Contact Us

Chile News: New Cybersecurity Registration for Essential Service Providers

By Luke Musto
Social-Media-Banner-images-37

Written by Ian Cardenas, Lawyer

On June 4, 2025, Chile’s Official Gazette published General Instruction No. 1 issued by the National Cybersecurity Agency (ANCI), which requires all institutions classified as Essential Service Providers (ESP) (under Article 4 of Law No. 21.663) to register on ANCI’s official incident reporting platform.

This new instruction comes into effect on June 11, 2025. Non-compliance will be considered a minor infringement and may result in fines of up to 5,000 UTM (approximately USD 360,000 at current exchange rates).

Key Obligations for Essential Service Providers

  1. Mandatory Registration. Institutions must register via https://portal.anci.gob.cl, appointing at least one designated officer responsible for reporting cybersecurity incidents or attacks to the National CSIRT.
  2. Formal Appointment. The designated officer must be formally appointed through a document signed electronically by the institution’s legal representative. Institutions may appoint both primary and alternate reporting officers.
  3. Qualification Requirements. The appointed officer must have relevant training or professional experience in cybersecurity, as they will act as the main technical contact with ANCI.
  4. Strong Authentication. Registration requires Chile’s Clave Única digital ID and a second factor of authentication, such as a TOTP app or passkeys. Protecting these credentials is the sole responsibility of the appointed officer.
  5. Official Communication. Each institution must provide an official institutional email address, which will serve as the primary channel for communication with ANCI.
  6. Ongoing Compliance. If an officer ceases to serve in that role, the institution must notify ANCI immediately and appoint a replacement following the same formal process.

Who Must Register?

This new regulation applies to both public and private institutions providing services defined as essential by Law No. 21.663. Sectors that may qualify include:

  • Energy (generation, transmission, distribution) and fuels
  • Drinking water and sanitation
  • Telecommunications and digital infrastructure
  • Managed digital services and IT providers
  • Transport (road, air, rail, maritime)
  • Banking, financial services, and payment systems
  • Social security, postal services, and courier operations
  • Institutional healthcare
  • Pharmaceutical production or research

Institutions unsure of their status are strongly advised to assess their classification promptly and complete registration to avoid penalties.

Next Steps

Organisations should:

  • Evaluate whether they are classed as an Essential Service Provider (ESP) under Chilean law.
  • Designate and formally appoint a qualified cybersecurity reporting officer.
  • Register on the ANCI portal and implement the required strong authentication methods.

Failure to comply may not only result in regulatory fines but also increase exposure to operational and reputational risks in the event of cyber incidents.

Conclusion

Chile’s mandatory registration requirement marks another significant step toward strengthening the country’s cybersecurity resilience and incident response coordination. By enforcing clear obligations for Essential Service Providers, ANCI aims to ensure that critical sectors can report threats promptly and mitigate potential impacts on public welfare and national security.

Organisations that act proactively to comply with these new rules will not only avoid regulatory penalties but also enhance their preparedness against increasingly sophisticated cyber threats.

Staying compliant today means protecting your operations, reputation, and the trust of your stakeholders tomorrow.

Harris Gomez Group METS Lawyers ® opened its doors in 1997 as an Australian legal and commercial firm. In 2001, we expanded our practice to the international market with the establishment of our office in Santiago, Chile. This international expansion meant that as an English speaking law firm we could provide an essential bridge for Australian companies with interests and activities in Latin America, and to provide legal advice in Chile, Peru and the rest of Latin America. In opening this office, HGG became the first Australian law firm with an office in Latin America.

As Legal and Commercial Advisors, we partner with innovative businesses in resources, technology and sustainability by providing strategy, legal and corporate services. Our goal is to see innovative businesses establish and thrive in Latin America and Australia. We are proud members of Austmine and the Australia Latin American Business Council.

To better understand how we can support your management team in the Region, send an email to: contact@hgomezgroup.com 

Disclaimer: This article is for general informational purposes only and does not constitute legal advice. It does not create a solicitor-client relationship, and readers should seek independent legal advice for their specific circumstances. Harris Gomez Group accepts no liability for reliance on this content.

Date:

June 17, 2025

Category

Chile | Cybersecurity

Tags:

ANCI Chile | Chile cybersecurity law | cybersecurity compliance Chile | Essential Service Providers | General Instruction No. 1 | incident reporting Chile | LATAM tech regulation | Law No. 21.663

Follow us on social media:

  • \Our Articles

Stay Updated with Legal Trends

Stay ahead in the legal world with our regular updates and expert analysis on current legal developments. Whether you’re navigating regulatory changes or handling legal disputes, we’ve got you covered.
View All Blog Post