MEXICO Law and Practice Contributed by: Ricardo García Giorgana, Carlos Chavez Alanis and Xavier Careaga Franco, Galicia Abogados
Confidentiality in cloud services relies on private agreements and industry standards, with trade secrets protected under the Copyright Law. Other copyright provisions may apply depend - ing on data use. General civil, commercial and regulatory laws govern relationships with cloud and edge providers, as no distinct regulations for these technologies exist. There are some relevant rules specific to the public sector: • the public sector has its own specific Privacy and Data Protection Law; • the 2018 guidelines and an Official Agreement (A • cuerdo ) issued in 2021 by the Presidential Office’s Digital Strategy Bureau promote the safe use of technology by the government, including rules for data centres and cloud services; • the recently created Intersecretarial Commis - sion of Information Technologies is the body expected to issue regulations on cloud and edge computing; • some agencies and states have provided guidelines and regulations for the acquisition and safe use of technology, particularly for law enforcement agencies; and • NMX-I-27018-NYCE-2021, which is non- binding, provides rules for the protection of personal data located in public cloud ser - vices. The banking and finance sectors in Mexico lack specific regulations for cloud services, operat - ing under the general rules outlined in exist - ing regulations (circulares). These regulations govern information technology service acquisi - tions, including of cloud services, and address cybersecurity and risk management. Depending on the nature of the service and the provider’s
access or administrative privileges, contract - ing cloud services may require notification or authorisation from financial regulators. 3. Artificial Intelligence 3.1 Liability, Data Protection, IP and Fundamental Rights The regulation of artificial intelligence (AI) in Mexico is still in its early stages. Although Con - gress has yet to pass comprehensive AI legisla - tion, numerous bills are under discussion, and a special commission has been established to address the topic. These proposals primarily focus on criminal issues, with some addressing privacy, IP and the governance of AI. The Nation - al AI Alliance ( Alianza Nacional Inteligencia Artifi - cial ; ANIA), an advisory body to the Senate, has introduced a six-year roadmap for AI regulation, emphasising topics such as authorship, liability, risks of use, damages, prohibited applications and the governance of all ecosystem partici - pants, including developers, implementers and users. Liability is a particularly contentious issue given Mexico’s lack of intermediary liability safe harbours outside of the USMCA and copyright laws. Additionally, the use of AI by government entities, whether as developers or consumers, is a central focus. At the state level, targeted AI regulatory initia - tives are emerging, particularly in Mexico City and Jalisco, reflecting a growing awareness of AI’s challenges. However, these efforts remain limited in scope and resources. While Mexico lacks dedicated AI regulations, existing laws on privacy, IP and civil and criminal matters provide partial frameworks for AI-related issues. None - theless, these laws leave significant gaps and require reinterpretation to address the unique
282 CHAMBERS.COM
Powered by FlippingBook