ANATEL Act 2436 introduces essential cybersecurity standards for Customer Premises Equipment (CPE) utilized by the general public to connect to Internet service providers’ networks. These mandatory requirements aim to ensure robust cybersecurity measures, encompassing aspects like password strength, data sharing protocols, and vulnerability updates.
The scope of this regulation encompasses various CPE devices, including cable modems, xDSL modems, Optical Network Units (ONU), Optical Network Terminals (ONT), routers, and modems designed for Fixed Wireless Access and Fixed Satellite Access to broadband internet.
Effective from March 10th, 2024, these standards will serve as a crucial benchmark for evaluating cybersecurity compliance in CPE equipment. Manufacturers and providers of internet access services must demonstrate adherence to these minimum requirements to ensure the security and integrity of customer networks.
While this regulation does not directly impact spectrum allocation or import procedures, it significantly influences the technical requirements for evaluating cybersecurity in CPE devices. Compliance with these standards will be essential for all products facilitating internet access, reinforcing trust and safeguarding user data in Brazil’s digital landscape.