Legal Identity

All children born in Timor-Leste must be registered after birth and registration is free of charge for children under the age of five.^[1] Registration must occur within four weeks of the birth of the child.^[2] A 2011 draft bill, the Child’s Code, that is available on the Ministry of Justice website mentions registration of birth must be done irrespective of the parents’ marital status or national origins.^[3] The same bill also states that health facilities must identify newborns after birth and inform parents of the registration procedures.^[4] The birth record is entered into the civil registry maintained by the Ministry of Justice’s National Directorate of Registries and Notarial Services.^[5] This birth registration record forms the legal basis for subsequent identity documents, including the national identity card.^[6] There is limited information available on whether birth registration is available to stateless children and what are the barriers they may face.

The national identity card (Bilhete de Identidade) is the primary official proof of legal identity in Timor-Leste. ^[7] This document is issued by the National Directorate of Registries and Notarial Services under the Ministry of Justice.^[8] It contains identity data such as the name, parentage, place and date of birth, gender, marital status, photograph, signature and citizenship.^[9] The national identity card in Timor-Leste serves as an official proof of citizenship in addition to proving legal identity.^[10]

Timor-Leste provides residence permits to foreign nationals through its Immigration Service, governed primarily by Law No. 11/2017 on Migration and Asylum.^[11] Timor-Leste issues two main types of residence permits: temporary and permanent.^[12] Temporary residence permits are valid for up to two years and renewable for the same period.^[13] They are available for professionals, family reunification, victims of human trafficking, or certain other exceptional reasons.^[14] Permanent residence permits have no expiry date but must be renewed every five years.^[15] They are granted after at least 12 consecutive years of legal residence in the country.^[16] Information available does not indicate that these residence permits are available to stateless persons in the country.

Digital ID Overview

Timor-Leste developed a comprehensive Unique Identity (UID) System Strategic Plan 2021-2025, approved by the Council of Ministers in June 2021.^[17] This plan outlined the creation of a digital identity system consisting of a 10-digit random Unique ID Number (UIN), biographical data (name, date of birth, place of birth), and biometric information (facial image, fingerprints, iris scans).^[18] In October 2025, the government launched ‘Dalan ba Digital,’ a new €3 million initiative funded by the European Union and implemented by UN Development Program (UNDP), which aims to ‘support the creation of a unique digital ID for citizens’ over the next three years.^[19]

The Strategic Plan states that the UID is intended for all people in Timor-Leste, specifically mentioning, ‘Everyone can receive a UID, including foreigners, orphans, refugees, stateless persons, and those with no existing ID.’^[20] However, it is yet to be determined if this will be the case when the system is practically implemented.

Digital identity is also defined in the Strategic Plan as ‘a collection of electronically captured and stored identity attributes that uniquely describe a person within a given context and are used for electronic transactions…A person’s digital identity may be composed of a variety of attributes, including biographic data and biometric data (e.g., fingerprints, iris scans, handprints) as well as other attributes that are more broadly related to what the person does or something someone else knows about the individual.’^[21] No services are currently designated as accessible only through the UID, and the Strategic Plan positions the UID as complementary to existing identification such as the national identity card.^[22]

Law

Domestic law and policy

The main policy framework for digital identity in Timor-Leste is the Unique Identity (UID) System Strategic Plan 2021–2025 which envisions the creation of a national, unique, digital ID system that is presently in the initial stages of planning and development.^[23] Under the Constitution of the Democratic Republic of Timor-Leste, Article 38 protects the right to personal data and privacy, establishing that everyone has the right to access personal data stored in computer systems or records, to be informed of the purpose of data collection, and to oppose the processing of data on beliefs, religion, or other private matters without consent.^[24]

Decree-Law No. 2/2004 on Civil Identification governs the issuance of physical national identity cards, which are issued only to Timorese citizens and administered by the National Directorate of Registries and Notarial Services under the Ministry of Justice.^[25] This law includes provisions on data protection and access to records, but it does not regulate a digital UID system and specifically applies to the physical ID card regime.^[26]

Timor-Leste’s broader digital policy framework is set out in Timor Digital 2032, a ten-year national digital strategy launched in 2023 that aims to apply digital technologies and Information and Communication Technologies (ICT) in priority areas for human and economic development.^[27] In addition,Decree-Law No. 12/2024 on General Legal Regime for Electronic Commerce and Electronic Signatures, establishes the legal framework of electronic transactions and electronic signatures.^[28]

Data Protection

Timor-Leste does not have a comprehensive data protection and privacy law currently in force. As mentioned, Article 38 of the Constitution specifically addresses personal data protection, granting citizens the right to access their personal data and demand the purpose of its collection.^[29]

