On 7 August 2024, the Board of Directors of the National Telecommunications Agency (Anatel) issued Resolution No. 767, which amends the cybersecurity regulation for the telecommunications sector. The resolution expands the scope of the regulations to cover all telecommunications providers, including submarine cable operators and personal mobile service providers with their own networks. In addition, it establishes new compliance requirements, with deadlines and procedures set by the Technical Group on Cybersecurity and Critical Infrastructure Risk Management (GT-Ciber). Providers must adhere to these new obligations and report security incidents to the National Data Protection Authority (ANPD) when necessary. Moreover, the resolution includes updated guidelines for evaluating the cybersecurity of data processing and cloud services providers. While startups may be exempt from some requirements, telecommunications providers remain responsible for ensuring cybersecurity. The Resolution will take effect on 2 September 2024.
Original source