Decree No. 66/025: Strengthening Cybersecurity in Uruguay.

Cybersecurity, Digital Transformation, , , ,

On February 25, 2025, the Executive Branch of Uruguay promulgated Decree No. 66/025, establishing new guidelines for cybersecurity management in the country. The main objective of this decree is to strengthen the protection of information systems and critical infrastructure against cyber threats.[1]

Scope of Application

The decree applies to:

  • All public entities of the Uruguayan State.[1]
  • Private entities operating in sectors considered critical or providing essential services.[2]

This measure seeks to ensure that both the public and private sectors adopt adequate cybersecurity standards, especially in areas where a failure could have significant consequences for society or the economy.

Main Provisions

Although the full text of the decree details various obligations and procedures, the following aspects stand out:

  • Implementation of Security Policies: Entities must develop and implement information security policies that address the prevention, detection, and response to cyber incidents.
  • Incident Notification: The decree establishes the obligation to notify the competent authorities of any security incident that may compromise the integrity, confidentiality, or availability of information.
  • Periodic Assessments: Organizations must conduct periodic risk assessments and audits to ensure compliance with established security measures.
  • Training and Awareness: Continuous training of personnel in cybersecurity and awareness of good practices in information management are promoted.

Implications for Organizations

This decree represents a significant step toward consolidating a cybersecurity culture in Uruguay. Organizations, both public and private, must review and, where appropriate, adapt their security systems and policies to comply with the new requirements. Failure to comply with these provisions could result in sanctions and undermine user and customer confidence.

Conclusion

Decree No. 66/025 reinforces the Uruguayan State’s commitment to protecting its digital infrastructure and its citizens’ information. It is essential that all entities understand the importance of these measures and work proactively to implement them.[1]

“This regulation is not the solution, but it is the guide to follow to find it.”

For more details, the full text of the decree can be found on the official IMPO website: https://www.impo.com.uy/bases/decretos/66-2025.

I will continue to develop this and other related topics here on the blog and on my LinkedIn.

References to the text:

[ 1 ] – “Subjective scope. This Decree shall apply to all public entities and private entities linked to critical services or sectors of the country.”

[ 2 ] – “Critical sectors: health, public order, emergency services, energy, telecommunications, transportation, drinking water supply, ecology and environment, agribusiness, industry, public services, banking and financial services, and defense, and other sectors of interest as determined by the Executive Branch in due course, with the advice of the Agency for the Development of Electronic Government Management and the Information and Knowledge Society.”

Leave Comment

Your email address will not be published. Required fields are marked *