Brazil's FecomercioSP Promotes Cybersecurity Legal Framework
2026-07-08 09:10
Favorite

en.Wedoany.com Reported - The Federation of Commerce of Goods, Services and Tourism of the State of São Paulo (FecomercioSP) is promoting a cybersecurity legal framework aimed at protecting micro, small, and medium-sized enterprises (MPMEs). According to data from the Federal Court of Accounts (TCU), Brazil loses 100 billion reais annually to digital fraud, making the establishment of national cybersecurity regulations urgent. To this end, the federation has developed ten guidelines, advocating for balanced and effective regulations that align with the reality of MPMEs, which are the most affected by such crimes.

FecomercioSP continuously monitors discussions in the federal government and Congress, proposing measures to enhance digital security without compromising business competitiveness. On June 30, the federation participated in a public hearing of the Senate's Science, Technology, Innovation, and Information Committee (CCT), which discussed Bill No. 4,752/2025 (PL 4,752/2025). This bill aims to establish a cybersecurity legal framework, create the National Digital Security and Resilience Plan, and amend Law No. 13,756/2018. FecomercioSP states that cybersecurity has become a strategic issue for the nation, society, and the productive sector, and therefore the entity continuously contributes suggestions for the regulatory framework's construction. Rony Vainzof, the entity's digital regulation advisor and a member of the National Cybersecurity Council (CNCiber), pointed out during the hearing that with the development of Artificial Intelligence (AI), the speed of digital attacks has increased dramatically. Vulnerabilities that once took criminals nearly 25 days to exploit can now be exploited in minutes with the help of AI. He also revealed that less than 1% of known vulnerabilities are effectively patched, and the annual global cost of cyber incidents and fraud is estimated at $10.5 trillion.

Vainzof emphasized that Brazil, while leading in technological innovation, also becomes a target due to its low maturity in this field and the lack of an official coordinating body. At the eighth ordinary meeting of CNCiber held at the end of last year, 20 representative bodies unanimously approved the proposal for a cybersecurity legal framework and the creation of a central coordinating body. He stated that Bill No. 4,752 complements the CNCiber proposal. FecomercioSP advocates for a horizontal framework to organize cybersecurity, adopting a risk-proportionate approach to avoid imposing unnecessary regulatory burdens on low-risk entities. In 2025, the entity submitted a proposal to the Institutional Security Office (GSI) of the Presidency, suggesting a credit line for MPMEs under favorable conditions supported by the Inter-American Development Bank (IDB). The federation also participates in the National Cybersecurity Multi-Stakeholder Alliance, led by the National Institute for Combating Cybercrime (INCC), and actively promotes the establishment of the Parliamentary Front in Support of Cybersecurity and National Cyber Defense (FrenCyber) in Congress. In June of this year, the entity intensified its lobbying efforts in Brasília regarding the cybersecurity bill, meeting with GSI Minister Marcos Antônio Amaro dos Santos, GSI Parliamentary Advisor Francisco de Oliveira Castro, GSI Cybersecurity Director Luiz Fernando Moraes da Silva, and the Minister's Special Advisor Marcelo Malagutti. According to FecomercioSP, a report consolidating various suggestions will be submitted soon.

FecomercioSP believes that the cybersecurity legal framework should reduce legal uncertainty, adopt a risk-based approach, coordinate regulatory bodies to avoid overlapping jurisdictions, prevent double penalties, and cover cyber incidents such as ransomware attacks and DDoS attacks that do not involve personal data breaches. The framework should prioritize assessing business maturity rather than automatically assigning liability solely due to an attack, and protect the confidentiality of critical information shared by businesses, aligning with international best practices to enhance Brazil's competitiveness. Regarding the proposed National Cybersecurity Agency, the federation recommends it be responsible for national coordination, take technical and preventive actions, complement sector-specific regulators, provide a single point of contact during crises, reduce regulatory duplication, and operate based on cooperative actions, with sanctions applicable only in cases of gross negligence or willful violation.

This bulletin is compiled and reposted from information of global Internet and strategic partners, aiming to provide communication for readers. If there is any infringement or other issues, please inform us in time. We will make modifications or deletions accordingly. Unauthorized reproduction of this article is strictly prohibited. Email: news@wedoany.com