Brazil updates Cybersecurity standards

Brazil’s telecommunications regulator, ANATEL, has recently updated its regulations with significant implications for the manufacturers and distributors of Customer Premises Equipment (CPE). These changes include revised cybersecurity testing requirements and new procedures for homologation certification.

Cybersecurity Standards for CPE

ANATEL’s Act nº 2436, effective since March 10th, 2024, mandates specific cybersecurity standards that now apply universally to various types of CPE used by the general public, including cable modems, xDSL modems, ONTs, ONUs, and wireless routers. The act ensures that devices connecting to Internet service provider networks meet stringent security benchmarks, safeguarding user data and enhancing network integrity. More detailed available here for Act No. 2436 and here for Official Letter 100/2024.

Advice for Manufacturers

We recommend our customers ensure their projects incorporate the necessary cybersecurity safety tests from the start. It is imperative to submit these tests by July 6, 2024. Additionally, in cases where non-conformities are identified, a recall of the already distributed products will be required.

This regulatory enhancement by ANATEL signifies a major advancement in the regulation of telecommunications equipment in Brazil. Simultaneously, the global trend is moving towards similar cybersecurity standards, indicating that increased compliance and standardization will become common expectations for manufacturers.