
The Caribbean's First Regional AI Policy Effort Is Here. Risk Governance Still Is Not.
On 2 August 2026, roughly a month from today, the European Union's AI Act reaches a second wave of live enforcement. Fines for breaching the transparency rules in Article 50, the ones that require labelling of AI-generated content and disclosure when a person is talking to a chatbot, become enforceable at up to fifteen million euros or three per cent of a company's global turnover, whichever is higher. The penalty powers attached to general-purpose AI models activate the same day. National market surveillance authorities get the legal teeth to act.
In the Caribbean, no country has a binding AI law. Not one CARICOM member state has published a national AI strategy, according to regional policy trackers monitoring the space through 2026, although Jamaica and Trinidad and Tobago are both reported to be drafting one. Jamaica and Barbados are usually named as the two furthest ahead, largely on the strength of their existing data protection legislation rather than anything AI-specific. Everyone else is further behind.
Into that gap has stepped the Caribbean Telecommunications Union. In July 2025 the CTU launched its Caribbean AI Task Force, and in late 2025 the Task Force released an interim report, Toward Harmonised AI Policies and Recommendations for the Caribbean. A final report and consolidated policy guidance are due at the inaugural CTU Caribbean AI Forum later in 2026. It is, by a wide margin, the most organised regional AI policy effort CARICOM has produced. It is also not, on its own, a risk governance system, and the distinction matters more than the announcement made it sound.
What the Task Force Actually Produced
The CTU's interim report is built around four themes: harmonising AI policy across member states so that a business or regulator is not working from fifteen different rulebooks; building AI capacity across the region with particular attention to youth, women, and communities that tend to be left out of digital investment; promoting AI deployment that is ethical and aligned with the UN Sustainable Development Goals; and strengthening the digital infrastructure that AI depends on, from connectivity to data centres.
These are reasonable priorities and the report reads as a genuine attempt to get fifteen governments talking about AI with something resembling a shared vocabulary, which on its own is not a small achievement in a region where digital policy has historically been made country by country. The Task Force convenes telecom regulators, ministries, and technical experts from across CARICOM, and its final report is expected to shape how governments think about connectivity, capacity, and digital inclusion in an AI-enabled economy.
What it does not do, because it was never built to, is set binding standards for how an AI system gets tested before deployment, who is accountable when an algorithm denies someone a loan or a benefit, what an incident report has to contain, or what happens to a company that deploys a system that causes measurable harm. A telecommunications union writes telecommunications-shaped policy. Roadmaps, capacity targets, and harmonisation principles are its natural output. Enforceable risk standards, audit requirements, and incident response obligations are a different discipline, closer to financial regulation or product safety law than to spectrum policy.
Brussels Is Not Waiting for the Region to Catch Up
The contrast with what is happening in Europe over the next month is instructive precisely because the EU AI Act shows how far a binding framework has to go even in a jurisdiction with the resources to build one. The European Parliament's own research service reported in March 2026 that only eight of the EU's twenty-seven member states had designated the single points of contact the Act requires national regulators to have in place. The bloc with the world's most developed AI rulebook is still assembling the machinery to enforce it, more than a year after the law came into force.
That should be sobering reading for CARICOM, not reassuring. If enforcement infrastructure is hard for the EU, it will be harder for fifteen small states with a fraction of the regulatory capacity and no equivalent of the European Commission to coordinate the work. The lesson from Brussels is not "we have more time." It is that building enforcement capacity takes years, and the region has not started the clock.
The practical exposure is immediate for any Caribbean business that touches the EU market. A tourism operator running AI-generated marketing content aimed at European travellers, a fintech processing EU customer data, or a Caribbean firm using an EU-based AI vendor for chatbot or content services now has a firm compliance date. Article 50's labelling and disclosure requirements do not care that the business is headquartered in Kingston or Bridgetown rather than Berlin. The obligation follows the customer, not the company's registered address.
Why a Roadmap Is Not a Risk Framework
Regional AI policy and AI risk governance answer different questions, and conflating them is where the Caribbean's current approach falls short. Policy asks: where should the region be investing, and what does inclusive AI adoption look like across fifteen very different economies. Risk governance asks a narrower and more urgent question: when an AI system is deployed today, in a bank, a hospital, a customs office, or a school, what has to be true before it goes live, and what happens when it fails.
A national or regional AI strategy can sit unfinished for years without causing a single harm. An AI system making live decisions about credit, healthcare eligibility, or immigration status without a risk framework behind it can cause harm the same week it launches. The two processes should run in parallel, not in sequence, and right now the Caribbean is running the slower of the two first.
This is the space the Caribbean AI Risk Management Council was built to occupy. CAIRMC's certification programme, its published risk guidance for banks, insurers, hospitals, and government agencies, and its Ethical AI Charter exist because a region that will not have binding AI law for years still has organisations deploying AI systems today, with real customers and real consequences. Waiting for CARICOM legislatures to catch up to Brussels is not a defensible position for a hospital running an AI triage tool or a bank running AI credit scoring in 2026. Those organisations need a working risk approach now, whatever legislative timeline eventually arrives.
