Building the Caribbean AI Regulatory Framework: A Blueprint for the Region

By May 2025, international AI governance has moved from aspiration to implementation. The EU AI Act's prohibitions on unacceptable risk AI practices became enforceable on 2 February 2025. UNESCO's monitoring of its 2021 Recommendation on the Ethics of Artificial Intelligence is generating comparative data on national implementation. More Small Island Developing States are developing national AI strategies. The question for Caribbean governments is no longer whether to engage with AI governance, but what kind of governance architecture to build and how to build it efficiently given constrained resources.

My argument is direct. The Caribbean needs a tiered, regionally harmonised AI governance architecture, with CARICOM setting baseline principles and minimum standards, and member states enacting national implementing legislation that adds sector-specific and locally appropriate provisions on top of that regional floor. This is not a new idea in principle. CARICOM already uses similar models in competition law, financial regulation, and trade policy. The task is to apply the model to AI governance with sufficient technical specificity to make it functional rather than rhetorical.

This article presents a concrete blueprint for that architecture, drawing on the CARICOM Regional Digital Economy Policy Framework, the EU AI Act's structure, the UN Advisory Body on AI's September 2024 report, and the specific institutional and legislative conditions that exist across the region in 2025. I set out what CARICOM should do, what national governments should do, and what the sector-specific regulatory additions should look like in financial services, public administration, and telecommunications.

Why the Caribbean Cannot Afford Fragmented National Approaches

CARICOM has fifteen full member states. Their populations range from Montserrat's approximately 5,000 residents to Jamaica's three million. Most of them cannot sustain, on their own, the full range of specialist institutions that AI governance demands: algorithmic auditors, AI safety investigators, data science forensic capacity, and international liaison functions. The economics simply do not support it.

This is not a Caribbean peculiarity. Small EU member states like Malta and Luxembourg rely substantially on shared EU institutions and the network of national data protection authorities to discharge regulatory functions that no single small state could manage alone. The difference is that the EU has built that shared infrastructure over decades. CARICOM needs to build a version of it, adapted to its own context, in a much shorter timeframe.

Fragmented national approaches also create problems for technology companies seeking to operate across the region. If each CARICOM member state enacts different AI requirements with different definitions, different conformity assessment processes, and different enforcement mechanisms, the compliance burden on regional technology providers becomes prohibitive. This would particularly harm Caribbean-based technology companies, including the growing cohort of AI-focused firms, for whom regional market access is essential to commercial viability.

A harmonised framework, by contrast, creates a Caribbean AI regulatory zone that technology companies can work within under a single set of compliance obligations, much as the EU's single market functions. This is a competitive advantage for the region, not a constraint.

The Three-Tier Architecture

Tier One: CARICOM Baseline Principles

The first tier consists of a CARICOM AI Governance Treaty or, as a faster alternative, a binding Decision of the CARICOM Council for Trade and Economic Development. This instrument would establish the non-negotiable floor: fundamental principles that all member states commit to implementing, regardless of their individual legislative approaches.

The baseline principles should cover: human rights and dignity (AI systems must not be used to violate or diminish recognised human rights); transparency (individuals must be informed when AI materially influences decisions affecting them); accountability (a designated responsible party must be identifiable for every AI system in use); non-discrimination (AI systems must not produce discriminatory outputs on protected grounds); and environmental responsibility (AI deployment must account for energy consumption and carbon impact, which is particularly salient for climate-vulnerable SIDS).

These principles are drawn from the UNESCO Recommendation on the Ethics of Artificial Intelligence, the OECD AI Principles, and the EU AI Act's recitals. They are not novel; they are the settled international consensus. The task for CARICOM is to adopt them formally as binding regional commitments, not simply to endorse them in policy documents that have no legal effect.

Tier Two: National Implementing Legislation

The second tier is national legislation enacted by each member state to implement the CARICOM baseline and add nationally appropriate provisions. This tier is where the diversity of CARICOM's member states is accommodated. Jamaica, with its relatively sophisticated legal and regulatory infrastructure, can enact a more detailed implementing statute than a smaller OECS member state. Trinidad and Tobago, with its oil and gas sector and large financial services industry, will need provisions that smaller economies do not. Barbados, with its large international business and financial services sector, has its own specific AI governance considerations.

