Cybersecurity 2025

MEXICO Law and Practice Contributed by: Alejandro Mendiola Diaz and Gunter Schwandt, Nader Hayaux & Goebel

Nader, Hayaux & Goebel Paseo de los Tamarindos 400 B 7th Floor Colonia Bosques de las Lomas Mexico City CP 05120 Mexico

Tel: +52 554 170 3000 Fax: +52 552 167 3099 Email: info@nhg.com.mx Web: www,nhg.com.mx

1. General Overview of Laws and Regulators 1.1 Cybersecurity Regulation Strategy In Mexico, there is no specific cybersecurity law; however, various legal provisions regulate aspects of cybersecurity indirectly, involving multiple regulatory bodies. By way of exam - plee, there are regulations concerning banking, personal data protection, criminal conduct, and telecommunications. These laws help shape the cybersecurity landscape by providing legal frameworks that institutions and businesses must follow to protect digital assets and per - sonal information. Additionally, several government agencies have issued their own cybersecurity guidelines. By way of example, the Central Bank of Mexico (Banxico), the country’s central bank, released its cybersecurity strategy for 2024–27 ( Estrate- gia de Ciberseguridad del Banco de Méxi- co2024–27 ), outlining its guiding principles and defining the responsibilities of an internal cyber - security directorate. This initiative highlights the importance of financial cybersecurity and the

role of regulatory bodies in ensuring a secure banking environment. Moreover, financial institu - tions are required to adhere to strict cybersecuri - ty protocols to prevent fraud, data breaches, and cyber-attacks that could compromise national financial stability. In the past, the Mexican government conducted a multi-stakeholder process to develop a nation - al cybersecurity strategy, which was published in 2017. This initiative aimed to promote con - crete actions with social, economic and politi - cal impacts by establishing key principles and objectives. However, the administration that took office in 2018 did not continue this strat - egy and it remains to be seen whether the cur - rent administration, which began in 2024, will implement a concrete cybersecurity strategy. The absence of a dedicated national strategy has left a regulatory gap, leading businesses and government agencies to develop their own cybersecurity frameworks to mitigate risks. A notable recent development is the creation of the Digital Transformation and Telecommunica - tions Agency ( Agencia de Transformación Digital

185 CHAMBERS.COM

Powered by