CHILE Law and Practice Contributed by: Claudio Magliona, Bárbara Reyes and Diego Lisoni, Magliona Abogados
to the state and for the development of com - puter systems used by state agencies. It can also establish standards for digital devices available to the public. • State secure connectivity network – to admin - ister the State Secure Connectivity Network. • National exercise– to annually co-ordinate a national exercise to check cybersecurity capabilities. ANCI, through its National Director, has the power to issue resolutions and administrative acts nec - essary for its operation, as well as to delegate powers to its officials. It also has the power to impose sanctions for breaches of the law. Sectoral Authorities ANCI is required to co-ordinate its actions with other sectoral authorities, and there are specific rules that govern this co-ordination. When ANCI issues protocols, technical standards or general instructions that affect the areas of competence of another sectoral entity, it must follow a par - ticular procedure. With regard to this duty of co-ordination, the fol - lowing stands out. • Prior report request – ANCI must send rel - evant information to the sectoral entity and request a report before issuing any regula - tions that affect their areas of competence. This aims to prevent regulatory conflicts and ensure co-ordination and collaboration. • Sectoral administrative acts – if a sectoral authority issues administrative acts that affect ANCI’s areas of competence, it must also send the relevant information to ANCI and request a report. • Consideration of ANCI regulations – sectoral authorities, when issuing their administrative acts, must take into account the protocols,
standards and general instructions that ANCI has previously issued. • Prevalence of sectoral regulations – it should be noted that, in addition, a sectoral authority would be competent to monitor, take cogni - sance of and sanction infringements, as well as to execute the sanctions to the cybersecu - rity regulations that it has issued and whose effects are at least equivalent to those of the regulations issued by the ANCI. This does not affect the duties of co-ordination. However, if sectoral regulations do not cover all entities in the sector, ANCI protocols still apply. For this, the Agency and the sectoral authority must issue a joint rule to evaluate the equivalence of the effects. Among the main sectoral authorities with com - petences in cybersecurity, and which have to co- ordinate with the ANCI, are the Undersecretariat of Telecommunications; the Ministry of Health; the future Personal Data Protection Agency (when it takes office in December 2026), and the Finan - cial Market Commission (CMF). See 3. Financial Sector Operational Resilience Regulation . 2. Critical Infrastructure Cybersecurity 2.1 Scope of Critical Infrastructure Cybersecurity Regulation General Scope of Application The Cybersecurity Framework Law applies to state agencies, including ministries, presidential delegations, regional governments, municipali - ties, armed forces, law enforcement agencies, public enterprises and other public bodies and services. It also applies to state enterprises and compa - nies in which the state has a shareholding of
77
CHAMBERS.COM
Powered by FlippingBook