Critically, national implementing legislation must meet the CARICOM baseline as a minimum. A member state cannot enact national legislation that falls below the regional floor. It can exceed it. This is the "CARICOM-plus" model that would allow the region's more legislatively advanced member states to move ahead without waiting for universal consensus, while ensuring that all member states eventually meet the baseline standard.

Tier Three: Sector-Specific Regulatory Standards

The third tier consists of standards and codes of practice issued by sector regulators, operating within the framework established by tiers one and two. The Bank of Jamaica would issue AI standards for financial services. The Telecommunications Authority of Jamaica would address AI in telecommunications and digital platforms. The Ministry of Health would address AI in medical devices and clinical decision support. Equivalent bodies in other member states would do the same for their sectors.

This tier is where the operational detail lives. It is also where regulatory capacity constraints are most acute. The regional architecture should therefore include a mechanism for shared capacity: a CARICOM AI Technical Advisory Pool that sector regulators across member states can draw on when they face investigations or standard-setting tasks that require specialist expertise they do not have in-house.

Designing the CARICOM AI Governance Body

The three-tier architecture requires a coordinating institution at the CARICOM level. I propose the establishment of a CARICOM AI Governance Council, operating as a standing committee under the CARICOM Secretariat with defined functions and a dedicated secretariat. This is not a new institution from scratch; it is an expansion and formalisation of existing coordination mechanisms.

The Council's functions should include: maintaining the regional AI baseline principles and updating them as international standards evolve; coordinating national regulatory approaches to prevent fragmentation; providing a forum for CARICOM's collective engagement with international AI governance bodies including the UN, the OECD, and the EU AI Office; managing the CARICOM AI Technical Advisory Pool; and monitoring member state implementation of the regional baseline.

The Council should not be a purely governmental body. Its membership should include national AI policy leads from each member state government, representatives from the Caribbean Telecommunications Union, representatives from national data protection authorities, one seat for civil society, and one seat for the private technology sector. This configuration reflects the multi-stakeholder governance approach recommended by the UN Advisory Body on AI's September 2024 report and would give the Council the breadth of perspective necessary to develop credible, practical standards.

Risk Classification in the Caribbean Context

Any functional AI regulatory framework requires a risk classification system. The EU AI Act's four-tier model (unacceptable, high, limited, minimal risk) provides a workable starting point. But it needs adaptation for the Caribbean context in two important respects.

First, the Caribbean's high-risk categories should reflect the sectors where AI is being most actively deployed and where harm potential is greatest in the regional context. Based on current adoption patterns, these are: AI in financial services (credit, insurance, payments); AI in government benefit and service eligibility decisions; AI in law enforcement and criminal justice; AI in healthcare and clinical decision support; and AI in education and student assessment. These map broadly onto the EU AI Act's high-risk categories but should be defined by reference to Caribbean legal and institutional contexts, not EU ones.

Second, the Caribbean framework should include a category that the EU AI Act does not contain: AI in climate and disaster response. Climate resilience is existential for Caribbean SIDS in a way that it is not for large EU member states. AI systems used for hurricane tracking, flood modelling, agricultural drought prediction, or emergency resource allocation are not neutral tools; errors in their outputs have life-and-death consequences. They should be classified as high-risk and subject to rigorous oversight requirements, including mandatory accuracy testing and failsafe human override provisions.

The Innovation Imperative

A Caribbean AI governance framework will only succeed if it actively supports innovation alongside accountability. The region's technology sector is growing, and it needs a regulatory environment that provides clarity without imposing compliance burdens that only large, well-resourced companies can bear. The EU AI Act has faced legitimate criticism for exactly this problem: its conformity assessment requirements for high-risk AI systems are feasible for large technology companies but potentially prohibitive for startups and small firms.

The CARICOM framework should incorporate a regulatory sandbox mechanism specifically designed for Caribbean AI innovators. A sandbox allows companies to test new AI applications in a controlled environment, with regulatory supervision, without being immediately subject to the full compliance regime. Jamaica's Bank of Jamaica has successfully operated a regulatory sandbox for fintech innovations since 2020. The model is proven and adaptable.

