Brazil: Adopted Anatel order expanding cybersecurity regulation compliance for telecom providers (Ordinance No. 2899/2024)

On 27 September 2024, the National Telecommunications Agency (Anatel) in Brazil adopted Ordinance No. 2899/2024, expanding cybersecurity regulation compliance for telecom providers. This ordinance expands the list of telecommunications providers and operators that are required to comply with the Cybersecurity Regulation Applied to the Telecommunications Sector (R-Ciber), initially established by Resolution No. 740/2020 and later amended by Resolution No. 767/2024. With this expansion, 11 new companies have been added, bringing the total to 24 providers under Anatel's prior control. These companies are now mandated to implement comprehensive cybersecurity policies, conduct vulnerability assessments, and report significant security incidents, among other requirements, within a year from the ordinance's publication.