ANATEL Act Nº 2436 has officially come into force as of March 10, 2024, marking a significant stride towards enhancing cybersecurity standards for Customer Premises Equipment (CPE) devices utilized to connect to internet service provider networks.
This Act covers a wide array of CPE devices, including cable modems, xDSL modems, ONUs and ONTs, access points or switches for internet, as well as modems for FWA (Fixed Wireless Access) or wideband satellite.
On March 9th, 2024, ANATEL issued Official Letter No. 83 detailing crucial information regarding the submission of test reports for cybersecurity assessment in CPE equipment. Here are the key takeaways:
- For applicants who had their “acceptance” recorded with the OCD until March 9th, 2024, ANATEL will grant approval of new devices and renew certificates without requiring the submission of the test report initially. However, these applicants must commit to presenting the cybersecurity test report by July 6th, 2024, failing which may lead to the suspension of their Homologation Certificate.
- Applicants opting for this exemption route must sign a declaration letter pledging to submit the cybersecurity report by the ANATEL deadline. Additionally, in case of testing failure, they must either remove all units sold in the Brazilian market or initiate a recall, in accordance with Brazilian Consumer Law.
- New approvals or renewals initiated as of March 10, 2024, must comply with the requirement of presenting the cyber security test report that covers the full spectrum of cybersecurity conformity evaluation in CPE to obtain ANATEL approval.
For further assistance regarding the new Act Nº 2436 and its cybersecurity requirements for Customer Premises Equipment (CPE), please contact iCertifi.