Martes, 8 de Jul, 2025
IngresarIngresarSuscribirse
Search in Marcasur International Marcasur
Uruguay | July 9, 2025

Cybersecurity in Focus: Uruguay Sets Clear Rules for Public Entities and Strategic Sectors

By Manuel Pittaluga, partner specializing in Data Privacy, manuel@pittaluga.com

Cybersecurity in Focus: Uruguay Sets Clear Rules for Public Entities and Strategic Sectors

With Decree 66/025, Uruguay takes a firm step toward more secure and responsible digital risk management, requiring public organizations and strategic companies to comply with standards defined by AGESIC.

Decree No. 66/025, approved on February 20, 2025, formally establishes the role of AGESIC’s Information Security Directorate and sets out new rules that both public bodies and certain private companies must follow in terms of cybersecurity.

The goal is clear: to strengthen the preparedness of the state and key sectors in the face of increasingly complex digital threats.

What does the decree establish?

One of the main pillars is the mandatory adoption of AGESIC’s Cybersecurity Framework, which entails:

-Implementing security measures based on each organization’s specific risks.
-Appointing a person responsible for overseeing compliance with these policies.
-Conducting regular assessments of the security level and continuously improving.
-Reporting relevant cybersecurity incidents.
-Providing ongoing staff training.

Who does it apply to?

-All state entities (ministries, local governments, autonomous agencies, etc.).
-Private companies that provide essential services such as healthcare, energy, water, transportation, finance, telecommunications, or major digital platforms.

What happens if it’s not followed?

Although the decree does not specify exact penalties, it does foresee consequences:

-Public entities could face administrative sanctions for incidents or data breaches.
-AGESIC may request reports, issue observations, or escalate serious cases to oversight bodies.
-If third parties are harmed, civil or criminal liability or fines related to data protection laws could be applied.

In summary, Uruguay aims for both the public sector and certain private actors to act with greater responsibility and foresight in an increasingly challenging digital environment.

Pittaluga Abogados

Pittaluga Abogados, has initiated its professional practice 20 years ago, as an Intellectual Property Law Firm.

After some years providing a specialized and top level service for foreign clients, many of them among the world premier companies, Pittaluga Abogados obtained a recognized international prestige in said field, which convert it into one of the leaders Intellectual Property Law Firms in Uruguay.

Thus, today in P&A we take pride in emphasizing that our goal has always been and will continue being, to keep a personal relationship with our clients, considering at all times the priorities of our clients as our own, with the belief that each one of them is unique and irreplaceable.

Visit Website