Decree establishes the National Cybersecurity Policy

On December 26, 2023, through Decree No. 11,856, the Brazilian Federal Government announced the establishment of the National Cybersecurity Policy (“PNCiber”).

PNCiber aims to curb crimes and malicious actions in virtual and technological environments. The proposal had been presented by the Institutional Security Office (“GSI”) and aims not only to combat cyber threats, but also to foster the development of technologies to strengthen security within this landscape.

This decree, published in the Federal Official Gazette of Brazil, establishes the need for information sharing between the Federal Government, states and municipalities, as well as the Executive, Legislative, and Judicial branches.

Although specific details regarding the Federal Government’s measures within this matter have not yet been released, Decree No. 11,856 outlines guiding principles, which include the guarantee of fundamental rights (such as freedom of expression, protection of personal data, privacy, and access to information), the prevention of cyber incidents, international technical cooperation in  cyber security, among others.

In addition, thisdecree established the National Cybersecurity Committee, which will be formed by representatives of the government, civil society, scientific institutions, and entities that integrate the business sector, which will meet quarterly, while the GSI will act as Executive Secretariat.

The National Cybersecurity Committee will also be in charge of monitoring the implementation and progress of the initiatives, as well as proposing and overseeing measures to strengthen cybersecurity, including the creation of themed working groups for this purpose.

Demarest’s Privacy, Technology, and Cybersecurity team is available to provide any clarifications that may be necessary.