As part of the Strategic Plan, a Data Privacy and Protection Law was planned to establish comprehensive data protection rules and independent oversight ^[30] However, as of January 2026, no data protection law has been enacted in Timor-Leste, and there is no independent data protection authority. In addition, a draft Cybercrime Law, which contains provisions on unauthorized access to computer systems and related offenses, remains in draft form as of early 2025 and has not yet been enacted.^[31] Civil society and human rights monitoring reports have noted concerns that the draft law may restrict online freedoms and lack adequate data protection safeguards.^[32]

No dedicated law protects biometric data collected for digital ID. No legal mandate requires encryption of digital ID data, despite Decree-Law 12/2024 mentioning electronic security measures.^[33] There are no explicit prohibitions on government access to UID data. No specific evidence establishes government misuse of digital ID data in violation of privacy or individual rights, as the system remains in the pilot stage. It must be noted that without data protection legislation, there remains an elevated risk of profiling, breaches, and discrimination through data linkage to banking, health, and other sectors.^[34]

International Commitments

Timor-Leste has ratified the core UN human rights treaties, including the ICCPR, ICESCR, CRC, CEDAW, CERD, CAT, and CRPD.^[35] Timor-Leste has also acceded to the 1951 Convention relating to the Status of Refugees and the 1967 Protocol, though with some reservations concerning access to courts and social assistance.^[36] However, Timor-Leste has not ratified the 1954 Convention relating to the Status of Stateless Persons nor the 1961 Convention on the Reduction of Statelessness.^[37]

As a signatory, the country is obliged to ensure birth registration (ICCPR Article 24(2); and CRC Article 7), non-discrimination (ICCPR Article 2, 26; ICESCR Article 26; and CRC Article 2), and access to essential services like health (ICESCR Article 12), education (ICESCR Article 13), and social security (ICESCR Article 9).^[38] Furthermore, in its General Comment No. 25, the CRC Committee states that digital systems should be created such that they enable all children to safely access essential digital public services and educational services without discrimination.^[39] The Committee on the Elimination of Discrimination against Women in its fourth periodic report, recommended that Timor-Leste strengthen birth registration systems and collect disaggregated data on stateless women and girls to better assess the impact of birth registration.^[40]

In October 2025, Timor-Leste was confirmed as a member of ASEAN, therefore the ASEAN Framework on Personal Data Protection and Framework on Digital Data Governance hold persuasive value for the country to enact data protection and privacy laws. These frameworks set out non-binding principles encouraging member states to adopt national data protection laws and support mutual recognition, but do not impose binding commitments or specific mandates on digital ID systems or make provisions for the protection of stateless persons.^[41] The country has also pledged in 2025 to the Ministerial Declaration on a Decade of Action for Inclusive and Resilient Civil Registration and Vital Statistics in Asia and the Pacific. Countries pledge to ensure that every birth is registered by 2030 and to close registration gaps among marginalized populations.^[42] The Declaration highlights the barriers faced by stateless persons in access to civil registration services and pledges to ‘develop and implement measures to avoid the potential exclusion of digitally marginalized or vulnerable populations from statistical data and facilitate their access to services and entitlements’.^[43]

Designed to Include?

The Impact of Digital ID and Legal Identity on Citizenship and Nationality Rights

Timor-Leste is in the early stages of implementing a digital identity system, and there is currently no evidence that digital ID has either contributed to or reduced statelessness, as the system remains in a pilot or development phase.^[44] The Unique ID is explicitly designed as a foundational digital identity that is separate from civil registration and citizenship, and the granting, denial, or revocation of UID does not itself confer, remove, or alter nationality status.^[45] The UID Strategic Plan explicitly allows enrollment without birth certificates, using alternative mechanisms such as witnessed declarations, NGO endorsements, and parental or guardian biometrics for children, with the aim of including vulnerable and hard-to-reach populations such as stateless persons, refugees, children, persons with disabilities, and those living in remote areas.^[46]

Despite these inclusive intentions, Timor-Leste still faces gaps in preventing statelessness. Under the Constitution, children born to stateless parents, parents of unknown citizenship, or parents whose nationality cannot be determined are entitled to acquire citizenship automatically.However, UNHCR noted that foundlings must prove birth on Timorese territory, and children whose parents cannot confer nationality may not automatically receive citizenship.^[47] There are currently no reliable statistics on stateless persons, and the country has not acceded to the 1954 and 1961 UN statelessness conventions, which UNHCR recommends, along with establishing a formal statelessness determination procedure.^[48]

Legal and policy frameworks in Timor-Leste support privacy, data protection, and human rights, though a comprehensive data protection law is not yet in force. The Ombudsman for Human Rights and Justice (PDHJ) has a mandate to investigate rights violations, including access to services. It has begun cooperation with Indonesia’s National Human Rights Commission (Komnas HAM) on statelessness and cross-border issues.^[49]

Timor-Leste’s UID Strategic Plan is explicitly designed to increase inclusivity and reduce barriers for stateless, undocumented, and marginalized populations.^[50] However, the system is still in its early stages, with no public evidence of enrollment or inclusion of stateless persons. Challenges remain in birth registration, geographic accessibility, bureaucratic complexity, and social discrimination.^[51] The potential of the UID system to mitigate these gaps depends on effective implementation, mobile outreach, legal safeguards, and continuous monitoring to ensure that it fulfills its inclusive objectives without reinforcing exclusion.

