The EU AI Act Is Now Law: What Every Caribbean Government Must Do in the Next Twelve Months

On 21 May 2024, the Council of the European Union formally adopted the EU AI Act, completing a legislative process that began in April 2021. The European Parliament had passed it on 13 March 2024. On that same day, delegations gathered in Seoul for the AI Safety Summit, the second major intergovernmental meeting on AI risk since the Bletchley Declaration of November 2023. Caribbean governments were, for the most part, watching from a distance.

My hypothesis here is direct: Caribbean governments have a narrow window to shape their AI regulatory response around the EU AI Act before global standards harden and Small Island Developing States find themselves regulated by frameworks built entirely without their input. That window is measurable in months, not years.

This article examines what the EU AI Act actually requires, why it matters for the Caribbean beyond its formal jurisdictional reach, and what CARICOM member states should do before the end of 2024 to ensure their interests are protected. I argue that the current moment calls for deliberate, coordinated regional action, not the reactive policymaking that has characterised Caribbean responses to previous waves of global digital regulation.

What the EU AI Act Actually Does

The EU AI Act is a risk-based regulatory framework. It classifies AI systems into four categories: unacceptable risk (prohibited outright), high risk (subject to mandatory conformity assessments and documentation requirements), limited risk (subject to transparency obligations), and minimal risk (essentially unregulated). The prohibited category includes AI systems that use subliminal techniques to manipulate behaviour, real-time biometric identification in public spaces by law enforcement, and social scoring systems operated by public authorities.

High-risk systems include AI used in critical infrastructure, education, employment, essential public services, law enforcement, migration and asylum management, and the administration of justice. These are precisely the sectors where Caribbean governments are most actively exploring AI adoption. An AI system used to triage social welfare applications in Jamaica, or to assist border management in Trinidad and Tobago, would fall squarely within the high-risk category if it were subject to the Act.

Critically, the Act's reach extends beyond EU borders. It applies to providers and deployers of AI systems whose outputs are used within the European Union, regardless of where those providers are located. A Caribbean technology company that builds an AI system used by an EU client, or a Caribbean government that deploys an AI tool built by an EU-regulated company, enters a zone of regulatory relevance whether or not it has considered this dimension of compliance.

The EU AI Office, established within the European Commission, will oversee implementation. Its decisions will shape how the Act's provisions are interpreted in practice, and Caribbean stakeholders who are not engaged with that process will have no ability to influence those interpretations.

The International Architecture Taking Shape Around the Act

The EU AI Act does not exist in isolation. It is the most legally binding element of a broader international architecture that is forming with considerable speed. The UN General Assembly passed its first AI resolution on 21 March 2024, endorsing a set of principles for safe, secure, and trustworthy AI that draw heavily on the OECD AI Principles first articulated in 2019. The G7 Hiroshima AI Process Code of Conduct, published in October 2023, established voluntary commitments for advanced AI developers that are now being used as reference standards by technology procurement officers across the public and private sectors.

ISO/IEC 42001, the international standard for AI management systems, was published in December 2023. Multinational technology vendors are already moving to certify against it. When Caribbean governments procure AI systems, they are increasingly buying from vendors whose products are shaped by these international standards, whether or not Caribbean procurement rules require it.

The Seoul AI Safety Summit, held on 21 and 22 May 2024, deepened commitments on AI safety testing and frontier model governance. It produced further international alignment on what responsible AI development requires. Caribbean voices were not prominent in those discussions. The Bletchley Declaration, agreed in November 2023 at the UK's inaugural AI Safety Summit, had already set a directional framework that subsequent summits are building upon.

Each of these developments narrows the space available to latecomers. Standards, once set at this level of international consensus, are extraordinarily difficult to revise in ways that reflect the specific circumstances of Small Island Developing States.

