Decree establishing Brazil’s National Cybersecurity Policy enacted
Decree establishes the National Cybersecurity Policy and creates the National Cybersecurity Committee
On December 26, 2023, Brazilian President Luiz Inácio Lula da Silva issued Decree No. 11,856, which establishes the National Cybersecurity Policy (PNCiber) to guide cybersecurity activities in the country.
The policy is grounded in the principles of sovereignty and prioritizing the national interest, guaranteeing fundamental rights, preventing cybersecurity incidents, and national and international cooperation. Its objectives include:
- Promoting the development of national products, services, and technology connected to cybersecurity;
- Encouraging the adoption of cybersecurity protection measures and technical and professional education and training in cybersecurity;
- Contributing to the fight against cybercrime and malicious activity;
- Enhancing coordinated action and information exchanges among federal entities, the executive, legislative and judicial branches, the private sector, and society in general;
- Developing regulatory, oversight, and control mechanisms to improve cybersecurity standards in Brazil.
National Cybersecurity Committee
The decree also establishes the National Cybersecurity Committee (CNCiber), which will be in charge of monitoring how the policy is implemented and how it evolves. The CNCiber will consist of representatives from civil society, scientific institutions, the business sector, and various authorities – including the President’s Office, the Comptroller General’s Office (CGU), government ministries, the Brazilian Central Bank, the National Telecommunications Agency (Anatel), and the Internet Management Committee. The National Data Protection Authority (ANDP) is not among the members of the CNCiber.
The CNCiber has the power to:
- Propose updates to the PNCiber, the National Cybersecurity Strategy, and the National Cybersecurity Plan, and evaluate measures to enhance cybersecurity in the country;
- Formulate proposals to improve cybersecurity incident prevention, detection, analysis, and responses;
- Introduce measures to develop and improve education on cybersecurity;
- Promote dialogue with federal entities and society on cybersecurity matters; and
- Propose collaborative strategies to develop technical cooperation in cybersecurity at the international level.
For more information on cybersecurity-related issues, please contact Mattos Filho’s Data Protection & Cybersecurity practice.