{"id":4749,"date":"2025-06-03T16:20:05","date_gmt":"2025-06-03T19:20:05","guid":{"rendered":"https:\/\/pittaluga.com\/?p=4749"},"modified":"2025-06-03T16:20:05","modified_gmt":"2025-06-03T19:20:05","slug":"cybersecurity-in-focus-uruguay-sets-clear-rules-for-public-entities-and-strategic-sectors","status":"publish","type":"post","link":"https:\/\/pittaluga.com\/en\/cybersecurity-in-focus-uruguay-sets-clear-rules-for-public-entities-and-strategic-sectors\/","title":{"rendered":"Cybersecurity in Focus: Uruguay Sets Clear Rules for Public Entities and Strategic Sectors"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column width=&#8221;2\/3&#8243;][vc_column_text css=&#8221;&#8221;]With Decree 66\/025, Uruguay takes a firm step toward more secure and responsible digital risk management, requiring public organizations and strategic companies to comply with standards defined by AGESIC.<br \/>\nDecree No. 66\/025, approved on February 20, 2025, formally establishes the role of AGESIC\u2019s Information Security Directorate and sets out new rules that both public bodies and certain private companies must follow in terms of cybersecurity.<br \/>\nThe goal is clear: to strengthen the preparedness of the state and key sectors in the face of increasingly complex digital threats.<\/p>\n<p><strong>What does the decree establish?<\/strong><br \/>\nOne of the main pillars is the mandatory adoption of AGESIC\u2019s Cybersecurity Framework, which entails:<\/p>\n<ul>\n<li>Implementing security measures based on each organization\u2019s specific risks.<\/li>\n<li>Appointing a person responsible for overseeing compliance with these policies.<\/li>\n<li>Conducting regular assessments of the security level and continuously improving.<\/li>\n<li>Reporting relevant cybersecurity incidents.<\/li>\n<li>Providing ongoing staff training.<\/li>\n<\/ul>\n<p><strong>Who does it apply to?<\/strong><\/p>\n<ul>\n<li>All state entities (ministries, local governments, autonomous agencies, etc.).<\/li>\n<li>Private companies that provide essential services such as healthcare, energy, water, transportation, finance, telecommunications, or major digital platforms.<\/li>\n<\/ul>\n<p><strong>What happens if it\u2019s not followed?<\/strong><br \/>\nAlthough the decree does not specify exact penalties, it does foresee consequences:<\/p>\n<ul>\n<li>Public entities could face administrative sanctions for incidents or data breaches.<\/li>\n<li>AGESIC may request reports, issue observations, or escalate serious cases to oversight bodies.<\/li>\n<li>If third parties are harmed, civil or criminal liability or fines related to data protection laws could be applied.<\/li>\n<\/ul>\n<p><strong>In summary<\/strong>, Uruguay aims for both the public sector and certain private actors to act with greater responsibility and foresight in an increasingly challenging digital environment.<\/p>\n<p><strong>Author:<\/strong> Manuel Pittaluga, partner specializing in Data Privacy<br \/>\n<strong>Contact email:<\/strong> manuel@pittaluga.com[\/vc_column_text][\/vc_column][vc_column width=&#8221;1\/3&#8243;][vc_single_image image=&#8221;4735&#8243; img_size=&#8221;full&#8221; css=&#8221;&#8221;][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column width=&#8221;2\/3&#8243;][vc_column_text css=&#8221;&#8221;]With Decree 66\/025, Uruguay takes a firm step toward more secure and responsible digital risk management, requiring public organizations and strategic companies to comply with standards defined by AGESIC. Decree No. 66\/025, approved on February 20, 2025, formally establishes the role of AGESIC\u2019s Information Security Directorate and sets out new rules that both&hellip;<\/p>\n","protected":false},"author":4,"featured_media":4735,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-4749","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","category-12","description-off"],"_links":{"self":[{"href":"https:\/\/pittaluga.com\/en\/wp-json\/wp\/v2\/posts\/4749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pittaluga.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pittaluga.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pittaluga.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/pittaluga.com\/en\/wp-json\/wp\/v2\/comments?post=4749"}],"version-history":[{"count":1,"href":"https:\/\/pittaluga.com\/en\/wp-json\/wp\/v2\/posts\/4749\/revisions"}],"predecessor-version":[{"id":4750,"href":"https:\/\/pittaluga.com\/en\/wp-json\/wp\/v2\/posts\/4749\/revisions\/4750"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pittaluga.com\/en\/wp-json\/wp\/v2\/media\/4735"}],"wp:attachment":[{"href":"https:\/\/pittaluga.com\/en\/wp-json\/wp\/v2\/media?parent=4749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pittaluga.com\/en\/wp-json\/wp\/v2\/categories?post=4749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pittaluga.com\/en\/wp-json\/wp\/v2\/tags?post=4749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}