Brazil’s new ‘E-Ciber’ National Cybersecurity Strategy established via decree

On August 4, 2025, Brazil’s government issued Decree No. 12,573/2025 to launch Brazil’s new National Cybersecurity Strategy, known as E-Ciber. This initiative stems from a proposal presented by the National Cybersecurity Committee (CNCiber), which was created in December 2023 and is made up of federal government bodies, scientific institutions, and civil society and business sector representatives.

This new version of the strategy replaces an earlier one released in 2020 and seeks to further improve the cybersecurity governance and standards in Brazil. E-Ciber provides for about 40 strategic actions, involving specific initiatives, timelines, and governance mechanisms, all of which will be detailed in the National Cybersecurity Plan (P-Ciber).

In addition, the E-Ciber strategy promotes updates to improve and harmonize Brazil’s cybersecurity legislation, as well as establish a national governance body responsible for coordinating, regulating, and supervising relevant actions, with special attention to essential services and critical infrastructure.

For the business sector, the strategy provides specific support to small and medium-sized enterprises, including initiatives for cyber risk management, access to flexible compliance plans, and insurance mechanisms for cybersecurity incidents. It also provides for creating a cybersecurity certification seal and standardized security levels.

Key aspects of the new strategy

E-Ciber is organized across four axes, as outlined below:

Protecting society and building awareness

The strategy aims to promote a safe digital environment for Brazilian citizens, in particular for vulnerable groups such as minors. It includes actions focused on digital education, support for victims of cybercrime, encouraging good online practices and cyber risk management support for micro-enterprises, small businesses, and startups.

Ensuring essential services and critical infrastructure are secure and resilient

E-Ciber also seeks to ensure essential services and critical infrastructure in Brazil remain secure, reliable, and resistant to security breaches. It strengthens regulatory and oversight measures, incentivizes adopting minimum security standards and insurance against cyber incidents, and creates a national cybersecurity certification seal. Furthermore, it encourages Brazilian companies to purchase products and contract services that adhere to minimum cybersecurity standards.

Encouraging public-private cooperation and integration

The new strategy encourages public-private cooperation and integration to promote cybersecurity-related debates and information exchanges at both the domestic and international levels. It proposes creating specialized structures, a national mechanism for reporting cybersecurity incidents and strengthening Brazil’s role in international cybersecurity forums.

Promoting national sovereignty and governance

E-Ciber looks to serve and protect the strategic interests of Brazilian society in cyberspace. It includes actions to measure the maturity of cybersecurity, reduce the country’s shortcomings in relation to emerging and disruptive technologies (via affirmative, incremental government action), in addition to encouraging the private sector to offer cybersecurity-related products, services, and technologies.

For more information on this topic, please contact Mattos Filho’s Technology practice.