Starting November 26, 2025, all telecom service providers in Brazil must prove compliance with cybersecurity audits of their equipment suppliers — as established by Anatel’s Act No. 16,417/2024.
🔐 The audits must be carried out by qualified entities, such as Designated Certification Bodies (DCBs) recognized by Anatel or accredited international institutions.
Suppliers will be responsible for issuing certificates of compliance, confirming adherence to Anatel’s cybersecurity guidelines.
The audits will focus on key principles:
✅ Security by Design – code analysis and vulnerability management
✅ Security by Default – password protection and control of unnecessary functions
✅ Privacy by Design – encryption of sensitive data
✅ Support Policies – timely security updates
✅ Coordinated Vulnerability Disclosure (CVD) – transparent communication of vulnerabilities
These measures reinforce Brazil’s commitment to secure telecom networks and alignment with international cybersecurity standards.
🔎 For more information and guidance on compliance, contact TrustCert.
