All questions

Intellectual property

i Brand search

Clearance word searches may be conducted online through the Mexican Institute of Industrial Property (IMPI) database. The word search will provide trademarks that are identical, similar or have a word in common. The results are mostly reliable, but, given that the IMPI takes approximately two days to update the database, the provided information may not include a trademark that could constitute a legal impediment or data corresponding to possible designations to which Mexico could be subject, pursuant to the Protocol Relating to the Madrid Agreement Concerning the International Registration of Marks.

The information contained in the search result does not constitute an official communication in terms of the Industrial Property Law (IPL).

ii Brand protection

In Mexico, it is not possible to file multi-class applications; rather individual applications, per mark per class, should be filed. If a trademark application has been previously submitted in another jurisdiction, priority may be claimed within six months of the filing date of the foreign application.

The approximate time frame for obtaining the registration of a trademark is three to six months. However, if an opposition is filed by a third party or if the trademark examiner issues an office action to clarify the listed goods or services, or citing an identical or confusingly similar trademark or otherwise objecting to the registrability of the proposed mark, the registration process will be extended up to a year or in some cases even more than a year.

Once the application is filed, it is published for opposition and will be examined by the examiner. In the event that a similar prior application or registration is found or the mark is considered not to be distinctive, the examiner issues an office action communicating the objection. At that point, the applicant is given an opportunity to file arguments to try to overcome the citation or objection.

The trademark should be used by the owner or by the recorded licensee to distinguish the products or services for which it was registered. If the trademark registration is used only by a licensee or franchisee, the licensee or franchisee should be recorded with the IMPI. If the owner, licensee or franchisee does not use the trademark during three consecutive years, a third party could request a non-use cancellation action based on lack of use.

Amendments to the IPL entered into force on 10 August 2018. Some of the changes introduced are relevant to franchises: (1) non-traditional trademarks – sound, olfactory and holographic trademarks – can be registered; and (2) the amendment introduces the possibility of registering as a trademark a plurality of operative and image elements that combine to distinguish products or services in the market, which in the international market is known as trade dress.

iii Enforcement

Article 213 of the IPL establishes several types of conduct that constitute administrative infringements, such as the unauthorised use of a registered trademark or not providing the franchise disclosure document (FDD) when requested. Administrative infringements can be sanctioned with: (1) a fine up to 20,000 times the current minimum wage approved in Mexico City; (2) an additional fine of up to 500 days' worth of the current minimum wage approved in Mexico City for each day that the infringement persists; (3) temporary closure of up to 90 days; (4) permanent closure; and (5) administrative detention of up to 36 hours. The infringement action is filed with the IMPI, which conducts an investigation and imposes any fines.

Additionally, breach of obligations stipulated in the agreement, such as payment of royalties, will incur civil liabilities.

iv Data protection, cybercrime, social media and e-commerceData protection

Following constitutional amendments that included the right to data protection as a basic right of individuals, in 2010 the Federal Law on Protection of Personal Data held by Private Parties was enacted, followed, in 2011, by its Regulations (together the Data Protection Law). These pieces of legislation – which are complemented by guides issued by Mexico's data protection authority, the National Institute for Transparency, Information Access and Personal Data Protection – apply at a federal level and make up the Mexican data protection legal framework.

The Data Protection Law applies to all processing of personal data by private entities or individuals, except when it is processed for personal or domestic use or by credit bureaus.

Franchisors and franchisees will be data controllers with respect to certain personal data they process; for example, franchisees will be controllers of their employees' personal data and, in some cases, a franchisor is a data controller of customer data.

In this regard, when processing personal data or any information concerning identified or identifiable individuals, both franchisors and franchisees need to be aware of their obligations and responsibilities, which are more onerous for data controllers. Some of the obligations of data controllers are: (1) to maintain appropriate physical, technical and organisational security measures, (2) to provide a privacy notice to all data subjects, (3) to collect consent from data subjects, where necessary, and (4) to allow data subjects the exercise of their rights (access, rectification, cancellation, objection, etc.).

Personal data can be transferred to third countries regardless of the level of protection a country provides if transfers are covered by an agreement that is in compliance with the Data Protection Law and with the privacy notice that was made available to data subjects. Consent from data subjects for the transfer of their personal data is sometimes required.

Failure to comply with the provisions of the Data Protection Law may result in hefty fines and, if personal data is processed deceitfully or for profit, penalties of imprisonment may be imposed.


Although Mexico intends to ratify the Budapest Convention on Cybercrime, it has not done so and it is not clear when it will be ratified.

Notwithstanding this, under the Federal Criminal Code, illicit accessing of systems and destruction or causing the loss of information are crimes, along with the disclosure of trade secrets and confidential information. Because of the lack of specific provisions, the police treat certain other cybercrimes as fraud.

Social media and e-commerce

There are no specific regulations or provisions applying to franchises and social media, nor codes of conducts in this regard; however, social media activity is mainly governed by the Data Protection Law and consumer protection legislation.

E-commerce is regulated in Mexico by several laws, including the Code of Commerce and the Federal Law on Consumer Protection, which protects consumers in Mexico, regardless of location of providers.