoan court case punished unauthorized electronic access under the Crimes Act. In short, businesses should apply strong data governance and ethical safeguards now. This builds trust and ensures they meet Samoa's legal and cultural expectations as AI becomes more common.
How it works
Digital Strategy and Oversight
Samoa's government treats AI as part of its broader digital agenda. Its *Samoa 2040* plan and the draft National ICT Policy 2025-2030 highlight the digital economy and infrastructure. The new policy is built on pillars like connectivity, a secure digital government, and trust. It reinforces the MCIT's role in guiding tech development, including projects like the National Digital Identification System. The government has also engaged stakeholders through workshops (e.g. on AI risks and trust). These efforts indicate Samoa is positioning AI within its national ICT framework, even as formal rules are still in development.
Data Protection and Privacy
AI in Samoa must comply with the country's data protection laws. The *Privacy Act 2013* (administered by the Ombudsman's office) sets basic rules for handling personal information. More recently, the *National Digital Identification Act 2024* establishes data rights for the digital ID system. For example, the NDID Act requires those handling ID data to notify individuals of any data breach and to inform them if automated profiling or decision-making is applied. In practice, this means any AI system using personal data must follow these notice, consent and security provisions. Data Protection Guidelines (2020) further elaborate privacy duties, but no separate "AI law" exists to cover algorithms or bias specifically.
Sectoral Regulation
Samoa relies on its sectoral laws to cover AI applications. The Office of the Regulator (OOTR) oversees telecommunications, broadcasting, postal and electricity sectors. Any AI services in those areas must meet licensing and consumer protection rules under the Telecommunications Act 2005, Broadcasting Act 2010, etc. For instance, a telecom operator using AI for network management or customer service must still comply with quality-of-service and data-handling obligations. Similarly, financial regulators would expect banks and fintech firms to manage AI-driven services under existing financial laws (e.g. anti-money-laundering rules). There is no separate regulatory body for AI - sector regulators enforce compliance with the laws relevant to their domain.
Cybersecurity and Safety
AI introduces security and fraud concerns, which Samoa addresses through its cyber laws. The National Cybersecurity Strategy (2016-2021) highlights threats to national ICT systems. Importantly, Samoa's Crimes Act is used to prosecute cybercrimes. In *Police v Zhong (2017)*, the courts applied section 207 of the Crimes Act (unauthorised access to an electronic system) to convict defendants in an ATM fraud case. Likewise, an AI-powered attack or scam would be treated as a cybercrime under those same laws. The MCIT's emphasis on "trust and safety" (e.g. recent workshops on AI risk) shows an ongoing focus on securing AI use. A planned Computer Misuse Act (drafted for 2026) may further strengthen rules against digital fraud in the near future.
International and Regional Context
International standards help shape Samoa's approach even without local AI laws. Samoa is a member of UNESCO and thus supports the *Recommendation on the Ethics of AI* (2021). This is a non-binding framework promoting human rights, transparency, fairness and safety in AI. Samoa also participates in Pacific ICT dialogues, but there is currently no Pacific-wide AI regulation. In practice, Samoa's strategy is to align with global guidance (UNESCO, Commonwealth, UN) and adapt general best practices. For example, following OECD principles or UN AI guidelines can complement Samoa's own policies. However, these are voluntary: only domestic legislation (like the Privacy Act and cyber laws) is enforceable in Samoa.
Examples
- **Government AI in identification:** Samoa's new National Digital ID system uses biometric data and could incorporate AI for verifying identities. If it does, existing law applies. Under the NDID Act, officials must notify people if their data is used in automated profiling or decision-making. The Act also requires any personal data breach to be reported to affected individuals. For example, if the ID system's AI had a security lapse, the government would have to follow those notification rules. These requirements ensure transparency and accountability even without a separate AI law.
- **AI in cybercrime:** Consider a scenario where AI is used to facilitate fraud against Samoan banks or citizens. Samoa does not have a specific AI crime, but existing cybercrime laws cover the conduct. In *Police v Zhong (2017)*, Samoa's courts convicted offenders for unlawfully accessing ATM systems using the Crimes Act (section 207 on unauthorized electronic access). By analogy, an AI-driven hack or scam would be prosecuted under the same provisions. This means anyone using AI maliciously - for identity theft, hacking or fraud - can be charged under Samoa's general computer crime laws.
