Agentic Systems Design·June 17, 2026
🇨🇷
AI in Costa Rica
Costa Rica is one of the most active LATAM markets for AI nearshoring and operational automation. The talent base is bilingual, regulation is light but evolving, and most adoption happens in services exports, fintech, and tourism.
Regulation and compliance
Costa Rica has no AI-specific binding statute as of 2026, but the operating environment for AI deployments is shaped by three converging layers. The first is the national policy framework — ENIA 2024-2027 (Estrategia Nacional de Inteligencia Artificial), coordinated by MICITT (Ministerio de Ciencia, Innovación, Tecnología y Telecomunicaciones). In April 2025 MICITT issued a mid-cycle implementation note clarifying how ENIA principles apply to public-sector AI procurement: any state entity contracting an AI system that supports automated decision-making against citizens must publish a model card, a data-source disclosure, and a human-oversight protocol before go-live. The note is binding on public buyers and is being used as the reference standard for private vendors that sell into government. The second layer is data protection — Ley 8968 de Protección de la Persona frente al Tratamiento de sus Datos Personales, supervised by PRODHAB (Agencia de Protección de Datos de los Habitantes — https://www.prodhab.go.cr). In February 2026 PRODHAB published an updated position on cross-border transfers under Article 14 of Ley 8968, clarifying that transfers to processors in the United States are permissible without a separate authorization only when the importing party is subject to the EU-US Data Privacy Framework or has signed standard contractual clauses aligned with PRODHAB's 2024 model. AI providers that move training data or inference logs offshore now require a documented basis for the transfer, on file before processing begins. The third layer is sector regulation — SUGEF, SUGESE and SUGEVAL each have AI-risk circulars in force for banking, insurance and securities respectively, and SUGEF's 2025 fintech AI risk guidance (incorporated into the Reglamento sobre el Riesgo Operativo) requires supervised entities to maintain a model inventory, document model-risk management, and report material AI-driven decisions to the supervisor. Enforcement is administrative — PRODHAB can fine up to 30 base salaries per violation (Ley 8968 Article 28), and SUGEF can require remediation plans backed by enforceable timelines. Recent MICITT guidance under ENIA also signals where the next round of binding rules will land: high-risk public-facing applications, transparency for automated decisions, and provenance for synthetic media.
Last reviewed: 2026-06-04
Recommended reading
Frequently asked questions
Does Costa Rica have an AI law?
No binding AI-specific statute. ENIA 2024-2027 sets policy direction; Ley 8968 governs data protection; MICITT coordinates with sector regulators on guidance.
Why is Costa Rica common for AI nearshoring?
Bilingual talent, US time-zone alignment, stable institutions, and a deep services-export base. Most teams use Costa Rica for support agents, finance back-office, and content operations.
How does ENIA affect private companies?
ENIA itself is non-binding. It signals where MICITT will push (data infrastructure, AI literacy, public-sector use) and shapes how sector regulators draft binding guidance later.
Operating in Costa Rica?
Let's talk about deploying AI while staying compliant with local rules and measuring ROI from quarter one.