Cybersecurity Framework Law now available in the Official Gazette

The law came into force during the second week of April after being passed by the Senate in December last year.

In general terms, the Framework Law on Cybersecurity and Critical Information Infrastructure seeks to structure, regulate and coordinate cybersecurity policies, establish minimum requirements for responding to this type of incident, define the powers and obligations of the State, the duties of the institutions and the mechanisms for control, supervision and responsibility in the event of infringements.

Among the main measures implemented by this regulation is the creation of the National Cybersecurity Agency (ANCI), a body that will be in charge of regulating, supervising and sanctioning public and private bodies that provide essential services. The director of this agency will also be in charge of chairing the Multisectoral Council on Cybersecurity, a body that will be of an advisory nature.

It also creates the Interministerial Committee on Cybersecurity, which will have the function of advising the President of the Republic; the Secure State Connectivity Network and the Computer Security Incident Response Team (CSIRT).

Among the transitory provisions it is established that the President of the Republic has a period of one year to issue decrees with the force of law that will determine – among other things – the date of commencement of activities of the Cybersecurity Agency, establishing a period for its implementation before entering into full operations.