Why Caribbean SIDS Are Disproportionately Exposed

Caribbean SIDS face a particular combination of exposures that makes the EU AI Act's emergence especially consequential. The region's AI adoption rate sits at approximately 14 per cent, compared with 24 per cent in the Global North. This means that when Caribbean governments and businesses do deploy AI, they are typically deploying systems built elsewhere, subject to regulatory frameworks developed elsewhere, often without local capacity to audit or interrogate those systems.

The region's dependence on external technology providers is not a temporary condition. It reflects constrained government capacity, small domestic markets, and limited specialist technical expertise. Anguilla's .ai domain economy generated approximately US$39 million in 2024, demonstrating that the Caribbean has real stakes in the AI economy. But domain revenue is passive income; it does not translate automatically into regulatory influence or technical sovereignty.

Trinidad and Tobago, Barbados, and Jamaica are the Caribbean's most digitally developed economies, and all three are expanding AI use in financial services, public administration, and healthcare. The Bank of Jamaica's supervisory role in fintech, for example, already encompasses AI-powered lending tools. Jamaica's Ministry of Science, Energy and Technology has signalled interest in a national AI strategy. But strategy documents without legal frameworks leave government agencies exposed when AI systems cause harm and there is no clear accountability mechanism.

Climate vulnerability compounds this. Caribbean SIDS are among the most climate-vulnerable nations on earth. They increasingly turn to AI-powered early warning systems, agricultural monitoring tools, and disaster response platforms. If those systems are high-risk AI under the EU Act, and if the vendors who build them are EU-regulated, then the terms on which Caribbean governments access those tools will be shaped by EU regulatory requirements that were not designed with SIDS in mind.

The CARICOM Regional Framework and Its Limits

CARICOM has the CARICOM Regional Digital Economy Policy Framework, which provides a basis for regional coordination on digital governance. The framework articulates principles around digital trade, data flows, cybersecurity, and digital skills. It is a useful platform. But it was not designed for the current moment, and it does not address AI governance with any specificity.

The Caribbean Telecommunications Union plays a coordination role on spectrum and telecommunications policy. The OECS has developed digital economy frameworks applicable to its member states. Jamaica's Vision 2030 national development plan includes digital economy priorities. These structures exist, and they matter. The question is whether they can be activated quickly enough and with sufficient technical content to produce a meaningful Caribbean position on AI governance before the international consensus calcifies.

I believe they can, but only if political leaders treat this as a genuine priority rather than a technical matter to be delegated indefinitely to advisory committees. The EU AI Act is a trade and investment issue. It is a public sector procurement issue. It is a fundamental rights issue. It deserves the level of political attention that those categories of concern typically receive.

There is a specific opportunity here. The EU has historically provided technical assistance to ACP states on regulatory capacity-building. The EU AI Office is new and is in the process of establishing its external engagement strategies. Caribbean governments that move quickly to request technical cooperation on AI governance alignment will find a more receptive counterpart than those who wait until the Office's priorities are fully fixed.

Jamaica's Data Protection Act as a Foundation

Jamaica's Data Protection Act 2020, administered by the Office of the Information Commissioner, is the most advanced data protection legislation in the Anglophone Caribbean. It incorporates core principles of data minimisation, purpose limitation, and accountability that are directly relevant to AI governance. The Act grants individuals rights of access and correction in relation to automated decision-making, which speaks directly to AI-driven processes in areas like credit assessment and benefits eligibility.

But the Act was designed for a pre-AI governance era. It does not address algorithmic transparency, model explainability, or the specific obligations that arise when AI systems are used to make or influence consequential decisions about individuals. The Office of the Information Commissioner has limited technical capacity to investigate AI-specific complaints. And the Act's enforcement mechanisms were not designed with the scale and speed of AI-enabled data processing in mind.

The Data Protection Act is a foundation, not a finished building. What it demonstrates is that Jamaica has the legislative experience and the institutional infrastructure to build on. What it does not provide is sufficient coverage of the AI-specific harms that the EU AI Act and emerging international standards are designed to address.

