Cybersecurity 2025

CHILE Law and Practice Contributed by: Claudio Magliona, Bárbara Reyes and Diego Lisoni, Magliona Abogados

2.4 State Responsibilities and Obligations In the Cybersecurity Framework Law

• response – implement technical and organi - sational measures in response to security incidents; and • recovery – maintain recovery plans and restore any capacity or service affected by a security incident. Additionally, each body must: • conduct an initial cybersecurity assessment; • develop an Information Security and Cyberse - curity Policy; • appoint individuals responsible for informa - tion security and information assets; and • participate in the gradual implementation of this technical standard depending on the type of entity and the gradual implementation schedule, which will extend until 2028. 3. Financial Sector Operational Resilience Regulation 3.1 Scope of Financial Sector Operational Resilience Regulation In banking and financial matters, Chapter 20-10 of the Updated Compilation of Standards (RAN) establishes the obligation for financial institu - tions (mainly banks) to define an organisational structure with specialised and dedicated person - nel, with the necessary powers and competen - cies to manage IT security and cybersecurity. In addition, the function of an information security and cybersecurity officer in charge of these mat - ters must be part of this organisational structure. The board of directors of banking and finan - cial institutions subject to Chapter 20-10 of the Updated Compilation of Standards (RAN) shall establish the above and other matters in relation to their information security and cybersecurity management systems, such as:

The heads of service of the state administration agencies shall require information technology service providers to share information on vulner - abilities and incidents that may affect the com - puter networks and systems of state agencies, and provided that doing so is intended to pre - vent, detect, respond to, recover from or reduce incidents; or strengthen the level of cybersecu - rity, while ensuring that the potentially sensitive nature of the information shared is respected. In order to comply with the above, the contracts for the provision of services may not contain any clause that could restrict or hinder in any way the communication of information about threats by the service provider, as long as this does not compromise the security and protection of data, including confidentiality and protection of intel - lectual property. In the State Digital Transformation Law No 21,180 The “Technical Standard for Information Security and Cybersecurity” of the State Digital Transfor - mation Law establishes guidelines and responsi - bilities for Chilean government bodies regarding information security and cybersecurity. Responsibilities are structured around key func - tions: • identification – bodies must identify and man - age security risks associated with their pro - cesses, personnel, and electronic platforms; • protection – implement security measures to ensure proper, timely and secure service delivery; • detection – develop processes for timely detection of security incidents;

82

CHAMBERS.COM

Powered by