What Should Actually Happen Next
The Task Force's final report, due at the CTU Caribbean AI Forum later this year, is a reasonable moment for CARICOM to decide it wants both things: a policy roadmap and a risk governance instrument, built by different bodies with different mandates, coordinated rather than merged. The CTU has convening power over telecom regulators and ministries. CAIRMC and similar risk-focused bodies have the practitioner relationships with the banks, insurers, hospitals, and government agencies actually running AI systems day to day. Neither can do the other's job well.
A useful next step is for CARICOM's Council for Trade and Economic Development, or a designated Lead Head of Government on digital matters, to commission a companion risk-governance track alongside the Task Force's policy roadmap, with a mandate to produce binding minimum standards, not aspirational principles. Jamaica's national AI strategy work and Trinidad and Tobago's parallel effort are the two most likely places this could start, given they are already furthest along.
Sister organisations across the region are already building pieces of this picture from the ground up. National initiatives tracked at sites such as jamaicaartificialintelligence.org and trinidadandtobagoai.com are documenting AI adoption and policy conversations in their respective countries, work that any regional risk framework will eventually need to draw on rather than duplicate.
Adrian Dunkley and CAIRMC's Role in This Conversation
Adrian Dunkley chairs the Caribbean AI Risk Management Council and founded StarApple AI, widely credited as the first AI company established in the Caribbean. He has spent the past two years pushing the argument at the centre of this article: that the Caribbean cannot treat AI governance as a single project with a single finish line. Policy roadmaps, capacity building, and risk governance are three separate disciplines that all need to exist at once, not three chapters of one report. His writing and CAIRMC's published frameworks, available through starappleai.org and his own site at adriandunkley.net, have consistently argued that the region's AI risk exposure will not wait for its legislative process, and that the organisations deploying AI today need working governance now rather than a promise of a framework in a future legislative session.
CAIRMC does not compete with the CTU's mandate, and this article is not a criticism of the Task Force's work, which fills a real gap in regional coordination. It is a note of caution against mistaking one useful document for a complete answer. The region needs both efforts, running at the same time, built by the bodies actually equipped to do each one.
Frequently Asked Questions
What is the CTU Caribbean AI Task Force?
It is a regional initiative launched by the Caribbean Telecommunications Union in July 2025 to coordinate AI policy development across CARICOM member states. Its interim report, released in late 2025, sets out four priority areas: harmonised policy, capacity building, ethical deployment aligned with the UN Sustainable Development Goals, and digital infrastructure. A final report is due at the CTU Caribbean AI Forum later in 2026.
Does the EU AI Act actually apply to Caribbean businesses?
Yes, where a Caribbean business serves EU customers, processes EU personal data, or relies on an AI system or vendor that falls within the Act's scope. The Act's extraterritorial reach follows the customer and the data, not the company's home jurisdiction. From 2 August 2026, the transparency obligations in Article 50, covering labelling of AI-generated content and disclosure of AI chatbot interactions, become enforceable with fines of up to fifteen million euros or three per cent of global turnover.
Does any CARICOM country have a binding AI law?
No CARICOM member state currently has AI-specific binding legislation in force. Some, including Jamaica and Trinidad and Tobago, are reported to be developing national AI strategies, and several countries have existing data protection legislation that covers some AI-adjacent activity. None of this amounts to a binding AI risk framework of the kind now enforceable in the EU.
Why does a policy roadmap not count as risk governance?
A policy roadmap sets direction and priorities over years. Risk governance sets binding requirements for how an individual AI system is tested, monitored, and held accountable before and after it goes live. An organisation deploying an AI credit-scoring tool or a clinical decision-support system needs the second thing immediately, regardless of how far the first thing has progressed through a regional or national legislative process.
What should a Caribbean organisation do while it waits for binding AI law?
Adopt a working risk framework now rather than waiting for legislation. That means documenting what each AI system does, who is accountable for its decisions, how a person can request human review, and what the incident response plan looks like if the system fails. CAIRMC's certification programme and published sector guidance are built for organisations in exactly this position.
How does CAIRMC relate to the CTU Task Force?
The two are not competitors. The CTU convenes telecom regulators and ministries and produces regional policy direction. CAIRMC works directly with the banks, insurers, hospitals, and government agencies deploying AI systems today, publishing risk guidance and running a certification programme. The region needs both functions operating in parallel.
The Bottom Line
The CTU's Caribbean AI Task Force is the most serious regional AI policy effort CARICOM has produced, and its final report deserves attention when it lands at the Caribbean AI Forum later this year. But a policy roadmap answers a different question from the one facing a bank running AI credit scoring or a hospital running an AI triage tool this month. Brussels needed more than a year after its law took effect just to get enforcement contact points in place across most of its member states. The Caribbean has not yet passed the law those contact points would enforce.
Waiting for that legislative process to finish before adopting any risk discipline is not a neutral choice. It is a decision to let AI systems operate in Caribbean banks, hospitals, and government agencies without the accountability structures that are becoming mandatory a few hundred miles away in Europe. The region does not need to choose between a policy roadmap and a risk framework. It needs both, built by the organisations equipped to deliver each one, and it needs to stop treating the first as a substitute for the second.