Cybersecurity 2025

CHILE Law and Practice Contributed by: Claudio Magliona, Bárbara Reyes and Diego Lisoni, Magliona Abogados

future, the National Cybersecurity Agency will issue general and specific instructions to pro - mote cyber-resilience in the country, especially taking into account the advancement of this type of regulation in the world and the fact that the Cybersecurity Framework Law is especially inspired by the Network and Information Secu - rity Directives 1 and 2 of the European Union. 4.2 Key Obligations Under Legislation For more information, see 4.1. Cyber-Resilience Legislation . 5. Security Certification for ICT Products, Services and Processes 5.1 Key Cybersecurity Certification Legislation The Cybersecurity Framework Law establishes a cybersecurity standards certification scheme, mainly focused on operators of vital importance, although it also affects state bodies. • Mandatory certification – operators of vital importance must obtain cybersecurity certifi - cations as determined by law and the regula - tions of the ANCI. • Authorised certification centres – valid cer - tifications can only be issued by bodies that are registered and authorised by the ANCI. To be part of this register, entities must prove compliance with the requirements established in the regulations and, to remain so, comply with the aforementioned requirements. The Regulation on accredited Certification Cen - tres is expected to be published in the Official Gazette during 2025. • International certifications – the ANCI may approve international or foreign technical certifications on cybersecurity, by means of a reasoned resolution of its Director.

• Certification of operational continuity and cybersecurity plans – operators of vital impor - tance must prepare and implement operation - al continuity and cybersecurity plans. These plans must be certified and must be subject to periodic reviews by the obligated parties, with a minimum frequency of two years. The Agency also has the power to request certi - fications in shorter terms if there are serious supervening reasons. • Cybersecurity standards for the state – the ANCI will be in charge of certifying compli - ance with cybersecurity standards by the bodies of the State Administration. It is expected that there will be greater clarity on the specific certifications that operators of vital importance must have during the first semester of 2025, after the ANCI issues the respective secondary regulations.

6. Cybersecurity in Other Regulations

6.1 Cybersecurity and Data Protection In matters of personal data protection, Law No 19,628 on the Protection of Private Life from 1999 is currently in force. This law does not spe - cifically establish cybersecurity obligations. At most, it contains a provision stating that the par - ty responsible for records or databases where personal data is stored after collection must take due care, making them liable for any damages. Currently, there isn’t a single supervisory author - ity for personal data protection. The Undersec - retariat of Telecommunications, the Financial Market Commission, and the Council for Trans - parency in the public sector have issued regula - tions or recommendations that, in some sense,

87

CHAMBERS.COM

Powered by