Last review date: 31 December 2024

☒ omnibus – all personal data
☒ constitutional

Last review date: 31 December 2024

• The Constitution of the United Mexican States
• The Federal Law on the Protection of Personal Data held by Private Parties (“FDPL”) and its Implementing Regulations
• The Privacy Notice Guidelines
• Federal Consumer Protection Law

Despite the lack of a dedicated cybersecurity law in Mexico, various laws and regulations contain provisions that aim to safeguard the security of information, regulate data breaches, and address other related issues. Nonetheless, with respect to personal data, the key cybersecurity laws and regulations are the Federal Law on the Protection of Personal Data held by Private Parties and the Federal Criminal Code. In addition, certain sectors, such as the financial or public sector, have particular regulations on information security.

Last review date: 31 December 2024

N/A

Last review date: 31 December 2024

The Science and Technology Commission's Chamber of Deputies and the Republic Senate are working on an initiative to create a Federal Cybersecurity Law in Mexico. This law is intended to compile all current provisions related to cybersecurity and to provide a comprehensive legal framework for protecting national security in cyberspace, addressing the legislative gap, and combating and penalizing hacking. The acceleration of digitization and the sophistication of cybercriminals have made this legislation particularly necessary. There is currently no specific date set for the implementation of this law.

The disappearance of the National Institute for Transparency, Access to Information and Protection of Personal Data (“INAI”) has raised many questions about who will assume its responsibilities. According to the decree published on 20 December 2024 in the Official Gazette of the Federation, each power and public entity will be the controller of guaranteeing the rights of access to information and protection of personal data. In the private sector, the Secretariat of Anticorruption and Good Governance will assume these responsibilities. This transition is critical to ensure continued oversight and enforcement of data privacy and cybersecurity regulations. The Secretariat of Anticorruption and Good Governance will play a pivotal role in maintaining the integrity and security of personal and non-personal data within the jurisdiction, upholding the standards set forth by the existing regulatory framework.