Decree 12.573, which institutes the new National Cybersecurity Strategy (E-Ciber), was published this Tuesday (5)

The new E-Ciber represents a strategic and operational advancement by consolidating actions for prevention, incident response, institutional cooperation, and protection of the population, with special attention to digital inclusion and the resilience of public and private services. With a focus on fundamental rights, digital sovereignty, and technological development, these policies integrate a safer national ecosystem better prepared to face contemporary cyber risks.

Thematic Axes of E-Ciber 2025
The objectives of the National Cybersecurity Policy will be achieved through E-Ciber, structured into four articulated thematic axes that allow for parallel progress:

1. Citizen and Society Protection and Awareness
   The goal is to create secure conditions for the use of digital services by the entire population, with special attention to vulnerable groups such as children, adolescents, the elderly, and neurodivergent individuals. Planned Actions:

• Inclusion of digital citizenship and cyber risk topics in formal and informal education;
• National cybersecurity awareness campaigns;
• Support for victims of digital crimes; and
• Training for teachers, managers, and multipliers.

     2. Security and Resilience of Essential Services and Critical Infrastructure
          Aims to ensure that the digitalization of services in Brazil occurs with resilience and security, minimizing risks of disruptions and vulnerabilities. Planned Actions:

• Risk management and sectoral preventive measures;
• Alert and response mechanisms for cyber incidents;
• Security certifications and standards; and
• Support for small and medium-sized enterprises in post-attack recovery.

     3. National and International Cooperation and Integration
          Promotes articulation between different actors, both public and private, nationally and internationally, enhancing the capacity for prevention and response to incidents. Planned Actions:

• Creation of incident response centers (CSIRTs) and specialized laboratories;
• Exchange of information and best practices with other countries; and
• Development of a national cyber incident notification mechanism.

     4. National Sovereignty and Governance
          Focuses on consolidating digital sovereignty, strengthening governance, human and technological capital structures, and Brazil’s strategic presence in cyberspace. Planned Actions:

• Periodic update of the National Cybersecurity Policy;
• Development of a national cybersecurity maturity model;
• Stimulation of large-scale professional training; and
• Creation of a national body for governance and legislative harmonization.

This work is the result of proposals presented by the National Cybersecurity Committee (CNCiber). The creation of the new E-Ciber 2025 and its integration into the National Information Security Policy represent a qualitative leap in Brazil’s digital protection. This is a third-generation strategy, aligned with the world’s most advanced countries, aimed at strengthening national resilience, combating cybercrime, promoting digital inclusion, and respecting fundamental rights.

With articulated actions between the government, private sector, academia, and civil society, Brazil advances in building a secure, reliable, and sovereign cyber environment. This integrated structure is essential to ensure sustainable development, international competitiveness, and the protection of digital citizenship in an increasingly complex and digitalized global scenario.

By Dr. Patricia Peck (CEO and Founding Partner), Dr. Lucas Arthuso, and Dr. Rafaela Ribeiro (Digital Law, Data Protection, and Cybersecurity Specialists).

AUTHOR

• Patricia Peck
• Lucas Arthuso