Key Players Advocate for Clear Cybersecurity Regulations
During the II National Cybersecurity Forum held at the Universidad Panamericana on September 25-26, organized by Alianza México Ciberseguro, industry leaders, academics, and authorities emphasized the urgent need for clear cybersecurity regulations in Mexico. The event brought together representatives from the public sector, regulators, business chambers, and cybersecurity firms to transform discussions into concrete actions and a legislative proposal reflecting the ecosystem’s needs.
40 Legislative Proposals, Yet No Consolidated Law
The call to regulate stems from specific concerns: the lack of a harmonized legal framework, technical capability gaps, and international actors’ pressure for clear rules. Luis Miguel Dena, president of the Alianza México Ciberseguro’s Award Committee, expressed disappointment that despite 40 legislative initiatives, Mexico still lacks a comprehensive cybersecurity law.
Balancing Regulation and Innovation
Regulators and financial institutions stress that the discussion is not only about security but also about striking a balance between regulation and innovation. Luis Lima Gómez, General Director of Information Security Supervision at Mexico’s National Banking and Securities Commission (CNBV), explained that digitalization brings evident benefits but also expands the attack surface, necessitating constant updates.
“The idea has never been to halt the market or innovation but to identify risks. There must always be a balance,” Lima Gómez said.
Existing Tools and Capabilities Fall Short
Participants highlighted existing tools like a National Cyber Incident Registry, standardized response processes, and the presence of numerous cyber police units in federal entities. However, they emphasized the lack of a coordinated legal and budgetary framework.
Industry’s Priorities: Technical and Sectoral Contributions
The industry insists that the law should be built with technical and sectoral contributions to prevent unintended consequences on innovation and digital trade. Armando Zúñiga Salinas, General Director of Grupo International Private Security in Mexico and representative of the Coordinating Business Council (CCE), stated that the regulatory framework has been developed over several years through collaboration between the public, private, and academic sectors. However, concrete legislation remains elusive.
“Legislation is one of the pending topics we’ve been working on for years. This law has taken too long because priorities always shift. Currently, the focus is on extortion, another pressing concern. We hope cybersecurity will be next,” Zúñiga said.
Proposed Legislative Measures
The forum circulated concrete proposals, including a comprehensive cybersecurity law, specific frameworks for artificial intelligence and digital rights, and the development of state capabilities, talent investments, and international evidence exchange mechanisms.
“The alliance will promote a comprehensive cybersecurity law, an artificial intelligence law, and a digital rights law,” Dena summarized regarding the sector’s proposed work plan.
Key Questions and Answers
- What is the main concern driving the need for a cybersecurity law in Mexico? The rapid digitalization of public services, commerce, and healthcare necessitates a consolidated legal framework to coordinate efforts and resources.
- How many legislative proposals have been presented so far? Forty proposals have been presented, but no comprehensive cybersecurity law exists.
- What balance must be struck between regulation and innovation? Regulators and financial institutions emphasize the need to identify risks while allowing innovation and digital trade to flourish.
- What existing tools and capabilities are insufficient? Although Mexico has a National Cyber Incident Registry, standardized response processes, and cyber police units, there’s a lack of coordinated legal and budgetary support.
- What are the industry’s priorities for the cybersecurity law? The industry seeks technical and sectoral contributions to prevent unintended consequences on innovation and digital trade.
- What legislative measures are being proposed? Proposals include a comprehensive cybersecurity law, specific frameworks for artificial intelligence and digital rights, and the development of state capabilities, talent investments, and international evidence exchange mechanisms.
