Vatican City / Holy See

Summary

Vatican City State (Holy See) is a unique sovereign entity with a dual legal order — Vatican City State (VCS) civil/administrative law and Canon Law, with Italian law applying supplementarily where VCS law is silent. Data protection is governed by Decree No. DCLVII (General Regulation on the Protection of Personal Data, promulgated 30 April 2024 ad experimentum for three years), applying to processing by the Governorate of VCS only; Holy See / Roman Curia processing is explicitly excluded from its scope. The 2024 Regulation is modelled on the GDPR but covers only VCS institutional processing, not private entities or the broader public. Computer access crimes rely on general VCS criminal law principles and supplementary Italian criminal law (including Italian Codice Penale Art. 615-ter on unauthorized computer access); no standalone Vatican cybercrime statute has been identified. Copyright is governed by Vatican Law No. CXXXII of 19 March 2011 (on the protection of copyright and related rights), with Italian copyright law applying supplementarily. The Holy See is party to the Berne Convention. No sui generis database right. No TDM exception. EU AI Act does not apply. This is the most legally uncertain jurisdiction in this batch — civil-society web operators and external crawlers face an essentially uncharted posture. Confidence low; needs_human_review true.