Digital Transformation in Vanuatu: What’s in store for Vanuatu’s digital future?

21 hours ago
4 min read

Key takeaways

The Digital Transformation Act 2025 (Act) sets an ambitious digital transformation agenda but its practical implementation is uncertain.
The new ICT permit system may create uncertainty for businesses due to unclear regulatory requirements.
Centralised cybersecurity reporting will require stronger technical capability and clear protocols.

The foundations of Vanuatu’s digital reform

In November 2025, the Parliament of Vanuatu unanimously passed the Digital Transformation Act 2025 (Act), signalling its ambition to move towards a centralised, regulated and security focused digital state. In the explanatory note, the Government indicates that the Act intends “to consolidate existing functions and to introduce new legal mechanisms in order to support innovation in terms of e-governance, cybersecurity, digital public infrastructures, digital inclusion and the overall digital economy”. While this policy vision is expansive, the legislation itself raises questions about how these objectives will translate into tangible outcomes.

The Act’s mandate

The Act defines “digital transformation” not only as an operational process, but also a cultural one, [1] aligned with its aim to consolidate several national strategies into a digital governance ecosystem.

The Act creates a Department of Communications and Digital Transformation (Department) to implement this agenda, with a broad mandate to:

formulate and enforce national digital policies and strategies;
coordinate and audit government Information, Communications and Technology (ICT) projects for compliance with technical/ security standards;
oversee e-government initiatives and manage cyber threats; and
enforce interoperability across government networks (e.g. broadband, data centres, the .gov.vu domain). [2]

The functions and powers of the Department assume a level of institutional capacity and technical expertise that may not currently exist, and it is unclear whether the Department can fulfil this role in practice.

The National Digital Transformation Steering Committee (Committee) is tasked with ensuring the “national Digital Transformation vision” aligns with Vanuatu’s national development goals. [3] The Committee comprises Director Generals across key government departments including Finance, Foreign Affairs, Internal Affairs and Infrastructure, the Telecommunications Regulator, the CEO of the new Digital Safety Authority established under the Digital Safety Authority Act No.15 of 2024, a representative of the Reserve Bank, ICT industry representatives, and a Civil Society representative. [4] The composition ensures collaboration across sectors to support coherency. However, the functions of the proposed committee are broad and indeterminate, which raises questions as to how this vision will become a reality.

ICT service permits

The Act regulates ICT providers via a permit system. Any business offering telecommunications, cloud, software, hardware, cybersecurity or related digital services must hold a valid permit to carry on business as an ICT service provider. [5] The legislation contemplates an extensive list of permit categories, namely for:

ICT companies;
telecommunication providers;
cloud providers;
software vendors;
hardware vendors;
ICT consultancies;
internal ICT departments;
virtual asset services;
e-commerce and commercial multimedia streaming providers;
cyber security operation centre services;
offshore digital service providers;
artificial intelligence (AI) and AI-related data services; and
cybersecurity governance, risk and compliance services. [6]

The differentiation between each category is likely to be operationalised through Regulations that will prescribe technical and security requirements to set minimum standards of operation.

However, it is yet to be seen how the permits will be issued and compliance enforced. As we have observed in other Pacific jurisdictions, there is significant pressure from IT infrastructure providers such as telcos for some of the regulatory and financial burden of operating national ICT infrastructure be placed on offshore over the top service providers. Unfortunately, implementation of large scale reforms usually fails to eventuate in enforceable licensing procedures and regulation.

Further, the introduction of the permit system in the absence of corresponding Regulations could create uncertainty for businesses that will be required to navigate compliance obligations that are not sufficiently defined. This may stifle the operations of small businesses in particular, that will face barriers to obtaining a permit or complying with its conditions.

Cybersecurity incident reporting

The Act also centralises cybersecurity governance. In the case of any incident affecting government services, critical infrastructure or supply chain services that:

threatens or potentially jeopardises, the confidentiality, integrity or availability of a network, an information system or the information that a system processes, stores, or communicates; or
violates or threatens to violate security policy, security procedures, or acceptable use policies; [7]

The Director must make an incident report to the Minister and the National Security Council within 72 hours of the incident being identified. [8] This expectation of rapid response to cyber threats will have to be met with clear reporting mechanisms, response protocols and the technical capacity.

Next steps

In its current form, the Act is largely aspirational, and its operative provisions may only be effective if the Department has the capacity and funding to carry out its governance functions, adopt a robust regulatory framework and translate its cyber security strategy into a clear protocol. Although the Act is not currently in force as it is yet to be gazetted, it seems to raise more questions than it answers in Vanuatu’s path to achieving the digital transformation outcomes promised.

Need help?

If you would like to understand how the Digital Transformation Act 2025 may impact your organisation, our team is here to help. Contact our lawyers today to discuss how to position your business for Vanuatu’s evolving digital landscape.