- **AI in private sector services:** If a Samoan company uses AI for customer interactions or marketing, it still must comply with privacy and consumer laws. For instance, an e-commerce website with an AI chatbot must handle personal data according to the Privacy Act. While there is no Samoa law requiring AI disclosures, good practice (echoing UNESCO guidelines) would be to be transparent with users about automated decisions. If an AI-enabled marketing tool spams users without consent, it could violate Samoa's data rules. In essence, these scenarios show that existing regulations - not new AI rules - define the boundaries for AI's use.
Common misunderstandings
- **"Samoa already has an AI law."** Not true. Samoa has not passed any AI-specific legislation. So it's incorrect to assume there is a dedicated AI Act or regulation at this time. - **"No regulation means anything goes."** Also incorrect. Existing laws still apply. For example, the Privacy Act protects personal data, and cybercrime laws punish abuse. AI systems must follow these general rules even though no AI law exists. - **"Privacy law solves all AI problems."** Privacy rules cover data handling, but they don't address algorithmic issues like fairness or transparency. Samoa's laws focus on data protection and security. Ethical concerns (like bias) aren't directly regulated, although UNESCO principles encourage addressing them. - **"International AI rules are binding in Samoa."** Samoa respects international guidelines, but they are voluntary. The UNESCO Recommendation on AI ethics and similar UN frameworks are not domestic law. They serve as guidance for policy rather than enforceable requirements.
Risks and boundaries
AI "regulation" in Samoa is really just its existing tech laws. It's important to not confuse the two. For instance, compliance requirements stem from laws on data, telecoms and cybercrime, not from an AI Act. This means AI developers must map their tools to those existing rules. One boundary is that, without specific AI statutes, there's currently no government agency in Samoa solely focused on AI oversight - but multiple institutions (MCIT, OOTR, Ombudsman, etc.) share related responsibilities. Another limit is that international instruments (like UNESCO's AI ethics) have no legal teeth locally, so they cannot be directly enforced. Finally, any future changes (for example, Samoa drafting a Computer Misuse Act around 2026) would update the legal picture, but until then AI fits within broad technology laws.
What to do next
Organisations and policymakers should proactively prepare for AI's arrival, even without new laws yet. This means: - **Audit AI projects:** Review data use under the Privacy Act and the NDID Act (especially if using biometric ID data) and put strong safeguards in place. - **Align with best practices:** Adopt international AI principles (fairness, transparency, safety) voluntarily. For example, consider following UNESCO's AI ethics guidelines and establish internal review processes. - **Engage with regulators:** Participate in public consultations on Samoa's ICT policy or any upcoming tech laws. Stay in touch with the Office of the Regulator and MCIT to understand requirements. - **Build skills and policies:** Train staff on privacy, cybersecurity and ethical AI usage. Develop corporate AI governance documents (code of ethics, risk assessments). - **Monitor developments:** Watch for new legislation (like a Computer Misuse Act or updates to the Privacy Act) and adapt quickly. Ensuring compliance with current laws will ease transition if and when AI-specific regulations do appear.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
*Does Samoa have a law that specifically regulates AI?*
No. Samoa has not passed an AI-specific law or regulation. AI systems are treated under its existing laws on privacy, data, telecommunications, and cybercrime.
*How does Samoa protect data used in AI systems?*
Personal data is protected by the Privacy Act 2013 (administered by the Ombudsman) and by the 2024 National Digital Identification Act for the national ID system. These laws require informed consent, data security, and notification of breaches. AI systems must follow these rules when handling people's information.
*Which government agency oversees AI in Samoa?*
No single agency is dedicated to AI. The Ministry of Communications & IT (MCIT) leads on ICT policy. The Office of the Regulator handles telecommunications and broadcasting matters. The Ombudsman oversees privacy issues, and law enforcement handles cybercrime. All could become involved if an AI-related issue falls under their mandate.
*Are international AI ethics standards enforceable in Samoa?*
International standards like UNESCO's AI ethics recommendation guide Samoa's policy, but they are not law in Samoa. They encourage good practice (fairness, transparency) but do not carry legal force. Only Samoa's own legislation (privacy, telecoms, etc.) can be enforced in court.
*What happens if an AI system causes harm (e.g. bias or discrimination)?*
Samoa has no special law for AI harm. Affected individuals would rely on existing legal protections - for example, general human rights or consumer laws. Bias or unfair decisions are not explicitly outlawed for AI, but other remedies (like customer complaints, reputational risk or contract law) would apply. It's wise for providers to follow fairness principles proactively.
*How should companies prepare for AI now?*
Companies should ensure any AI use complies with current laws (e.g., secure personal data, prevent fraud). They should implement ethical guidelines internally, conduct impact assessments, and stay alert to government updates. Engaging with regulators and keeping an eye on Samoan and global policy trends will help them adapt when new AI rules do come.