On March 26th, the new Cybersecurity Framework Law (the “Law”) was enacted, which among others, creates the National Cybersecurity Agency (“Anci” or the “Agency”).
Among the functions of the Agency are the following:
– Structure, regulate and coordinate the cybersecurity actions of State agencies and between them and individuals;
– Establish the minimum requirements for the prevention, containment, resolution and response to cybersecurity incidents, as well as establish control, supervision and responsibility mechanisms for infractions.
The Agency will have its first regulatory framework in 2024 since, within the transitional articles of the Law, it is established that within a period of 180 days from its publication in the Official Gazette, the Ministry of the Interior and Public Security must issue the indicated regulations.
Nevertheless, the date on which the Agency is fully operational has not yet been determined, since it is the President of the Republic who will resolve, within a period of one year from the Law’s publication in the Official Gazette, the date for the initiation of the Agency’s activities, which may contemplate a period for its implementation and one after which it will enter into operations.