The telecommunications market in Chile is undergoing a continuous transformation, characterized by the expansion of new technologies and increasingly demanding consumers. Supported by a consistent regulatory framework, this transformation has enabled the country to position itself as a regional leader in the industry.
As of this date, Chile’s telecommunications market is dominated by four main operators, which comprise almost the entire market: Entel, Movistar, Claro, and WOM.

According to the report issued by the Undersecretariat of Telecommunications (hereinafter, "SUBTEL"), as of June 2025, each company's share of the national market differs depending on the type of service, as indicated below:

• Mobile Internet: Entel 35.5%, Movistar 19%, Claro 18.4%, WOM 24.8%, Otros 2.3%.
• Fixed Internet: Entel 9.8%, Movistar 28.1%, Grupo Claro/VTR 27.6%.
• Mobile telephony: Entel 33.2%, Movistar 23.2%, Claro 20.9%, WOM 21.2%.
• Pay TV: VTR 29.5%, Movistar 20.4%, Claro 7.9%, Mundo 15.7%, DirecTV 17.5%.

According to data provided by SUBTEL, as of June 2025, the main technologies used for internet service are Fiber Optic (74.7%), HFC (22.0%), and other wireless technologies (3.0%), with 67.8% of households having fixed internet. By that date, Chile had a penetration rate of 135.7 fixed and mobile internet accesses (3G+4G+5G) per 100 inhabitants, totaling 27.4 million accesses. The 5G technology, introduced in the first half of 2022, reached 8,206,923 connections, although 4G still maintains the highest penetration levels. Meanwhile, 2G and 3G connections continue to decline, reaching minimal levels.

Regarding telephony service, the accumulated voice traffic for the first half of 2025 (fixed and mobile) showed a 10.0% decrease compared to the same period of the previous year. Mobile voice subscribers reached 121.2 subscribers per 100 inhabitants, totaling 24.5 million subscribers. Total fixed voice lines decreased by 15.1% over the last 12 months, while residential fixed lines fell by 17.5% over the same period. Currently, there are more commercial fixed lines than residential ones. In the case of Pay TV, household penetration reached 41.3% in June 2025, with 627,824 satellite accesses and 2,093,517 wireless accesses. This represents a 9.6% decrease in subscriptions over the past 12 months, reaching 13.5 subscriptions per 100 inhabitants.

Among the most relevant advances are the launch of the 5G network in 2022 –which has reached nationwide coverage of more than 90%–  and its continued extension;  the expansion and consolidation of the national fiber optic backbone, with more than 62,000 km approximately deployed through both state projects and private initiatives; the growth of data center infrastructure, boosted by the National Data Center Plan, with more than 30 projects under development and approximately USD 2.3 billion invested over the past five years (as of September 2025). This has led to the commissioning of Microsoft’s first data center in Chile, positioning the country as a regional digital hub. Other key developments include the active expansion of the satellite industry through the provision of satellite internet services (Starlink), the recent experimental service of direct-to-mobile satellite SMS services and the adoption of artificial intelligence (AI), driven by the National AI Policy updated in 2024.

Continued efforts are required for the rollout of 5G and fiber optic networks through initiatives such as the Digital Divide Zero Plan, which seeks to improve connectivity, and projects like Última Milla, whose main objective is to deliver high-quality connectivity services directly to users. Progress is also being made in digital television, including the full implementation of the analog switch-off. Moreover, further development and investment in digital infrastructure is expected, including data centers and strategic initiatives such as the Humboldt Project—a submarine fiber optic cable that will provide faster, safer, and more direct data transmission between Oceania and Chile. This project will support the deployment of cutting-edge technological tools and promote the growth of the national software and artificial intelligence sectors, both of which depend on robust connectivity. In addition, efforts are underway to update the regulatory framework to enable the nationwide expansion of direct-to-device technology. 

Telecommunications are governed mainly by Law No. 18,168, the Chilean General Telecommunications Act (“Telecom Act”), which sets the general framework for the regulation of the telecommunications sector, establishing rights and obligations for the operation of telecommunications services, and regulates the use of the radio spectrum. In addition to the Telecom Act, provisions have been issued to regulate and/or complement specific aspects of the Telecom Act, as well as technical standards issued by SUBTEL, which is the authority responsible for supervising compliance with telecommunications regulations and sanctioning any breach.