The framework should also include proportionality provisions. A small Caribbean software company that incorporates an AI feature into an accounting application does not present the same risk profile as a commercial bank using AI for credit underwriting. The compliance obligations should reflect that difference. Minimum standards apply to all; additional requirements attach to higher-risk applications and larger-scale deployments.

Recommendations

1. CARICOM Heads of Government should mandate the development of a CARICOM AI Governance Treaty at the 2025 CARICOM Summit. The mandate should set a twelve-month drafting timeline, designate the CARICOM Secretariat as the coordinating body, and identify initial funding from existing CARICOM resources and international technical assistance. A treaty is the appropriate instrument because it creates binding commitments and signals the seriousness of regional intent to international partners.
2. Establish the CARICOM AI Governance Council within six months of the summit mandate. The Council's first tasks should be: adopting interim baseline principles pending the treaty; commissioning a comparative analysis of existing member state legislation against those principles; and establishing a preliminary technical advisory function by drawing on regional university expertise, particularly from the University of the West Indies and the University of Trinidad and Tobago.
3. Jamaica, Trinidad and Tobago, and Barbados should each introduce national AI framework legislation by the end of 2025. These three countries have the legislative and institutional capacity to move first. Their national legislation would set the practical standard for the region and provide models that smaller member states can adapt. Coordination among the three during the drafting process is essential to ensure the national approaches are compatible rather than divergent.
4. Incorporate a Caribbean-specific climate and disaster response AI risk category into the regional framework from the outset. This category should require mandatory pre-deployment accuracy testing, human override provisions, and post-incident reporting for any AI system used in climate monitoring, emergency response, or disaster resource allocation. The Caribbean Disaster Emergency Management Agency should be consulted in defining the category's scope.
5. Launch a CARICOM AI Regulatory Sandbox Programme by 2026. The programme should be administered by the CARICOM AI Governance Council with national regulatory co-sponsors. It should be open to technology companies registered in any CARICOM member state. Sandbox participants should receive expedited regulatory guidance and immunity from enforcement action for activities conducted within the sandbox parameters. Exit conditions should include a clear compliance pathway to the full framework.
6. Negotiate a technical cooperation agreement with the EU AI Office by the end of 2025. The EU AI Office is actively developing its external engagement programme. CARICOM should seek a structured cooperation agreement that includes capacity-building support, access to the EU's AI standards development processes, and information-sharing on high-risk AI systems used in both jurisdictions. This agreement would accelerate the development of Caribbean technical capacity without requiring the region to build that capacity entirely from its own resources.

Conclusion

The blueprint presented in this article is not theoretical. Every component of the proposed architecture has a precedent, either in CARICOM's existing governance structures, in international regulatory models, or in specific Caribbean institutions that are already operational. The CARICOM Secretariat has coordinated binding regional frameworks before. Caribbean central banks have operated regulatory sandboxes. The University of the West Indies has built research capacity in digital governance. What is missing is not the raw material; it is the political decision to assemble that material into a coherent architecture with a realistic implementation timeline.

The EU AI Act's prohibitions became enforceable in February 2025. UNESCO's monitoring is ongoing. International AI governance norms are maturing rapidly. Caribbean SIDS that wait for a perfect global consensus before acting domestically will find that the consensus has formed without them, and that the standards they then face are calibrated for larger, more resource-rich jurisdictions.

The concrete takeaway is this: adopt the three-tier architecture, establish the CARICOM AI Governance Council, and ensure that Jamaica, Trinidad and Tobago, and Barbados introduce national framework legislation by the end of 2025. These are not incremental steps; they are the foundation. Build the foundation now, and the rest of the structure follows.

About the Author

Adrian Dunkley is a Caribbean AI governance expert with extensive experience in legal and regulatory framework analysis, legislative gap analysis, and policy reform recommendations in AI governance, digital technologies, data protection, and human rights law. He advises Caribbean government institutions and regional bodies on AI policy and has worked across Jamaica and the wider CARICOM region on digital economy development. Adrian is a co-founder of StarApple AI, the Caribbean's first AI company, and founder of AI Jamaica. He presents regularly at regional and international forums on AI governance, digital rights, and Caribbean development strategy. Contact: insights@starapple.ai