The Palau Senate has unanimously approved Senate Bill No. 12-9, SD1, known as the Cybersecurity Act, marking the Republic of Palau’s first comprehensive national framework to strengthen digital security and data protection.
The measure now moves to the House of Delegates for consideration.
The bill seeks to establish a centralised cybersecurity structure to protect public digital infrastructure, secure confidential information, and formalise national cybersecurity governance.
Lawmakers said the measure responds to the growing risks that accompany Palau’s expanding digital transformation.
In its findings, the Senate cited five key reasons for advancing the legislation:
*Growing digital dependence: With the internet now critical to education, commerce, and government services, Palau’s reliance on digital technology has created new vulnerabilities requiring oversight.
*Rising cyber threats: Recent attacks on government agencies exposed inconsistencies in the country’s current cyber defences, prompting the need for a coordinated national system.
*Protection of privacy and digital rights: The bill affirms citizens’ rights to privacy and mandates the secure handling of personal data.
*International alignment: Developed with guidance from cybersecurity experts, including MITRE, the proposal aligns Palau’s approach with global standards and supports regional cooperation.
*Economic trust and resilience: Strengthening cybersecurity is expected to bolster confidence in e-government services and digital transactions, encouraging business growth and innovation.
The Cybersecurity Act outlines five major components:
*Creation of the Bureau of Cybersecurity — The Bureau will operate under the Ministry of Public Infrastructure and Industries, headed by a Chief Information Security Officer (CISO) who will oversee the national cybersecurity strategy and compliance.
*Adoption of national standards — The Bureau is tasked with developing minimum cybersecurity standards, government and private-sector policies, and model incident response plans.
*Data protection and penalties — Agencies must safeguard confidential and personal data. Breaches can result in civil fines up to US$10,000 per violation or up to five years in prison for intentional misconduct.
*Cybersecurity Advisory Committee — This committee, composed of representatives from the Executive and Legislature, will assist in drafting cybersecurity plans and issue bi-monthly reports and recommendations.
*Mandatory breach notification — The Bureau will establish a centralised system for reporting incidents and require agencies to notify affected individuals in the event of a data breach.
A startup appropriation of US$150,000 is allocated to fund the Bureau’s initial operations.
The bill authorises the agency to suspend noncompliant IT projects and coordinate nationwide cybersecurity awareness and training programmes.
The legislation also preserves existing legal liabilities and rights to ensure continuity with prior regulations.
Once enacted, the Cybersecurity Act is expected to strengthen Palau’s digital resilience, build public trust in online systems, and enhance the nation’s capacity to manage emerging cyber threats.
