On January 5, 2021, ANATEL issued Act Nº 77 to establish a set of cybersecurity requirements for telecommunications equipment. The new Act will come into force 180 days after publication.
This act will apply to all terminal devices with connection to internet and telecommunications network infrastructure equipment. Upon the request off approval of any device under this scope, ANATEL will request a Declaration Letter (in Portuguese language) from the applicant with the following content:
- Indication that the product was developed in compliance with the principle of security by design;
- Designate which requirements of this document the equipment and its supplier meet at that moment;
- Recognition that they are aware that cybersecurity requirements are subject to updates, including regulatory and administrative ones, in line with technological development, with the emergence of new threats or vulnerabilities.
In addition, when ANATEL implements the Market Surveillance program, they can assess whether the product and its supplier maintain compliance with the requirements of this Act. Please note, no Market Surveillance procedure has been established at this time.
Cyber Security Requirements Established in the Act:
- Software/Firmware Update
- Remote Management
- Installation and Operation
- Access to the device configuration
- Data communication services
- Personal data
If you would like more information on the new Act, please contact iCertifi.