Recommendations

These recommendations are addressed to Caribbean governments, CARICOM, and regional institutions. They are sequenced for the twelve-month window from May 2024:

1. Commission a Caribbean AI Act Gap Analysis by September 2024. CARICOM's Secretariat, or a lead member state, should commission a formal analysis of how existing Caribbean legislation and policy frameworks compare against the EU AI Act's core requirements. The analysis should identify which sectors face the highest exposure and which legislative gaps are most urgent. This is not a theoretical exercise; it is a prerequisite for any meaningful regulatory response.
2. Establish a CARICOM AI Governance Working Group with a fixed mandate. The working group should have a specific deliverable: a draft CARICOM AI Governance Position Statement by the end of 2024. The statement should articulate CARICOM's collective stance on risk-based AI regulation, data sovereignty, and the terms on which Caribbean SIDS are willing to engage with international AI governance frameworks. It should be circulated to the EU AI Office, the UN Advisory Body on AI, and the OECD AI Policy Observatory.
3. Each CARICOM member state should conduct an AI systems inventory within government. Governments cannot regulate what they have not mapped. Every ministry and statutory body should report on the AI systems it currently uses or procures, the purposes for which those systems are used, and the vendors who supply them. This inventory should be completed within six months and should feed into the CARICOM gap analysis.
4. Insert AI transparency clauses into all new technology procurement contracts immediately. While formal AI governance legislation is being developed, governments should act through procurement. New contracts for technology services should require vendors to disclose whether their systems incorporate AI, what training data was used, what algorithmic logic drives outputs, and what audit trails are maintained. This is achievable without new legislation and creates an immediate accountability mechanism.
5. Designate an AI Policy Lead in each government's technology ministry. Jamaica's Ministry of Science, Energy and Technology, Trinidad and Tobago's Ministry of Digital Transformation, and equivalent bodies in each member state should designate a senior official responsible for AI governance. This person should be the point of contact for CARICOM coordination, EU technical assistance requests, and national AI inventory oversight.
6. Engage the EU AI Office formally within six months. Caribbean governments, ideally through CARICOM, should write to the EU AI Office within six months requesting formal dialogue on how the Act's implementation will affect developing country technology users. The Office is in its formative period and is more open to external input now than it will be once its internal processes are established. Waiting is strategically costly.

Conclusion

The EU AI Act's formal adoption on 21 May 2024 is not a European story with Caribbean footnotes. It is a global regulatory event that will reshape the AI development and deployment environment within which Caribbean governments, businesses, and citizens operate. The international architecture forming around it, from the Seoul AI Safety Summit to the UN General Assembly resolution to ISO/IEC 42001, is consolidating quickly.

Caribbean governments have faced this situation before with other global regulatory waves, including GDPR, FATF anti-money laundering standards, and international tax transparency frameworks. In each case, the pattern has been the same: late engagement, constrained options, compliance costs borne disproportionately by smaller economies with less bargaining power.

The AI governance window has not yet closed. The EU AI Office is new. The UN's advisory processes are ongoing. CARICOM has structures that can be activated. What is required is political will and deliberate action in the next twelve months. The Caribbean region has too much at stake, in tourism, financial services, business process outsourcing, and the nascent technology sector itself, to allow this moment to pass without a coherent regional response.

The takeaway is unambiguous: act now, act collectively, and act with specific legislative and institutional goals rather than general expressions of intent. The alternative is to spend the next decade adapting to rules that others wrote.

About the Author

Adrian Dunkley is a Caribbean AI governance expert with extensive experience in legal and regulatory framework analysis, legislative gap analysis, and policy reform recommendations in AI governance, digital technologies, data protection, and human rights law. He advises Caribbean government institutions and regional bodies on AI policy and has worked across Jamaica and the wider CARICOM region on digital economy development. Adrian is a co-founder of StarApple AI, the Caribbean's first AI company, and founder of AI Jamaica. He presents regularly at regional and international forums on AI governance, digital rights, and Caribbean development strategy. Contact: insights@starapple.ai