Brazil: Implemented Anatel amendment to cybersecurity regulation for telecommunications sector (Resolution No. 767)

On 2 September 2024, Resolution No. 767, which adopts amendments to the cybersecurity regulation for the telecommunications sector, enters into force. The resolution expands the scope of the regulations to cover all telecommunications providers, including submarine cable operators and personal mobile service providers with their own networks. In addition, it establishes new compliance requirements, with deadlines and procedures set by the Technical Group on Cybersecurity and Critical Infrastructure Risk Management (GT-Ciber). Providers must adhere to these new obligations and report security incidents to the National Data Protection Authority (ANPD) when necessary. Moreover, the resolution includes updated guidelines for evaluating the cybersecurity of data processing and cloud services providers. While startups may be exempt from some requirements, telecommunications providers remain responsible for ensuring cybersecurity.