UPDATE — SEPTEMBER 2025: Since Monaco adopted Act No. 1.054 on personal data protection in November 2024, the principality has moved quickly to implement its new framework, transition institutions, and pursue closer alignment with the European Union. The most visible change came with the creation of the Autorité de Protection des Données Personnelles (APDP), which formally replaced the CCIN in the first half of 2025. The APDP has already begun publishing compliance guidance and clarifications on data protection officer (DPO) requirements, emphasizing independence and professional expertise.

The government has also expanded information and outreach efforts, building on its December 2024 seminar with sector-specific briefings for financial institutions, healthcare providers, and digital service companies. Organizations have responded by appointing DPOs and reviewing internal practices, with children’s data protection, financial compliance, and cross-border transfers identified as enforcement priorities. The new sanctions regime, which allows fines up to €10 million, entered into force in mid-2025, though no major enforcement cases have yet been announced.

On the international front, Monaco has ratified the Council of Europe’s Convention 108+ protocol and, in spring 2025, formally renewed its request for an EU adequacy decision. The European Commission is currently reviewing Monaco’s framework, and while a final decision has not yet been issued, approval would streamline EU–Monaco data flows by removing the need for contractual transfer mechanisms.

ORIGINAL NEWS STORY:

Monaco Modernizes Data Protection Laws to Meet European Standards

The Principality of Monaco has adopted Act No. 1.054 on the protection of personal data, aligning its legislative framework with the highest European standards, including the General Data Protection Regulation (GDPR), the Law Enforcement Directive, and the Council of Europe’s Convention 108. The new law represents a significant step forward in safeguarding personal data in both public and private sectors and enhancing Monaco’s appeal as a digital hub.

The legislation, comprising 118 articles, was passed during the National Council’s session on November 28, 2024. It reflects Monaco’s commitment to adapting to the evolving digital landscape while prioritizing privacy and security. The government expressed gratitude to the National Council for the quality of the debate and cooperation in bringing this landmark legislation to fruition.

The new act introduces several provisions aimed at bolstering data protection and compliance. Highlights include:

• Establishment of a New Authority: A new personal data protection authority (APDP) will replace the existing CCIN, ensuring more robust oversight of data protection practices.

• Strengthened Rights: Enhanced protections for individual data rights, particularly for minors, and a reduction in preliminary declaratory formalities.

• Increased Responsibility: Data processors will face stricter accountability measures, including the appointment of data protection officers.

• Criminal Data Framework: A clearer framework for handling criminal data by administrative and judicial bodies.

• Cross-Border Data Security: Introduction of safeguards to secure data exchanges within Europe and internationally.

• Enhanced Sanctions: Introduction of administrative fines of up to €10 million for non-compliance.

The adoption of Act No. 1.054 positions Monaco to renew its request for recognition of legislative compliance from the European Commission. The process, halted in 2012 with the advent of the GDPR, would facilitate seamless data transfers between Monaco and EU nations. The act also supports Monaco’s economic ambitions, enhancing its attractiveness as a destination for businesses relying on secure data practices.

Monaco also ratified Act No. 1.053, which formalizes the adoption of the protocol amending the Council of Europe’s Convention 108. This protocol, the only binding international legal instrument on data protection, strengthens Monaco’s commitment to international standards. The government plans to immediately begin the ratification process, building on its initial 2008 signature.

In response to concerns from the National Council about the impact of the new law on various stakeholders, the government announced an information seminar. Scheduled for December 11, 2024, at Lycée Rainier III, the seminar will target the State’s executive branch, public institutions, private entities operating in the public interest, and public service concession holders. It aims to ensure a smooth transition and widespread understanding of the law’s implications.
 

Need Help?

If you’re wondering how Monaco’s AI/data strategy, or any other AI/data strategies and laws worldwide could impact you and your business, don’t hesitate to reach out to BABL AI. Their Audit Experts can address your concerns and questions while offering valuable insights.