BRAZIL Trends and Developments Contributed by: Juliana Abrusio and Mario Cosac, Machado Meyer
Mainly, ANATEL relies on the Cybersecurity Regulation Applied to the Telecommunications Sector ( Regulamento de Segurança Ciberné- tica Aplicada ao Setor de Telecomunicações , or “ R-Ciber”). The R-Ciber sets forth the obliga - tions of regulated agents (eg, the development, maintenance and implementation of a cyberse - curity policy), as well as the principles to be fol - lowed by them (eg, confidentiality, availability, integrity and liability). Besides that, the R-Ciber also establishes a governance model within ANATEL, through the Cybersecurity and Critical Infrastructure Risk Management Technical Group ( Grupo Técnico de Segurança Cibernética e Gestão de Riscos de Infraestrutura Crítica , or “GT-Ciber”). This group has a series of obligations related to monitoring cybersecurity policy and critical infrastructure management, equipment configuration, techni - cal requirements, and suppliers – sharing infor - mation and best practices as well as awareness, training, studies and interaction with the Brazil - ian Communications Commissions ( Comissões Brasileiras de Comunicações , or CBCs). Right after the R-Ciber was published, ANATEL took another step to promote the cybersecu - rity of the sector on 5 January 2021, when it approved the Cybersecurity Requirements for Telecommunications Equipment. This author - ises ANATEL to carry out the certification and approval of telecommunications equipment – from the simplest (eg, sensors with wireless communication interfaces) to the most complex (eg, operator network core equipment). One of the principles of this approval activity is the pro - tection and security of the users of these prod - ucts. The aim of establishing the requirements together with the creation of a market oversight programme is to:
• encourage manufacturers to develop their products with security in mind from the outset (“security by design”); • monitor the market for insecure products; • ensure that manufacturers implement fixes for identified flaws/vulnerabilities; and • prevent insecure equipment from being com - mercialised. Finally, ANATEL also promotes campaigns to increase society’s awareness of cybersecurity practices, including campaigns to prevent fraud and other digital crimes. Financial sector The Central Bank of Brazil ( Banco Central do Brasil , or “BACEN”) has taken further steps by enacting regulations pertaining to cybersecurity, thereby imposing specific obligations on finan - cial and payment institutions under its purview. This is notably evident through the implementa - tion of Resolution No 4.893/2021 and Resolution No 85/2021. Both regulations aim to enhance the regulatory framework governing the finan - cial system’s stability and integrity. This is part of BACEN’s ongoing efforts to align with inter - national standards and best practices, ensuring that financial institutions operate under robust and transparent guidelines. The primary objec - tive of Resolution 4.893/2021 is to establish comprehensive rules for the management of risks and capital adequacy, thereby promoting a more resilient financial sector. The regulatory framework regarding cybersecu - rity for financial institutions authorised to oper - ate under the BACEN is outlined by Resolution No 4.893/2021, which delineates the cyberse - curity policy and the prerequisites for engaging data processing, storage services, and cloud computing. Similarly, Resolution No 85/2021 addresses the same subject matter but applies
69
CHAMBERS.COM
Powered by FlippingBook