National Cybersecurity Policy 2023-2028

Analysis of the Action Plan approved by the Interministerial Committee on Cybersecurity, establishing 15 strategic measures to strengthen the country's digital resilience and protect national critical infrastructure.

Regulatory Framework and Context

Mediante Exempt Resolution No. 28 del 11 de julio de 2025, la Agencia Nacional de Ciberseguridad implementó el acuerdo del Comité Interministerial sobre Ciberseguridad que aprueba el Action Plan of the National Cybersecurity Policy 2023-2028.

Legal Basis

  • Law No. 21,663: Cybersecurity Framework
  • Supreme Decree No. 164/2023: Approves the National Cybersecurity Policy 2023-2028
  • Supreme Decree No. 275/2024: Regulation of the Interministerial Committee on Cybersecurity

The Action Plan is the result of work carried out by the Interministerial Committee during the 2022-2024 period, where 76 measures were analyzed, selecting 15 based on their implementation feasibility and applicability in the 4 cross-cutting axes of the National Policy.

The 15 Strategic Measures of the Action Plan

The Plan establishes concrete measures distributed across different critical areas for strengthening national cybersecurity:

1

Generation of Guides and Instructions to support SABs

Guidance to State Administration Bodies on cybersecurity matters, facilitating understanding and information security.
Responsible:Undersecretariat of Finance/Digital Government Secretariat
Objectives:
National coordinationCybersecurity culture
2

Diagnostic report on R&D&I in cybersecurity

Preparation of the second report on R&D&I in cybersecurity to determine key research areas that Chile should prioritize.
Responsible:Ministry of Science, Technology, Knowledge and Innovation / ANID
Objectives:
Cybersecurity cultureIndustry promotion
3

Focus on scholarships in cybersecurity matters

Deliver a maximum of 30 scholarships for talent training in cybersecurity through focusing processes in priority areas.
Responsible:Ministry of Science, Technology, Knowledge and Innovation / ANID
Objectives:
Cybersecurity cultureScientific research
4

Technical Standard for Cybersecurity in the Electric Sector

Development of regulatory framework with general Cybersecurity foundations for electric companies.
Responsible:Ministry of Energy / CNE / National Electric Coordinator
Objectives:
Resilient infrastructureNational coordination
5

Cybersecurity risk assessment methodology

Development of methodology adapted to national reality, available for all organizations in the country.
Responsible:National Cybersecurity Agency
Objectives:
Resilient infrastructureCybersecurity culture
6

Promote cybersecurity exercises

Exercise instances for public institutions in collaboration with national and international organizations.
Responsible:National Cybersecurity Agency
Objectives:
Resilient infrastructureIndustry promotion
7

Manual of communication protocols for incidents

Establish baseline guidelines for both internal and external communication in cybersecurity incident situations.
Responsible:ANCI / Ministry Secretary of Government (SECOM)
Objectives:
National coordinationPeople's rights
8

Shared agenda of international commitments

Generation of consensual agenda between Ministry of Foreign Affairs and ANCI on international cybersecurity initiatives.
Responsible:Ministry of Foreign Affairs / ANCI
Objectives:
International coordination
9

Generation of annual national cybersecurity report

Annual report on national cybersecurity reality, threats, vulnerabilities of public systems.
Responsible:National Cybersecurity Agency
Objectives:
Resilient infrastructureNational coordination
10

Student cybersecurity fairs

Alliances with universities and technical institutes to hold fairs that showcase and raise awareness about cybersecurity careers.
Responsible:Ministry of Science / ANCI / Ministry of Education
Objectives:
Cybersecurity cultureIndustry promotion
11

Proposal for new technical career in cybersecurity for TVHE

Creation of pilot proposal for Mid-Level Technical career for Technical-Vocational High School Education.
Responsible:ANCI / Ministry of Finance / Ministry of Education
Objectives:
Cybersecurity cultureIndustry promotion
12

Development of document on research lines

Joint document between State and private sector with description of research areas in cybersecurity.
Responsible:ANID / National Cybersecurity Agency
Objectives:
Industry promotionResilient infrastructure
13

