Colombia adopts a cybersecurity policy
Colombia recently issued a cybersecurity policy, which identifies relevant actions that different public
authorities shall undertake, and acknowledges the relevance of involving different stakeholders in the
design of new regulations and the application thereof. By means of a document known as "CONPES
3854", Colombia set forth a 4-year plan containing the grounds for adopting relevant cybersecurity
Among the activities set forth by CONPES 3854 is the update of the telecommunications regulatory
framework in the country by the Communications Regulations Commission. Likewise, the ITC
Ministry shall adopt a cybersecurity risk management model, and shall create a panel formed by
interested parties, which shall address, study and advise on cybersecurity risk management.
The policy is based on a risk management approach which intends to promote a safe digital
environment whereby it fosters commerce, promotes social and economic growth and increases
competitiveness. The 5 major topics of the policy are listed as follows: (i) adopting an institutional
framework based on risk management; (ii) promoting conditions for increasing confidence in digital
transactions and for incentivizing the implementation of risk management measures; (iii)
strengthening the security mechanisms both for private entities and individuals and for public
authorities; (iv) strengthening defense and national sovereignty; (vi) fostering cooperation and
assistance in cybersecurity at both national and international levels.
Please bear in mind that CONPES 3854 follows a cybersecurity and cyber defense policy issued in
2011, after which Colombia issued the Data Protection regime (Law 1581 of 2012) and set forth
criminal penalties for cybercrimes. Interested parties (i.e., those who develop, directly or indirectly,
any or all of their socioeconomic activities in the digital environment) may provide relevant input for
contributing to the design of the actual regulations that will develop this policy.
For more information, please contact Carolina Pardo or Erick Castellanos.