Brazil: Adopted amendment to cybersecurity regulation for the telecommunications sector

On 4 July 2024, the Board of Directors of the National Telecommunications Agency (Anatel) adopted amendments to the cybersecurity regulation for the telecommunications sector. With this adoption, all providers of Telecommunications Services of Collective Interest, regardless of size, must comply with measures designed to mitigate vulnerabilities in equipment provided to consumers of telecommunications services. The scope of ex-ante control has been expanded to include submarine cable operators with international destinations, personal mobile service providers with their own networks, and network operators that offer traffic in the wholesale market. Additionally, to enhance transparency and coordination between regulatory entities, the amendment requires all providers to notify Anatel about security incidents when such reporting is mandatory before the National Data Protection Authority (ANPD). The amendment also allows providers to hire startups without requiring them to comply with certain cybersecurity requirements, provided they ensure compliance with the provisions of the regulation.