Expansion of the National Tutoring Plan program

Develop tutorials on digital education and self-care for people with greater support needs.
Responsible:Ministry of Science / ANCI / Ministry of Education
Objectives:
People's rightsCybersecurity culture
14

Update of the Cyber Defense Policy 2024-2028

Update the Cyber Defense Policy published in 2018, presenting objectives until 2022.
Responsible:Ministry of Defense / Undersecretary of Defense
Objectives:
Resilient infrastructure
15

Cybersecurity requirements in public radio spectrum tenders

Establish compliance requirements for Exempt Resolution No. 1318 of 2020 on general cybersecurity foundations.
Responsible:Undersecretary of Telecommunications
Objectives:
Resilient infrastructureCybersecurity culture

Cross-cutting Objectives

The National Cybersecurity Policy 2023-2028 considers 4 fundamental cross-cutting axes that guide all measures:

Cross-cutting Axes

  • Gender Equity: Inclusion of gender perspective in all initiatives
  • Child Protection: Specific measures to protect minors in cyberspace
  • Senior Protection: Special considerations for the elderly
  • Environmental Protection: Sustainable and green cybersecurity

Central Objectives

The measures align with the following central objectives:

  • National and international coordination: Strengthen cooperation between public and private institutions
  • Cybersecurity culture: Promote awareness and education in digital security
  • Resilient infrastructure: Protect essential services and critical infrastructure
  • Promotion of industry and scientific research: Drive the development of the cybersecurity ecosystem
  • People's rights: Protect fundamental rights in cyberspace

Implementation and Governance

Interministerial Committee on Cybersecurity

The Committee is composed of representatives from:

Undersecretariat of the Interior
Undersecretariat General Secretariat of the Presidency
Undersecretariat of Defense
Undersecretariat of Foreign Affairs
Undersecretariat of Finance
Undersecretariat of Telecommunications
Undersecretariat of Science, Technology, Knowledge and Innovation
National Intelligence Agency
National Cybersecurity Agency (presides)

Role of ANCI

The National Cybersecurity Agency, under the direction of Daniel Álvarez Valenzuela, chairs the Committee and implements the adopted agreements, coordinating the actions of institutions with competence in cybersecurity matters.

Implementation Timeline

The Action Plan will be executed during the 2023-2028 period, with periodic reviews and adjustments according to the evolution of the threat landscape and national needs.

Resources and Related Links

Frequently asked questions

What is Chile's National Cybersecurity Policy 2023-2028?

It is the public-policy instrument approved by the Interministerial Cybersecurity Committee setting Chile's strategic guidelines on digital matters. It defines five objectives and thirty-nine concrete measures for 2023-2028, aligned with Law 21.663 and the ANCI framework.

Who approves and executes the National Cybersecurity Policy?

It is approved by the Interministerial Cybersecurity Committee and executed by the National Cybersecurity Agency (ANCI), coordinated with sectoral ministries, regulators and private entities qualified as Essential Services and Operators of Vital Importance.

How does the Policy relate to Law 21.663?

The Policy guides the operational implementation of the Cybersecurity Framework Law. Law 21.663 creates ANCI, sets obligations and sanctions; the Policy prioritises measures, deadlines and indicators that materialise that legal framework over 2023-2028.

What concrete obligations does it impose on companies?

Companies qualified as Essential Services or Operators of Vital Importance must implement security-management systems, report incidents to ANCI, appoint a Cybersecurity Delegate and participate in sectoral exercises. The Policy reinforces public-private cooperation in these areas.

How is compliance with the Policy measured?

ANCI publishes periodic progress reports by objective and measure, with quantitative and qualitative indicators. The thirty-nine measures have associated deadlines and identified institutional owners, enabling public tracking of the implementation level.

Transform Your Legal Challenges into Competitive Advantages

Discover how our innovative approach can drive your business

Schedule ConsultationMeet the Team
© 2025 AnguitaOsorio, todos los derechos reservados.
Chile

Nuestra Empresa

Subscribe to Newsletter

Contacto

Contáctanos

Teléfono:

+56 2 2760 4512

Ubicación:

Cerro el Plomo 5420, oficina 1306, Las Condes, Región Metropolitana.