en.Wedoany.com Reported - Marcelo Malagutti, a representative of the Brazilian Institutional Security Office (GSI) and member of the National Cybersecurity Council (CNCiber), stated at a seminar on sectoral regulatory updates held in São Paulo on the 9th that the country needs to accelerate the approval of a cybersecurity legal framework to reduce vulnerabilities in critical infrastructure and establish a permanent national coordination mechanism in the face of technological advancements such as artificial intelligence and quantum computing. This assessment was made by Malagutti during an event organized by the law firm VLK Advogados.

Malagutti stated bluntly, "We are already very behind." According to him, the text currently being drafted is the result of a fusion between the proposal discussed by CNCiber and legislative initiatives under consideration in Congress, aiming to build a more comprehensive proposal with a greater chance of approval. He said, "Merging 95% of their text with 95% of our text results in a text that is 130% better."

One of the main arguments put forward by the GSI representative is the speed of technological change. He believes that legislation cannot attempt to foresee all future scenarios but needs to establish principles that can guide the country's response to still-evolving technologies. Malagutti specifically mentioned artificial intelligence, quantum computing, and emerging computing technologies as factors intensifying the urgency of regulatory discussions. Citing advances in quantum computers, he pointed out their potential impact on current encryption systems: "What takes thousands of years today could take just minutes to decrypt in three to four years." He warned that this poses a risk to strategically stored information—data that could be captured now and exploited in the future when new computing capabilities become available.

Another key point of discussion was the need to provide legal safeguards for vulnerability testing and penetration testing activities. Malagutti noted that security researchers and professionals often fear liability for legitimate system testing activities due to the lack of a clear regulatory framework. Therefore, the proposal stipulates that the future national cybersecurity agency will have the authority to regulate these activities, establishing specific standards and parameters. For the GSI representative, legislation should set general guidelines, leaving more specific details to subsequent regulations.

Participants in the seminar agreed on the need to establish a national body to coordinate cybersecurity policies. Debate moderator Rony Vainzof emphasized that, unlike other regulatory agendas, the private sector itself is advocating for the creation of a national structure. He cited an example, stating that a single incident is enough to explain why all these discussions are necessary, and noted that national legislation would produce a cultural effect similar to that following the enactment of the General Data Protection Law (LGPD), helping companies secure resources to invest in digital security. In the discussion on institutional design, Gustavo Borges, Executive Director of the National Telecommunications Agency (Anatel), outlined the reasons why a majority of CNCiber members consider the agency as a potential home for the future national body. According to him, the main requirements identified in the discussions were the establishment of a low-cost, independent agency capable of acting quickly. Borges stated that Anatel already has a solid structure, coverage across all federal units, regulatory experience, international participation, and a history in critical infrastructure protection, having worked in related areas for over a decade and possessing specific cybersecurity regulations for the telecommunications sector since 2019. He emphasized that the discussions involve not only telecommunications but also the entire infrastructure underpinning Brazil's digital environment, including fiber optics, submarine cables, satellites, and mobile networks.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com