References

1.^

‘Timor-Leste | Get Every One in the Picture’ <https://crvs.unescap.org/country/timor-leste> accessed 2 February 2026.

2.^

ibid

3.^

‘CHILD´S CODE – Draft Bill | Ministério Da Justiça’ <https://mj.gov.tl/?q=node/572> accessed 2 February 2026.

4.^

ibid

5.^

‘Timor-Leste | Get Every One in the Picture’ (n 1); Decree-Law No. 2/2004 on Civil Identification 2004.

6.^

Government of Timor-Leste, ‘Unique Identity System Strategic Plan | 2021 to 2025’ (2021) <https://idu.gov.tl/wp-content/uploads/2021/08/Unique-ID-Strategy-Consolidated-Final_240521_-English1878.pdf>.

7.^

Decree-Law No. 2/2004 on Civil Identification.

8.^

ibid

9.^

ibid

10.^

ibid

11.^

Law No. 11/2017 on Migration & Asylum.

12.^

‘Resident Permit | Immigration Service of Timor-Leste’ <https://www.migracao.gov.tl/html/sub0404.php> accessed 12 February 2026.

13.^

ibid

14.^

ibid; Law No. 11/2017 on Migration & Asylum.

15.^

‘Resident Permit | Immigration Service of Timor-Leste’ (n 12).

16.^

ibid

17.^

Government of Timor-Leste (n 6).

18.^

Sekretariadu Identidade Úniku, ‘Unique ID Questions & Answers’ <https://www.idu.gov.tl/wp-content/uploads/2022/10/UID-booklet-TETENG.pdf>; Government of Timor-Leste (n 6).

19.^

‘UNDP and European Union Launch “Dalan Ba Digital” - A New Path for Digital Citizenship in Timor-Leste’ (UNDP) <https://www.undp.org/timor-leste/press-releases/undp-and-european-union-launch-dalan-ba-digital-new-path-digital-citizenship-timor-leste> accessed 2 February 2026.

20.^

Government of Timor-Leste (n 6).20

21.^

ibid

22.^

ibid

23.^

ibid

24.^

Constitution of the Democratic Republic of Timor-Leste 2002 art 38.

25.^

Decree-Law No. 2/2004 on Civil Identification.

26.^

ibid

27.^

Government of Timor-Leste, ‘Government Launches Strategic Plan “Timor Digital 2032″ to Boost National Digital and Technological Development’ (2 June 2023) <https://timor-leste.gov.tl/?p=32649&lang=en&n=1> accessed 3 February 2026.

28.^

‘Decree-Law No. 12/2024 on General Legal Regime for Electronic Commerce and Electronic Signatures’ (Trade Information Portal) <https://timor-lestetradeportal.org/en-gb/site/display/1337> accessed 3 February 2026.

29.^

Constitution of the Democratic Republic of Timor-Leste.

30.^

Government of Timor-Leste (n 6).

31.^

Asia Centre, ‘Timor-Leste: Internet Freedoms Under Threat’ (2021) <https://asiacentre.org/wp-content/uploads/Timor-Leste-Internet-Freedoms-Under-Threat.pdf>.

32.^

ibid; ‘Timor-Leste’s Proposed Cyber Law Sparks Concerns’ (UCANews) <https://www.ucanews.com/amp/timor-lestes-proposed-cyber-law-sparks-concerns/108098> accessed 4 February 2026; International Centre for Not-for-Profit Law, ‘Proposed Criminal Code Additions to Criminalize Defamation and Cybercrime’ (2021) <https://www.laohamutuk.org/Justice/defamation/2020/20DefamLaw.htm#Cybercrime> accessed 4 February 2026; ‘Timor-Leste: Concerns around Cyber Crime Bill, Harassment of Journalists and Martial Arts Ban’ (Civicus Monitor) <https://monitor.civicus.org/explore/timor-leste-concerns-around-cyber-crime-bill-harassment-of-journalists-and-martial-arts-ban/> accessed 4 February 2026.

