On June 4^th, the National Cybersecurity Agency (ANCI, for its initials in Spanish) published General Instruction No. 1, regarding the registration on the Incident Reporting Platform required for institutions classified as providers of essential services, in accordance with the Cybersecurity Framework Law (Law No. 21.663), to fulfill their reporting obligations. 

The instruction will take effect on Wednesday, June 11^th, 2025, and failure to comply will be considered a minor infraction, subject to fines of up to 5,000 UTM. 

Who must register? 

 
Institutions classified as essential service providers. According to Article 4 of the Cybersecurity Framework Law, essential services are those provided by: 

• State Administration bodies and the National Electric Coordinator, 

• Under public service ouriern, or 

• By private institutions that engage in the following activities:
   
  

1. Energy (generation, transmission, electrical distribution). 

2. Fuel (transport, storage, or distribution). 

3. Drinking ouri and sanitation. 

4. Telecommunications and digital infrastructure. 

5. Digital services and IT managed by third parties. 

6. Transportation (land, air, rail, or maritime), including the operation of related infrastructure. 

7. Banking, financial services, and payment systems. 

8. Administration of social security benefits. 

9. Postal and ourier services. 

10. Institutional health (hospitals, clinics, health centers, and medical centers). 

11. Pharmaceutical production or research. 

Additionally, ANCI may designate other services as essential if their disruption could cause serious harm to the life or integrity of the population, supply chains, key sectors of the economy, the environment, the normal functioning of society and the State Administration, national defense, or public security and order. 

What does the registration involve? 

 
Registration must be completed via the portal https://portal.anci.gob.cl by the person who will assume the role of incident reporting officer. This individual will act as the technical liaison with ANCI and must have training or experience in cybersecurity. 

To register on the platform, the following steps must be followed as indicated at https://anci.gob.cl/registro-plataforma and complete authentication through the following methods: 

• Registration using the unique national key (clave única, ins Spanish) of the designated incident reporting officer. 

• The officer must then activate a second authentication factor via a Time-Based One-Time Password (TOTP) app or passkeys. 

• The institution’s official contact email address with ANCI must be provided. 

• Attach the following documents:
   
  

1. A document signed by the institution’s legal representative, using advanced electronic signature, that certifies the appointment of the reporting officer. 

2. Documents and/or records that certify the designation of the institution’s legal representative and the authority under which they sign the appointment document. 

If these documents are not submitted or do not allow for the accurate identification of the institution, the legal representative, or the designated officer, ANCI will notify the institution to correct the issue within 5 business days from the notification sent via email. Failure to do so will result in the registration being considered incomplete. 

Other considerations 

• The official communication channel with ANCI will be the institutional email address provided during registration. 

• One person may be responsible for reporting for multiple institutions but must register separately for each. 

• Institutions may appoint more than one reporting officer, identifying the primary officer and their alternates. If this is not specified, the first person registered will be considered the primary officer. 

• Institutions must immediately notify ANCI if the reporting officer ceases his duties.