In July 2021, Act Nº 77 issued by the ANATEL on the Cyber ​​Security Requirements for Telecommunications Equipment became effective in Brazil. The Act establishes a set of cyber security requirements for telecommunications equipment to minimize or correct vulnerabilities through software/firmware updates or through configuration recommendations. Thus, it is applicable for terminal equipment that connects to the Internet and telecommunications network infrastructure equipment. 

According to the Act, when equipment is passing the certification procedure for the first time, ANATEL requests a Declaration Letter (in Portuguese language) from the applicant where it is stated:

that the product is developed in compliance with the principle of security by design;

information on the requirements according to the Act that is followed by the equipment and its supplier at the time of declaring

confirmation of their awareness on keeping up-to-date cybersecurity requirements

Please, note that the ANATEL is able to access the compliance of the equipment and its supplier to the information stated in the Declaration within the market surveillance.

Cyber Security Requirements indicated in the Act concern:

Software/Firmware Update

Remote Management

Installation and Operation procedures

Access to the equipment configuration

Data communication services

Personal data

Resistance to cyberattacks

The full text of the Act you can find HERE.