From Intentions to Institutional Architecture
While a cyberattack in Europe caused delays and cancellations by damaging airport billing systems, Mexico is advancing in creating its cybersecurity ecosystem through various legislative initiatives on Cybersecurity and Artificial Intelligence (AI). The most fortunate proposals focus on risk management, resilience, and governance. The latest proposal, the General Law of Digital Rights by the Digital Rights Commission, brings legitimacy and a sense of urgency to the Mexican Senate.
Capabilities and Gaps
There are already official actions such as the National Digital Strategy, Incident Protocol, and the National Cyber Incident Registry. The deficit is not normative but operational: budget, talent, metrics, and coordination between federal, state, and private sectors.
As an associate of the Mexican Cybersecurity Alliance (AMC), I celebrate the development of the 2nd National Cybersecurity Forum (AMCS) from September 22-26 at the Pan American University. This gathering of legislators, governments, private sector, academia, and civil society aims for experts to continue analyzing this ecosystem as one of the most pressing challenges of our time, as institutions, companies, organizations, and individuals have been or will be victims of cyberattacks.
In the Chamber of Deputies, Eruviel Ávila is pushing for a constitutional reform in AI with an ethics and human rights focus. From the Senate, Lucía Trasviña has emphasized the need to regulate computer security, contributing to the convergence between the Security Public and Innovation and Digital Rights commissions.
Our Recommendations for Companies
- Regulatory map: anticipate the Cybersecurity Law, digital rights, and incident reports.
- AI governance: inventory of models, risks, datasets, and complaint mechanisms.
- Privacy: clear policies of notification and opposition facing state requirements.
- Cyber resilience: IT/OT/IoT segmentation, tested recovery, crisis exercises, and cooperation with CSIRTs.
Mexico can move from reaction to resilience. The window is open: building a state policy that balances security, innovation, and rights. If the private sector supports governance, talent, and transparency, cybersecurity will be a driver —not a brake— of development.
