CHILE Law and Practice Contributed by: Claudio Magliona, Bárbara Reyes and Diego Lisoni, Magliona Abogados
The transversal dimensions of this policy include: • gender equality – giving preferential consider - ation to women, both to increase their safety in the digital environment, and to improve their inclusion through positive actions to cor - rect existing inequalities in society; • protection of children – all initiatives must give preferential consideration to the protec - tion of girls, boys and adolescents; • protection of the elderly – all initiatives must give preferential consideration to the protec - tion of the elderly; and • protection of the environment – all initiatives must minimise their negative impact on the environment. The Cybersecurity Framework Law For its part, the Cybersecurity Framework Law No 21.663, which entered into force together with the creation of the National Cybersecurity Agency (ANCI) in January 2025, aims to estab - lish the institutional framework, principles and general regulations that allow structuring, regu - lating and co-ordinating cybersecurity actions of state agencies and between them and private parties. It also establishes the minimum require - ments for the prevention, containment, resolu - tion and response to cybersecurity incidents. The guiding principles for this law are the fol - lowing. • Principle of damage control – in the face of a cyber-attack or cybersecurity incident, action must always be co-ordinated and diligent to prevent escalation or spread to other com - puter systems. • Principle of co-operation with the authority – to resolve cybersecurity incidents, due co- operation with the competent authority must be provided, and if necessary, co-operation
between different sectors is needed, consid - ering the interconnection and interdepend - ence of systems and services. • Principle of co-ordination – the ANCI and sec - torial authorities must co-ordinate their tasks, strive for unity of action, and avoid duplica - tion or interference of functions. • Principle of security in cyberspace – the state must safeguard security in cyberspace, ensuring that all people can participate in a safe cyberspace, and grant special protec - tion to computer networks and systems that contain information of those groups that are often the object of cyber-attacks. • Principle of responsible response – the appli - cation of measures to respond to cybersecu - rity incidents or cyber-attacks may not involve offensive operations. • Principle of computer security – every person has the right to adopt the technical computer security measures they deem necessary, including encryption. • Principle of rationality – measures for the management of cybersecurity incidents, cybersecurity obligations, and the exercise of the Agency’s powers must be necessary and proportional to the degree of exposure to risks and the potential social and economic impact. • Principle of security and privacy by default and by design – computer systems, appli - cations and information technologies must be designed, implemented, and managed considering the security and privacy of the
personal data they process. 1.2 Cybersecurity Laws Cybersecurity Framework Law
The Cybersecurity Framework Law establishes the institutional framework, principles and gen - eral regulations to co-ordinate cybersecurity actions between state agencies and between
74
CHAMBERS.COM
Powered by FlippingBook