33.^

‘Decree-Law No. 12/2024 on General Legal Regime for Electronic Commerce and Electronic Signatures’ (n 28).

34.^

‘Timor-Leste: Concerns around Cyber Crime Bill, Harassment of Journalists and Martial Arts Ban’ (n 32); Asia Centre (n 31).

35.^

OHCHR, ‘UN Treaty Body Database’ <https://tbinternet.ohchr.org/_layouts/15/TreatyBodyExternal/Treaty.aspx?CountryID=20&Lang=EN> accessed 20 November 2025.

36.^

OHCHR, ‘UN Treaty Body Database’ <https://tbinternet.ohchr.org/_layouts/15/TreatyBodyExternal/Treaty.aspx?CountryID=20&Lang=EN> accessed 20 November 2025.

37.^

ibid

38.^

‘Convention on the Rights of the Child’ (OHCHR) <https://www.ohchr.org/en/instruments-mechanisms/instruments/convention-rights-child> accessed 4 February 2026; ‘International Covenant on Civil and Political Rights’ (OHCHR) <https://www.ohchr.org/en/instruments-mechanisms/instruments/international-covenant-civil-and-political-rights> accessed 4 February 2026; ‘International Covenant on Economic, Social and Cultural Rights’ (OHCHR) <https://www.ohchr.org/en/instruments-mechanisms/instruments/international-covenant-economic-social-and-cultural-rights> accessed 4 February 2026.

39.^

‘General Comment No. 25 (2021) on Children’s Rights in Relation to the Digital Environment’ <https://www.unicef.org/bulgaria/en/media/10596/file>.

40.^

Committee on the Elimination of Dscrimination against Women, ‘Concluding Observations on the Foruth Periodic Review of Timor-Leste’ (United Nations 2023) <https://docs.un.org/en/CEDAW/C/TLS/CO/4>.

41.^

ASEAN TELMIN, ‘Framework on Personal Data Protection’ (2016) <https://cil.nus.edu.sg/wp-content/uploads/2020/08/2016-Frmwk-PDP.pdf>; ASEAN TELMIN, ‘Framework on Digital Data Governance’ (2018) <https://cil.nus.edu.sg/wp-content/uploads/2020/09/2018-Framework-Digital-Data-Governance.pdf>.

42.^

‘Asia-Pacific Nations Reaffirm Commitment to Legal Identity for All at Third Ministerial Conference on Civil Registration and Vital Statistics | Get Every One in the Picture’ <https://crvs.unescap.org/news/asia-pacific-nations-reaffirm-commitment-legal-identity-all-third-ministerial-conference-civil> accessed 7 November 2025.

43.^

UNESCAP, ‘Ministerial Declaration on a Decade of Action for Inclusive and Resilient Civil Registration and Vital Statistics in Asia and the Pacific’ (2025) ESCAP/MCCRVS/2-25/6/Add.1 <https://www.unescap.org/sites/default/d8files/event-documents/2500197E_ESCAP_MCCRVS_2025_6_Add1_Ministerial_Declaration.pdf?_gl=1*vdnplp*_ga*NTMxNDc5Mjc4LjE3NjIzMjk2NDg.*_ga_SB1ZX36Y86*czE3NjIzMjk2NDckbzEkZzEkdDE3NjIzMzA1MDgkajI3JGwwJGgw>.

44.^

Government of Timor-Leste (n 6).

45.^

ibid

46.^

ibid

47.^

‘UNHCR Submission for the Universal Periodic Review – Timor Leste – UPR 40th Session (2022)’ (Refworld) <https://www.refworld.org/policy/upr/unhcr/2022/en/148993> accessed 4 February 2026.

48.^

ibid

49.^

PDHJ Timor-Leste, ‘PDHJ and Komnas HAM Advance Cross-Border Human Rights Cooperation’ (PDHJ, 24 April 2025) <https://www.pdhj.tl/en/pdhj-and-komnas-ham-advance-cross-border-human-rights-cooperation/> accessed 4 February 2026.

50.^

Government of Timor-Leste (n 6).

51.^

Carolina Da Cruz, ‘Legal Politics of The State of Timor-Leste Concerning Civil Registration Services by Government Bureaucracies in The Perspective of a Welfare Law State’ (2025) 1 Oriental Journal 66; Camilio de Sousa, ‘UNICEF Hands over Equipment to the Ministry of Justice to Strengthen Birth Registration System in TL’ (TATOLI Agência Noticiosa de Timor-Leste, 7 January 2025) <https://en.tatoli.tl/2025/01/07/unicef-hands-over-equipment-to-the-ministry-of-justice-to-strengthen-birth-registration-system-in-the-country/16/> accessed 4 February 2026.

See Statelessness Overview