Brazil: Bill establishing procedures and criteria for recognition and maintenance of international data protection adequacy regimes was introduced to Chamber of Deputies

On 10 February 2026, Bill No. 449/2026 establishing procedures and criteria for the recognition and maintenance of international data protection adequacy regimes was introduced to the Chamber of Deputies. The Bill would insert Chapter VI-A into the General Data Protection Law (Law No. 13.709/2018) and would establish a formal administrative procedure for recognising, maintaining, suspending and revoking adequacy decisions concerning foreign jurisdictions or regimes. The Bill would require the National Data Protection Authority (ANPD) to conduct an expedited administrative procedure with defined deadlines, publish technical justifications in open format, and carry out mandatory five-year periodic reviews and extraordinary reassessments. The Bill would empower the ANPD to establish simplified sectoral transfer regimes and certification schemes for sectors such as information technology, fintechs, digital platforms, pharmaceuticals and research institutions, subject to audit and proportional supervision. Decisions and activities relating to public security, national defence, intelligence and criminal enforcement would be excluded from the adequacy assessment process.