According to the Telecom Act, there are three types of licenses for the provision of telecommunications services, all of which are granted by the State on a temporary basis. The applicable authorization depends on the type of service to be provided, as detailed below:

• Concession: required for (a) public services (fixed and mobile telephony; data transmission; and specialized radio communications); (b) intermediate services (transmission and/or switching; long-distance telephony); and (c) sound broadcasting services (AM, FM, shortwave). Concessions are granted by a Supreme Decree issued by the Ministry of Transport and Telecommunications. Concessions for public and intermediate telecommunications services are granted for a 30-year term, renewable for successive equal periods upon the concessionaire’s request, while broadcasting concessions have a 25-year term, with the concessionaire holding a preferential right to renewal. As of July 2024, Internet access is considered a public service.
• Permit: required for limited telecommunications services (radio communications, background music, cable and satellite television, and experimental services) are granted by an exempt resolution issued by SUBTEL for a 10-year term, renewable upon request of the interested party, except for limited television services that do not use the radio spectrum, which are indefinite.
  
  As a general rule, both concessions and permits are granted through public tenders, although in certain cases they may be granted directly and require the submission of the applicant’s technical, legal, and financial background.
• License: Granted by SUBTEL for the operation of limited services consisting of experimental stations and stations operating in local or community bands (such as amateur radio and local band services). These licenses are valid for five years, renewable for equal periods upon request of the interested party.

The requirements, conditions, and procedures for granting each of these authorizations are established in the Telecom Act, as well as in its implementing regulations and technical standards issued by SUBTEL.

Under the Telecom Act, only legal entities—public or private—that are duly incorporated and have their registered office in Chile are eligible to hold or otherwise exercise rights under a telecommunications concession. Also, presidents, general managers, administrators, and legal representatives of a sound broadcasting concessionaire must be Chilean nationals. In the case of boards of directors, foreign nationals may serve as directors, provided that they do not constitute a majority of the board.

As a general rule, prices of telecommunication services are freely determined by providers. Only exceptionally, price regulation applies under circumstances where market conditions are insufficient to ensure competitive prices and in the following cases, set forth in the Telecom Act:

• Prices charged by a public telephone service concessionaire to intermediate service providers offering long-distance services through a multi-carrier system.
• Prices applied between concessionaires for services delivered through interconnection arrangements.
• Prices for local and international long-distance services, excluding mobile telephony—as well as for switching and/or transmission services provided as intermediate services or private circuits, if the National Competition Tribunal explicitly finds that market conditions are insufficient to maintain price freedom¹.

[1] The most recent decision in this regard is Report No. 37/2025 from the National Competition Tribunal, which overrules previous Report No. 2/2009 and concludes that there are now competitive conditions for free pricing across virtually all services analyzed, keeping regulated rates only for the “Local Segment” and, on a transitional basis, multi-carrier facilities. It also clarifies that intermediate services consisting solely of infrastructure fall outside tariff regulation and follow free pricing.

Under the Telecom Act, any transfer, assignment, lease, or granting of the right to use a concession or permit, in any form, requires prior authorization from SUBTEL, which cannot be denied without just cause. In the case of sound broadcasting concessions, such authorization may not be requested until the works and installations of the concession have been approved and at least two years have elapsed from the date on which the service was legally commenced. The acquirer assumes all obligations of the original concessionaire or permit holder, as applicable. Moreover, concessionaires must inform SUBTEL within 10 days of any changes to the presidency, board of directors, management, administration, or legal representation. Finally, for corporations (sociedades anónimas) or limited partnerships by shares (sociedades en comandita por acciones), any subdivision or transfer of shares must be reported; for partnerships (sociedades de personas), any admission or withdrawal of partners or changes in ownership interests must be communicated.

The principle of universal access to telecommunications applies. Accordingly, the Telecom Act establishes that all inhabitants of the Republic shall have free and equal access to telecommunications services, and any person may apply for concessions and permits under the terms and conditions set forth by law.

