BRAZIL ANATEL – New Cyber Security Requirements for Telecommunications Equipment

On January 5, 2021, Brazil’s certification body, ANATEL, published Act 77, approving new Cyber Security Requirements for Telecommunications Equipment. This new Act will become in force 180 days after its publication.

In summary, the Act discusses the following:

• The Act is applicable to all terminal devices with connection to internet and telecommunications network infrastructure equipment.
• According to item 4.1, when requesting the approval of devices under the scope of this Act, ANATEL will request a Declaration Letter from the applicant with the following content:
  • Indication that the product was developed in compliance with the principle of security by design
  • Proof that the equipment and its supplier meet the requirements of the Act
  • Recognition that they are aware that cybersecurity requirements are subject to updates, including regulatory and administrative, in line with technological development, with the emergence of new threats or vulnerabilities.
• According to item 4.2, when ANATEL implements the Market Surveillance program, they can assess whether the product and its supplier maintain compliance with the requirements of this Act. At this time, there is no Market Surveillance procedure in force
• Items 5 and 6 of Act 77 describe the specific requirements for Cyber Security, such as software/firmware updates; remote management; installation and operation; access to device configuration; and personal data.

For a copy of the English version of this Act for your records, or a consultation on how this will impact your devices in the Brazilian market, please contact Testing Partners at (862) 243-2329 or email customerservice@testingpartners.com.