What is AI regulation in Trinidad and Tobago?

How it works

No dedicated AI statute yet

Trinidad and Tobago has not enacted an AI-specific law and has not adopted a horizontal, risk-based AI framework. There is no statutory definition of an "AI system" in domestic law, no mandatory conformity assessment, no high-risk classification and no AI regulator. This places the country among the many jurisdictions that govern AI through general law while policy work proceeds.

Data protection law and the Information Commissioner

The central instrument touching AI is the Data Protection Act 2011 (Chapter 22:04). It was only partially proclaimed: Legal Notice 2 of 2012 brought into force Part I and a limited set of Part II and Part III provisions, and section 42(a) and (b) were operationalised in August 2021. The bulk of the enforceable controller obligations and enforcement machinery remain unproclaimed. The Act sets out General Privacy Principles, including consent, purpose limitation, accuracy and security, and it establishes the Office of the Information Commissioner as the intended data protection authority. The Act does not grant rights such as data portability, erasure or a right not to be subject to solely automated decisions, and it does not require privacy by design. Penalties are capped at a fine of up to TTD 50,000 (around US$7,219) and up to three years' imprisonment on summary conviction, which is modest by international standards. A government review in 2018 found the Act inconsistent with international best practice, and stakeholder consultations followed in 2019, but the remaining sections have not been proclaimed. For AI specifically, this matters because the provisions that would most directly discipline profiling and automated processing are not in force.

Cyber and computer-misuse law

The Computer Misuse Act (Chapter 11:17) criminalises unauthorised access, interception, modification and misuse of computer systems and data. It is the live instrument that would apply to AI-enabled intrusion, scraping that involves unauthorised access, or model attacks. A Cybercrime Bill has been proposed repeatedly (2014, 2017 and reintroduced subsequently) to repeal and replace the Computer Misuse Act, but it has not been passed and has attracted sustained criticism from media and press-freedom groups over provisions seen as threatening journalism and legitimate security research. Until it passes, the Computer Misuse Act remains the governing cyber-offences law.

Constitutional and sector rules

The Constitution protects the right of the individual to respect for private and family life, which underpins privacy claims even where statute is incomplete. The Interception of Communications Act regulates lawful interception. Sector regulators also matter: the Telecommunications Authority of Trinidad and Tobago (TATT) regulates telecommunications and broadcasting, sets industry standards and manages spectrum, and the Central Bank of Trinidad and Tobago, with the Trinidad and Tobago Securities and Exchange Commission and the Financial Intelligence Unit, runs a Joint Regulatory Innovation Hub and a Regulatory Sandbox for financial technology, including provisional registration of electronic-money issuers. These sector mechanisms govern AI applications in finance and communications without naming AI.

The National AI Assessment and a future policy

The AI-specific policy layer is being built through the National AI Assessment, led by the Ministry of Public Administration and Artificial Intelligence (MPAAI) with UNESCO and the UNDP. It uses two methodologies: the UNDP AI Landscape Assessment (AILA) and UNESCO's Readiness Assessment Methodology (RAM), which operationalises UNESCO's Recommendation on the Ethics of Artificial Intelligence (2021). The assessment evaluates readiness across dimensions including governance, policy, infrastructure, ethics, institutional capacity and inclusion, and is intended to inform a national AI policy and strategy. The National Digital Transformation Strategy 2024-2027 commits to developing an "AI Policy Strategy" and to supporting the ethical use of emerging technologies, but treats AI as a priority within emerging technologies rather than as a standalone governance pillar.

Regional and international alignment

Trinidad and Tobago is not an adherent to the OECD AI Principles; OECD analysis has grouped it among countries needing significant effort to advance public-sector AI. Its alignment is instead regional and UN-centred. The country participates in CARICOM's digital agenda and the Single ICT Space, and is covered by the UNESCO Caribbean AI Policy Roadmap (2021), published with the Broadcasting Commission of Jamaica and developed through consultation with over 1,000 institutions and individuals across 20 Caribbean countries, structured on four pillars: Culture and Creativity, Governance and Transformation, Upskilling and Education, and Resilience and Sustainability. It also engages the Caribbean Telecommunications Union (CTU) Caribbean AI Task Force, launched on 18 July 2025 and chaired by Dr Craig Ramlal of The University of the West Indies, St. Augustine. That task force released its interim report, "Toward Harmonised AI Policies and Recommendations for the Caribbean," on 13 December 2025, drawing on more than thirty-five experts and a mandate approved at the CTU's 31st General Conference of Ministers in October 2025, and calling for a harmonised, CARICOM-wide AI governance framework that is human-centric, rights-based, inclusive and resilient, supported by model laws and shared oversight. At the hemispheric level, the Organization of American States (OAS) has adopted a declaration and launched an initiative on AI policy frameworks for the Americas. None of these instruments is binding AI law; they are soft-law and coordination frameworks.