Cybersecurity Framework Law Enacted: National Cybersecurity Agency starts its activities
 

With the exception of certain articles related to OIVs, the obligation to report to ANCI and the title of infractions and sanctions, the Cybersecurity Framework Law entered into force on 1 January 2025.

Alessandri - The Cybersecurity Framework Law was published on 8 April 2024. This new law seeks to establish the institutional framework, principles and general regulations to structure, regulate and coordinate the cybersecurity actions of state administration bodies and individuals, and establishes minimum standards for the prevention, containment, resolution and response to cybersecurity incidents; it also establishes attributions, obligations and duties of public and private institutions. The law will apply to institutions that provide services qualified as essential and to those that are qualified as operators of vital importance (OIV).

On 24 December 2024, DFL 1-21.663 was published, which establishes the staffing of the National Cybersecurity Agency (ANCI) and determines the entry into force of the Law.

The general rules of the Framework Law came into force on 1 January 2025, the same date that the National Cybersecurity Agency began its activities.

However, the following articles will enter into force on 1 March 2025.

- Article 5: qualification by the NACI of Critical Operators.

- Article 8: specific duties of Critical Operators.

- Article 9: the obligation to report cyber-attacks and cybersecurity incidents that may have significant effects to the National CSIRT.

- Title VII: detailing the infringements of the law and the corresponding sanctions.

President of the Republic Gabriel Boric appointed lawyer Daniel Álvarez Valenzuela as the first director of the ANCI.

While the director must be appointed by the High Public Management System, article 2 of the Framework Law empowered the President of the Republic to appoint the first Director of the National Cybersecurity Agency, who will take office immediately, for a maximum period of one year and pending the relevant selection process under the High Public Management System.

About Trinidad Moreno:

Trinidad is a junior associate in Alessandri’s Compliance and Technology, Personal Data Protection and Cybersecurity Area. She is a lawyer graduated from the Universidad de los Andes. She holds a diploma in personal data protection from the Universidad de Chile (2022) and is currently pursuing a diploma in Compliance and Corporate Governance at the Universidad Católica (2024).

As an associate in the Compliance Area, she advises clients on crime prevention, personal data protection and cybersecurity. She performs legal risk assessment, conducts due diligence, as well as in the design, adjustment and implementation of breach prevention models.

In previous experiences, he has advised companies in the updating of crime prevention models of multinational companies in different areas such as retail, real estate, mining, renewable energy, technology and communications, investment fund managers, fuel distributors, among others.

alessandri.legal