During 2023, a high number of attempted cyber attacks was recorded, ranking fourth worldwide. 

After Law No. 21.663 on Cybersecurity and Critical Information Infrastructure was promulgated on March 26, and published in the Official Gazette on April 8, a new stage began to confront cases of cyberattacks in Chile. This through the regulation, supervision and sanction of those who provide fundamental services in the public and private sector.

The regulations are institutionalized through the creation of the National Cybersecurity Agency (ANCI), which will be in charge of ensuring the correct functioning of the legislation, and will work together with the Multisectorial Council on Cybersecurity (CSIRT) through advice and creation of proposals to address the problem. In addition, it will have the State Secure Connectivity Network (RCSE), the National Computer Security Incident Response Team and the Interministerial Committee on Cybersecurity. 

In this regard, Carlos Esperguen Sepúlveda, professor of Criminal Law at the University of La Serena, explains that “the new and innovative Cybersecurity Law enshrines a process of digital transformation in our country, strengthening digital security, as established in the Law. No. 21.663. The objective of the new institutionality is to provide a safe digital environment for the social ecosystem, which involves personal, labor, economic, health, national security, among others, relationships with the State and the private sector.

According to Check Point, a computer security company, during 2023 Chile became one of the countries with the highest number of cyberattack attempts, ranking fourth worldwide. In this sense, Marcelo Zepeda, computer engineer and Information Security Officer at USserena, mentions that “all people must remain active and informed regarding the need to incorporate cybersecurity into their daily lives, knowing that they are protagonists. and not just observers. No one can say they are free from cybercrime.”

The sanctions are directed at State and private institutions that do not comply with the obligations stipulated in the regulations and not at cybercrime. According to Carlos Esperguen, the law “dictates sanctions in the administrative sphere for violations of the regulations established in the institutionality with fines ranging from 5.000 UTM ($325.910.00) to 40.000 UTM ($2.607.280.000), no less amounts that will obligate to adjust to the new standards.”

On the other hand, Marcelo Zepeda details that the new law “classifies computer crime and contemplates the penalization of criminal acts in this area. This, in conjunction with the update of the National Cybersecurity Policy, the Cybersecurity Framework Law and the Personal Data Protection law that should see the light of day soon.”