AI Regulation in Costa Rica: Emerging Policy & Compliance

Costa Rica is positioning itself as Central America’s pioneer in responsible AI governance. With the launch of its National Artificial Intelligence Strategy (ENIA 2024–2027), the country has taken decisive steps to embed ethics, transparency, and inclusion into AI development. For businesses, understanding Costa Rica’s evolving regulatory landscape is essential for aligning AI operations with both domestic law and global standards.

 

The Evolution of Costa Rica’s AI Framework

Costa Rica’s approach to digital transformation has matured steadily over the last decade. The Ministry of Science, Innovation, Technology and Telecommunications (MICITT) initiated digital-government and ICT policies that later formed the foundation for national AI governance. In 2020, the National Laboratory for Artificial Intelligence (LANIA) was established in partnership with the National High Technology Center (CENAT), promoting AI-driven innovation in public services and national research. The government officially launched the ENIA 2024–2027, becoming the first Central American nation with a dedicated national AI strategy. The plan outlines a multi-pillar roadmap to guide AI deployment, capacity-building, and regulatory readiness. (Consortium Legal, 2025). Costa Rica’s progress is now indexed by the OECD in its international AI policy dashboard, recognising the country’s model for ethical, human-centred AI governance. (OECD AI Policy Observatory, 2025). Together, these developments reflect Costa Rica’s ambition to blend innovation and oversight - establishing the legal, technical, and ethical foundations for AI systems that are trusted and inclusive.

 

 

Key Components of Costa Rica’s AI Regulatory Approach

Following are the notable components when we discuss about Costa Rica’s approach towards AI regulation:

1. Ethical Principles and Human-Centred AI

At the heart of ENIA lies a commitment to ethics, transparency, fairness, and inclusion. The strategy ensures that AI supports human dignity and social wellbeing, not just technological advancement. This principle-driven model mirrors global frameworks such as the OECD AI Principles and the UNESCO Recommendation on the Ethics of AI.

 

2. Technical Infrastructure and Capacity-Building

Costa Rica recognises that regulation must be supported by digital infrastructure and skilled human capital. The ENIA roadmap includes:

• Nationwide 5G expansion and digital government platforms to enable AI readiness.
• A proposed National Centre of Excellence for AI, serving as a hub for testing, research, and governance coordination.
• Training initiatives across academia and the public sector to enhance AI literacy and regulatory capability.

These measures ensure that ethical AI is matched by technological and institutional capacity.

 

​3. Regulatory Framework and Risk Management

While Costa Rica does not yet have a standalone AI law, the ENIA embeds regulatory mechanisms across existing digital frameworks:

• Proactive risk-management through algorithmic transparency, human oversight, and bias auditing.
• Data governance and cybersecurity as foundational pillars for AI assurance.
• Alignment with international standards and best practices, including ISO/IEC 42001 and OECD AI frameworks.

This integrated approach reflects Costa Rica’s preference for governance through coordination rather than isolated legislation - a practical model for emerging economies.

 

Data Protection, Privacy, and Compliance

​Costa Rica’s AI governance is underpinned by its long-standing data-protection framework:

1. Law No. 8968 – Protection in the Handling of Personal Data of Individuals.
2. Law No. 7975 – Undisclosed Information Law (prohibiting unauthorised disclosure of personal or confidential data).

Both are enforced by the Agency for the Protection of Individuals’ Data (PRODHAB). In 2025, the Costa Rican Congress is reviewing Bill No. 23097, which seeks to align the national data-protection regime with the EU GDPR. If adopted, this reform expected to enter into force by 2026 — will strengthen obligations on data controllers and AI developers, expanding rights to transparency, erasure, and algorithmic accountability. For companies operating AI systems in Costa Rica, this means preparing for:

• Stricter data-minimisation and purpose-limitation rules.
• Enhanced cross-border data-transfer controls.
• Greater documentation and auditability of AI models handling personal data.

​

International Alignment and Global Positioning

Costa Rica’s AI governance is intentionally global in scope:

• It participates in the OECD AI Governance Committee and Global Partnership on AI (GPAI).
• It is promoting a regional hub model, encouraging responsible-AI investment across Latin America.
• The government’s branding initiative, Essential Costa Rica, integrates AI ethics and sustainability as part of national competitiveness.

By coupling global credibility with domestic readiness, Costa Rica provides a strategic entry point for companies aiming to expand AI operations across the Latin American market.

​

Challenges and Opportunities

Note the following challenges and opportunities when we consider current framework in Costa Rica:

Key Challenges

• Absence of a dedicated AI supervisory authority or audit framework to operationalise ENIA objectives.
• Persistent skills and infrastructure gaps, particularly in rural regions.
• Need for greater inter-agency coordination between MICITT, PRODHAB, and sectoral regulators.

 

Emerging Opportunities

• Regulatory certainty through a national strategy that clearly defines ethics, data, and innovation pathways.
• A bilingual, technically skilled workforce aligned with sustainability goals - ideal for responsible-AI pilots.
• Growing interest from international investors and multinationals seeking a compliant, low-risk AI jurisdiction in Latin America.

For organisations committed to trustworthy innovation, Costa Rica represents both a testing ground and a regional model for human-centred AI governance.

​

Compliance Roadmap for Organisations

To navigate Costa Rica’s evolving AI landscape, organisations should:

1. Monitor policy developments – Track ENIA implementation, MICITT updates, and progress of the GDPR-alignment bill.

2. Embed ethical principles – Design AI systems with fairness, explainability, and human oversight.

3. Strengthen data governance – Map data flows, apply minimisation principles, and establish privacy-by-design controls.

4. Conduct bias and risk assessments – Implement testing and documentation processes for high-impact models.

5. Engage with local partners – Collaborate with Costa Rican institutions and regulators to align governance approaches.

6. Build internal capacity – Train compliance and data-science teams on regional AI-risk and accountability standards.

 

Takeaway

Costa Rica’s AI regulatory environment is moving from policy design to implementation, creating one of the most coherent frameworks in Latin America. For organisations looking to expand responsibly, the country offers both legal clarity and strategic opportunity. By aligning with Costa Rica’s ethical and data-driven governance model today, companies can future-proof their AI operations for the coming wave of regional regulation and contribute to building a trusted, transparent, and human-centred AI ecosystem.

​Start your AI readiness journey with Nemko Digital— talk to our experts and get a risk assessment today.