cybersecurity

Cybersecurity Framework Law in Chile Diario Financiero ANIDA LATAM
internal threats

Cybersecurity framework law enacted: these are the new rules for essential companies

April 08, 2024 - By Rodolfo Carrasco - Diario Financiero

The regulation creates the National Cybersecurity Agency that will dictate protocols and standards to prevent, report and resolve cybersecurity incidents or cyberattacks.

President Gabriel Boric promulgated this Tuesday [March 26] the new Framework Law on Cybersecurity, together with the Minister of the Interior, Carolina Tohá, and highlighted that with this regulation "Chile becomes the first country in Latin America and the Caribbean to have a National Cybersecurity Agency and a concrete regulatory framework".

The President also pointed out that the regulation "will serve to have better tools to protect people's rights in cyberspace, to prevent and deal with cases such as identity theft, sending viruses, sabotage, service cuts, spam, among many other incidents".

Regarding the 2023-2028 national cybersecurity policy promoted by the current administration, he pointed out that it will "allow the development of the cybersecurity industry in Chile, which is also an opportunity for jobs and investment, through scientific investment applied to the needs of our country to protect people and organizations from cyber threats".

Government Promulgates Cybersecurity Framework Law in Chile Diario Financiero ANIDA LATAM

Framework Law

The new regulation creates a cybersecurity framework legislation with the establishment of the National Cybersecurity Agency (ANCI). This will be the governing body for cybersecurity, will set technical standards, will supervise and will be able to apply fines of up to 40,000 UTM ($ 2,600 million). The agency will dictate protocols and standards to prevent, report and resolve cybersecurity incidents or cyberattacks.

These rules will regulate the operation of the Essential Services (ES) and the Operators of Vital Importance (OIV), the latter being the providers of these essential services.

The law considers the following Essential Services (ES): State administration agencies and the National Electric Coordinator; and services provided under a public service concession.

Those provided by private institutions under public service concession in the following sectors:

  • Bullets ANIDA
    Generation, transmission or distribution of electricity.
  • Bullets ANIDA
    Transportation, storage or distribution of fuels
  • Bullets ANIDA
    Drinking water supply or sanitation.
  • Bullets ANIDA
    Banking, financial services and means of payment.
  • Bullets ANIDA
    Administration of social security benefits.
  • Bullets ANIDA
    Postal and courier services.
  • Bullets ANIDA
    Telecommunications; digital infrastructure.
  • Bullets ANIDA
    Digital services and information technology managed by third parties.
  • Bullets ANIDA
    Land, air, rail or sea transportation.
  • Bullets ANIDA
    Institutional provision of health services.
  • Bullets ANIDA
    Production and/or research of pharmaceutical products.
  • Bullets ANIDA
    The National Cybersecurity Agency (ANCI).

The ANCI will be a public service whose function will be to regulate, supervise and sanction the actions of the agencies that are part of the scope of application in cybersecurity matters, in addition, it will have a judicial authorization mechanism if the Agency requires access to a network or computer system.

The Agency may qualify other services as essential by resolution of the National Director when their affectation may cause serious damage to the life or physical integrity of the population or its supply, to relevant sectors of the economic activities, to the environment, to the normal functioning of society, of the State Administration, to national defense, or to security and public order. Such qualification shall be submitted to public consultation.

Sanctions

Penalties may be minor, serious or very serious. The latter include the failure to take the necessary measures in a timely and expeditious manner to reduce the impact and spread of a cybersecurity incident or cyber-attack, when it has a significant impact.

The sanctions to be applied by the Cybersecurity Agency range from 0 to 5,000 UTM ($64,793 UTM value today) in the case of minor infractions for SEs and up to 10,000 UTM for OIVs.

The serious ones up to 10,000 UTM for SEs and 20,000 UTM for OIVs and the very serious ones up to 20,000 UTM for SEs and 40,000 UTM for OIVs. 

We are committed to deliver, create and devise cybersecurity strategies for our clients and prospects that enable them to have technology, tools, implementation services and managed services through our Security Operations Center. Learn more here

Share on

Related News

Ministers of Science and Interior present report on Cybersecurity in Chile

The rapid development of intelligent automation is ushering in a new era of business productivity and innovation.

FinOps: a model for cost savings and collaboration

Growing interest in Artificial Intelligence and application modernization is driving up spending on cloud services

Palo Alto Networks and IBM Expand Collaboration for Platform Integration

The rapid development of intelligent automation is ushering in a new era of business productivity and innovation.

Contact us at
close slider