The use of information and telecommunication technologies has become a fundamental part of people’s lives, as they function as important tools for the proper development of the public and private sectors.
It should be remembered that in this digital era, the use of technologies implies an exchange of information through a cyberspace made up of various computer networks and mainly the Internet, which can be accessed through an infinite number of devices such as cell phones, watches, cars and even loudspeakers, doors and cameras.
The use of these digital infrastructures generates and stores information of all nature, including sensitive and confidential information, so it is necessary to have security systems capable of resisting and responding to cyber-attacks, since in case of an intrusion it can cause human and financial damage and even compromise the national security of a country.
Cybersecurity represents a priority for legislators, since it is the Mexican State itself that has been the victim of these attacks, as there is currently no specific regulatory framework that organizes and establishes the cybersecurity parameters applicable in the country, as well as that combats and punishes irregular activities committed through the Internet or that can define the crimes committed with the use of information technologies (“cybercrimes”). In this regard, it is important to note that the lack of regulation of cybersecurity has led to Mexico to become the country where cybercriminals operate the most.
At the same time, the few cybercrimes that are spread across different legal systems are not consistent with the concepts established by other countries, which makes it difficult to establish penalties for cybercriminals.
In this regard, after more than a year of work between the Science, Technology and Innovation Commissions of the Chamber of Deputies and the Science and Technology Commission of the Senate of the Republic, on April 25, 2023, the initiative of the Federal Cybersecurity Law (“LFC”) was presented for its study, discussion and, if applicable, approval.
In accordance with the provisions of the LFC, what is desired with this project is to keep homogeneity with the concepts established in other countries in order for Mexico to join international legal initiatives and adhere to international treaties that make it possible to punish those who are responsible, such as the Convention on Cybercrime, created in 2001 with the purpose of increasing international cooperation and generating legal frameworks among nations. Mexico is not part of the Convention, so with the creation of the LFC its adhesion is expected.
The private sector, NGOs and, of course, the Ministries of State, the Armed Forces and the Legislative Branch participated in the creation of the LFC.
Throughout the 92 articles of the project, data protection is strengthened, and cybersecurity procedures are implemented, in addition to defining infractions, crimes and establishing sanctions to combat cyber risks.
Among the innovations included in the LFC initiative is the creation of the National Cybersecurity Agency and a National Registry of Cybersecurity Incidents, in addition to establishing public policies on national security to face the challenges and risks created using information and telecommunications technologies, thus guaranteeing the protection of users’ information.
The National Cybersecurity Agency will establish coordination and information exchange schemes, cooperation schemes with international organizations and foreign authorities, as well as technical criteria for risk detection.
On the other hand, the LFC promotes collaboration between local governments, private initiative, justice institutions and seeks Mexico’s adherence to international treaties on cybersecurity.
Regarding cybercrimes typified in the LFC, such as computer fraud, illegal processing of personal data and incitement to violence in digital media, penalties are established that can range from 6 months to 20 years in prison, which can increase when it comes to attacks to financial systems, government and/or critical information infrastructures. For the prosecution of these crimes, the Prosecutor General’s Office will be supported by a specialized prosecutor’s office to investigate and prosecute cybercrimes.
In addition, the Inter-Ministerial Commission on Information and Communication Technologies and Information Security is established, whose functions will be advisory and will be supervised by the head of the National Digital Strategy, the heads of the ICT units of the ministries of the State, as well as the Tax Administration Service, the National Council of Science and Technology, among others.
Once the initiative is evaluated by the Chamber of Deputies, it will have to be approved by the Senate of the Republic, but its approval would undoubtedly represent an important advance in cybersecurity matters to protect the Mexican State from one of the most relevant risks at present.
In Acedo Santamarina, S.C., we have a team of lawyers specialized in telecommunications, protection of personal data and new technologies that can provide you with advice for the protection of your information.
Marcos Fabian Castro Cano
