MEXICO Law and Practice Contributed by: Alejandro Mendiola Diaz and Gunter Schwandt, Nader Hayaux & Goebel
y Telecomunicaciones ) in November 2024. This agency was granted the status of a Secretariat of State, giving it significant institutional weight in governmental digital policy. The agency includes a General Directorate of Cybersecurity, respon - sible for designing and executing cybersecu - rity strategies for the federal government and developing policies to standardise cybersecurity measures across government entities, among other duties. This new agency is expected to play a critical role in shaping the country’s cyber - security landscape by establishing nationwide policies and ensuring co-ordination among dif - ferent regulatory bodies. Although the agency has been legally established, its implementation and execution of cybersecurity responsibilities remain to be seen, and its success will depend on its ability to enforce policies and collaborate with industry stakeholders. There have been several cybersecurity law pro - posals submitted to Congress for discussion. However, none have been enacted into law, remaining as proposals that could serve as a foundation for future legislative discussions. These proposals generally aim to address cyber - crimes related to financial assets, personal free - doms, IP, the financial system, and information systems, among other things. Given the increas - ing frequency and sophistication of cybersecu - rity threats, there is a growing need for a com - prehensive cybersecurity law that establishes clear regulations and penalties for cyber-related offences. Legislative progress in this area will be crucial for strengthening Mexico’s cybersecurity posture and ensuring that individuals and busi - nesses are adequately protected from cyberse - curity threats. Finally, considering Mexico’s current legal framework, personal data protection regula - tions (DPRs) are the most directly relevant laws
to cybersecurity. The protection of personal data remains a central concern, given that unauthor - ised access, data breaches, and identity theft continue to pose significant risks. Strengthen - ing data protection regulations and enforcing compliance will be essential in fostering a more secure digital environment and building public trust in cybersecurity measures. 1.2 Cybersecurity Laws The following legal instruments, albeit not an exhaustive list (see 3.1 Scope of Financial Sec- tor Operational Resilience Regulation for addi- tional regulations in the financial sector), contain provisions relevant to cybersecurity in Mexico. • The Federal Criminal Code ( Código Penal Federal ) and state criminal codes – these establish legal consequences for cyber- related crimes, including fraud, identity theft, illicit interception of communications, and unauthorised access to systems. They also criminalise hacking, data breaches, and cyber-enabled financial crimes. • The Personal Data Protection Law ( Ley Fed- eral de Protección de Datos Personales en Posesión de los Particulares )– this governs the collection, processing, and storage of personal data, ensuring organisations imple - ment adequate security measures to protect sensitive information. Until 20 December 2024, this law was enforced by the National Institute for Transparency, Access to Informa - tion, and Personal Data Protection ( Instituto Nacional de Transparencia, Acceso a la Infor- mación y Protección de Datos Personales , or INAI) – see 1.3 Cybersecurity Regulators (Data Protection) for details of its replace - ment. • The Transparency Law ( Ley Federal de Trans- parencia y Acceso a la Información Pública ) – this law includes provisions on informa -
186 CHAMBERS.COM
Powered by FlippingBook