As of March 1st, 2025, all public and private institutions providing essential services are required to report significant cybersecurity incidents to the National Cybersecurity Agency (ANCI – Agencia Nacional de Ciberseguridad).
This obligation rules over institutions that provide essential or vital services pursuant to Chilean Cybersecurity Act No. 21663 and its complementary regulations, namely State Administration bodies and companies in sectors such as energy supply, transportation and healthcare, among others.
The regulation establishes that a security incident has a “significant impact” when it has the potential to cause effects such as disrupting an essential service, harming individuals’ physical integrity, or compromising personal data.
Cybersecurity incident reports must be submitted through the notification platform provided by the ANCI, which is available at the following link: https://portal.anci.gob.cl
The text of the Regulation in Spanish is available here: Cybersecurity Incident Reporting Regulation under Law No. 21663.
