Chile Cybersecurity Law

Cybersecurity Framework Law (Law 21,663)

First cybersecurity framework law in Latin America (Law 21,663 promulgated Mar 26, 2024; published Apr 8, 2024). Creates National Cybersecurity Agency (ANCI), mandatory incident reporting, and encryption rights.

Jurisdiction

Chile

Enacted

Apr 8, 2024

Effective

Mar 1, 2025

Enforcement

National Cybersecurity Agency (ANCI)

BCN Chile

Why It Matters

Sets precedent for Latin American cybersecurity regulation. Mandatory incident reporting creates accountability baseline.

Recent Developments

Fully effective March 1, 2025. First such law in Latin America.

At a Glance

Requires

Incident Reporting

Who Must Comply

Critical infrastructure operators
Public and private entities

Obligations fall on:

Operator — Operates the platform or service

Safety Provisions

National Cybersecurity Agency (ANCI) established
Mandatory incident reporting requirements
Encryption rights protected
Critical infrastructure security obligations

Compliance & Enforcement

Penalties

UTM-based fines: Minor (5,000-10,000 UTM), Serious (10,000-20,000 UTM), Very Serious (20,000-40,000 UTM). Vital importance operators face double penalties. ~$345K-$2.76M USD range.

Primary Source

BCN Chile

https://www.bcn.cl/leychile/navegar?idNorma=1202434

View on map

Chile

Focus Areas

General regulation

Cite This

APA

Chile. (2024). Cybersecurity Framework Law (Law 21,663).

Related Regulations

Pending CL

Chile AI Bill

Most advanced AI regulatory framework in Latin America. Four-tier EU-inspired risk classification with prohibited AI including social scoring and deepfakes exploiting minors.

In Effect CARICOM

CARICOM CCSCAP 2025

CARICOM's 2025 regional cyber security framework establishing digital safety culture and coordinated incident response across 18 member states.

In Effect PR

Puerto Rico Cybersecurity Act

Puerto Rico's comprehensive cybersecurity law establishing cybersecurity framework for public and private sectors, complementing Act 111-2005 breach notification.

In Effect EC

Ecuador LOPDP

Ecuador's GDPR-inspired data protection law with 5-day breach notification (stricter than GDPR's 72 hours) and DPIA requirements for high-risk processing.

In Effect AR

Argentina AI Strategy

Non-binding AI governance guidelines establishing principles for responsible AI use. Argentina positioning as AI innovation hub with limited regulatory barriers. Emphasizes transparency, accountability, and human oversight. Multiple legislative proposals pending inspired by EU AI Act, aiming to establish formal regulatory authority.

Failed CA

AIDA

Would have regulated high-impact AI systems with potential penalties up to $25M or 5% global revenue. Part of Bill C-27 which died when Parliament ended.

All regulations Check if this applies to you

Last updated January 24, 2026. Verify against primary sources before relying on this information.