Last review date: 31 December 2025
Despite the lack of a dedicated cybersecurity law in Mexico, various laws and regulations contain provisions that aim to safeguard the security of information, regulate data breaches, and address other related issues. Nonetheless, with respect to personal data, the key cybersecurity laws and regulations are the Federal Law on the Protection of Personal Data held by Private Parties and the Federal Criminal Code. In addition, certain sectors, such as the financial or public sector, have particular regulations on information security.
Last review date: 31 December 2025
Other than confidentiality provisions and the protection of industrial secrets, there are no laws that specifically govern the processing of non-personal data. However, there are several sector specific laws applicable to public entities, which provide that data should be stored in Mexico, preferably on-premises, especially for cloud projects.
For private entities pertaining to the financial sector, the Law to Regulate Financial Technology Institutions, as well as specific operational continuity rules issued by the regulator (Comisión Nacional Bancaria y de Valores), apply.