MEXICO Law and Practice Contributed by: Ricardo García Giorgana, Carlos Chavez Alanis and Xavier Careaga Franco, Galicia Abogados
IoT devices and confidential trade secrets. The Federal Telecommunications Law governs net - work security, service quality and connectivity, which are essential for IoT functionality. The Constitution, along with criminal and nation - al security laws, broadly protects communication secrecy. However, the absence of a dedicated Cybersecurity Law leaves gaps in regulating IoT- specific vulnerabilities. While current cyberse - curity legislative drafts do not explicitly address IoT, future statutes are expected to cover these technologies, especially as they relate to critical infrastructure and national security. Mexico has implemented several soft regulations through the Economy Ministry’s normalisation body, Normalización y Certificación Electrónica (NYCE), to address security and operational aspects of IoT environments. NMX-I-1362- NYCE-2021 establishes a simple encryption procedure to enhance data transmission secu - rity for IoT systems. Other relevant standards include NMX-I-4903-NYCE-2021 for smart and sustainable cities, NMX-I-20000-NYCE-2021 and NMX-I-2000-1-NYCE-2019 for service man - agement systems, NMX-I-22301-NYCE-2021 for communication interruptions recovery and NMX-I-22316-NYCE-2021 for recovery capabil - ity resilience. The telecommunications regulator (IFT), cur - rently undergoing restructuring, has also issued various regulations that align with international standards like the National Institute of Stand - ards and Technology (NIST) and the Internation - al Organization for Standardization (ISO). One example is the Guidelines for the Standardiza - tion of Products, Equipment, Devices, or Appa - ratus for Telecommunications or Broadcasting (June 2022), which requires Homologation Cer - tificates for devices. These certificates standard -
ise connectivity, installation, operation and use, ensuring compliance with mandatory technical standards. Internationally, the Budapest Convention on Cybercrime, not ratified in Mexico, addresses computer-related crimes. 4.2 Compliance and Governance The absence of a comprehensive legal frame - work for IoT in Mexico creates significant uncer - tainty for companies deploying IoT solutions. Compliance challenges arise from navigating overlapping, evolving laws that do not account for IoT’s unique characteristics. This gap under - scores the need for dedicated legislation to pro - vide clarity and support responsible IoT deploy - ment in the country. Privacy IoT devices often collect vast amounts of data, some of which may be considered personal data (e.g., location, usage patterns, biometric data). Companies must ensure they: • provide clear and comprehensive privacy notices to users; • collect explicit consent for data collection and processing; • implement robust security measures; • collect only the minimum necessary data for specific, legitimate purposes, as IoT devices tend to collect data that may not be neces - sary, posing a compliance risk; and • effectively anonymise or pseudonymise data to reduce privacy risks, which can be techni - cally challenging in IoT environments due to the interconnected nature of devices and data flows.
284 CHAMBERS.COM
Powered by FlippingBook