In Effect Law Data Protection Context Relevance

Chile Cybersecurity Law

Cybersecurity Framework Law (Law 21,663)

First cybersecurity framework law in Latin America (Law 21,663 promulgated Mar 26, 2024; published Apr 8, 2024). Creates National Cybersecurity Agency (ANCI), mandatory incident reporting, and encryption rights.

Jurisdiction

Chile

Enacted

Apr 8, 2024

Effective

Mar 1, 2025

Enforcement

National Cybersecurity Agency (ANCI)

What It Requires

Incident Reporting

Must notify authorities of specific incidents

Who Must Comply

This law applies to:

• Critical infrastructure operators
• Public and private entities

Who bears obligations:

Operator

Safety Provisions

• National Cybersecurity Agency (ANCI) established
• Mandatory incident reporting requirements
• Encryption rights protected
• Critical infrastructure security obligations

Enforcement

Enforced by

National Cybersecurity Agency (ANCI)

Primary Source

BCN Chile (opens in new tab)

https://www.bcn.cl/leychile/navegar?idNorma=1202434

Quick Facts

Binding: Yes
Mental Health Focus: No
Child Safety Focus: No
Algorithmic Scope: No

Why It Matters

Sets precedent for Latin American cybersecurity regulation. Mandatory incident reporting creates accountability baseline.

Recent Developments

Fully effective March 1, 2025. First such law in Latin America.

Cite This

APA

Chile. (2024). Cybersecurity Framework Law (Law 21,663). Retrieved from https://nope.net/regs/cl-cybersecurity

BibTeX

@misc{cl_cybersecurity,
  title = {Cybersecurity Framework Law (Law 21,663)},
  author = {Chile},
  year = {2024},
  url = {https://nope.net/regs/cl-cybersecurity}
}

Related Regulations

Pending CL • AI Safety

Chile AI Bill

Most advanced AI regulatory framework in Latin America. Four-tier EU-inspired risk classification with prohibited AI including social scoring and deepfakes exploiting minors.

In Effect CARICOM • Data Protection

CARICOM CCSCAP 2025

CARICOM's 2025 regional cyber security framework establishing digital safety culture and coordinated incident response across 18 member states.

In Effect PR • Data Protection

Puerto Rico Cybersecurity Act

Puerto Rico's comprehensive cybersecurity law establishing cybersecurity framework for public and private sectors, complementing Act 111-2005 breach notification.

In Effect EC • Data Protection

Ecuador LOPDP

Ecuador's GDPR-inspired data protection law with 5-day breach notification (stricter than GDPR's 72 hours) and DPIA requirements for high-risk processing.

In Effect AR • AI Safety

Argentina AI Strategy

Non-binding AI governance guidelines establishing principles for responsible AI use. Argentina positioning as AI innovation hub with limited regulatory barriers. Emphasizes transparency, accountability, and human oversight. Multiple legislative proposals pending inspired by EU AI Act, aiming to establish formal regulatory authority.

Failed CA • AI Safety

AIDA

Would have regulated high-impact AI systems with potential penalties up to $25M or 5% global revenue. Part of Bill C-27 which died when Parliament ended.

Back to all regulations Check if this applies to you