Cybersecurity 2025

CHILE Law and Practice Contributed by: Claudio Magliona, Bárbara Reyes and Diego Lisoni, Magliona Abogados

1.3 Cybersecurity Regulators The National Cybersecurity Agency (ANCI) The ANCI is a functionally decentralised public service, endowed with its own legal personality and assets, and of a technical and specialised nature. Its primary goal is to advise the Presi - dent of the Republic on cybersecurity matters, to collaborate in the protection of national inter - ests in cyberspace, to co-ordinate the relevant institutions, and to ensure the protection of the right to computer security. The Agency reports to the President through the Ministry in charge of public security. The functions and powers of ANCI are varied and aim to cover all relevant aspects of cyber - security in the country. • Advisory role – to advise the President in the development of the National Cybersecurity Policy and its implementation plans. • Regulation – to issue mandatory protocols, standards and instructions for public and private institutions. The Agency also admin - istratively applies and interprets laws and regulations regarding cybersecurity. • Co-ordination – to co-ordinate and super - vise the National CSIRT (Computer Security Incident Response Team) and other CSIRTs of the State Administration. It must also estab - lish co-ordination with the CSIRT of National Defence. • Registry – to create and manage a National Registry of Cybersecurity Incidents. • Qualification – to classify and qualify essential services and operators of vital importance. • Information to the public – to require entities affected by cybersecurity incidents to provide truthful and timely information to potential victims.

• Training and education – to design and imple - ment citizen training and education plans in cybersecurity. • Access to information – to require state agencies and private institutions to provide access to information necessary to prevent or manage incidents. The Agency may request the delivery of the activity log of computer networks and systems. • Co-operation – to co-operate with public bodies and private institutions, as well as with foreign cybersecurity authorities and interna - tional organisations. • Technical advice – to provide technical advice to state agencies and private institutions affected by cybersecurity incidents. • State intelligence – to collaborate with the State Intelligence System in identifying threats. • Oversight – to oversee compliance with the law, regulations, protocols and standards issued by the Agency. It can carry out inspec - tions, audits and security analyses. • Access to computer systems – the Agency may require access to computer systems, data and documents for its supervisory func - tions. It can also request tests to demonstrate the implementation of operational continuity and cybersecurity plans. • Research and development – to promote research, innovation and training in cyberse - curity. • Incident reporting – to inform the CSIRTs of the National Defence and other state agen - cies about cybersecurity incidents and vul - nerabilities. • Certification – to certify compliance with cybersecurity standards by state agencies and to grant accreditations to certification centres. • Setting standards – to establish cybersecurity standards for suppliers of goods and services

76

CHAMBERS.COM

Powered by