This principle has been implemented through various initiatives, including:

• Enactment of Law No. 21,678 in 2024, which establishes internet access as a public service. The law aims to ensure connectivity for all citizens.
• Plan Brecha Digital Cero, aimed at guaranteeing nationwide connectivity regardless of geographic location or economic status.
• Digital TV, a free HD signal available in all regions of the country, without requiring any subscription, internet plan, or cable service.
• Universal Accessibility Policy, establishing mechanisms such as promotion programs or subsidies to progressively provide telecommunications services to all residents throughout the national territory.

According to the Telecom Act, public telecommunications service concessionaires must provide services to any interested party who requests them within their authorized service area, as defined by their concession, and also to those located outside the service area, provided that such parties assume the costs of the necessary extensions or reinforcements. Furthermore, public and intermediate telecommunications service concessionaires are required to establish and accept interconnections under the technical standards, procedures, and timeframes established by SUBTEL, in order to ensure that subscribers and users of public services of the same type may communicate with each other, both within and outside the national territory.
Law No. 20,453 introduced network neutrality for internet consumers and users. Under this law, public telecommunications concessionaires that provide services to internet access providers, as well as internet service providers themselves, are prohibited from blocking, interfering with, discriminating against, obstructing, or arbitrarily restricting any user’s right to use, send, receive, or offer any lawful content, application, or service over the internet, as well as any other lawful activity conducted through the network. They are also prohibited from limiting a user’s right to install or use any type of lawful device or equipment on the network, provided such devices do not harm or degrade the network or the quality of service. Notwithstanding the aforementioned, service providers must offer, at the users’ request and expense, parental control services for content that violates the law, morality, or public decency, provided that users are clearly and accurately informed in advance about the scope and limitations of such services.

The radio spectrum is considered a national public asset belonging to the entire Nation. It is administered by SUBTEL, which is the authority responsible for regulating spectrum use, granting authorizations and establishing applicable fees. In the case of high-demand mobile frequencies, such as those used for 5G services, allocation is carried out through a public tender process.

Chile allows for the leasing and transfer of licenses under the terms and conditions established in the Telecom Act.

The installation of telecommunications infrastructure may require obtaining different authorizations -both national and sectoral- depending on the characteristics of the project and its location. For instance, in addition to SUBTEL’s authorization, a project may need to undergo an environmental assessment process and obtain the corresponding Environmental Qualification Resolution ("RCA"). Other permits may also be necessary, such as authorizations from municipalities, approvals from sectoral entities like the National Forest Service or the National Assets Office (Bienes Nacionales), as well as agreements with private parties for the acquisition of rights of way.

The use of support structures, such as towers and poles, is regulated considering technical, safety, urban planning, and public space use aspects, with shared infrastructure being prioritized. The Telecom Act grants telecommunications service providers the right to install or cross aerial or underground lines and deploy radiating systems over existing authorized infrastructure on public assets, solely for the purposes of their service. This right also applies to infrastructure associated with public service or public works concessions and fiscal property, including the installation of supporting structures if necessary. Such rights must be exercised without interfering with the primary use of the assets and in compliance with all applicable laws, regulations, technical standards, and municipal rules, ensuring equality, transparency, and non-discrimination. The exercise of this right is carried out through easements, which may be legal (over fiscal property or public concessions) or conventional (agreed upon between parties on private property).

In Chile, the shared use of physical infrastructure principle applies, according to which the deployment of telecommunications networks should be carried out efficiently, making proper use of already established infrastructure, thereby promoting its shared use regardless of its ownership or original purpose. In this regard, the legislation establishes that all holders of public or intermediate telecommunications services, before proceeding with the installation of radiating transmission systems, must verify whether support infrastructure from another operator or authorized company is already in operation, where such antennas or radiating systems could feasibly be installed and which has been authorized in accordance with the applicable requirements. For this purpose, the corresponding authorizations must be obtained.

In addition, Law No. 20.599 ("Antenna Law") establishes the regulatory framework governing the installation of antenna support towers and radiating systems for telecommunications services in Chile. It sets forth technical, urban, and procedural requirements, regulating where such infrastructure may be installed (urban, rural, risk, and protected areas), where it may not be installed (saturated zones or sensitive sites such as hospitals, schools, and similar facilities), and under what conditions (municipal permit or notice, minimum setback distances, architectural harmonization, and co-location). In particular, co-location is mandatory in restricted areas. Requesting operators must require authorization to use existing supports; owners must answer and may refuse only on narrow statutory grounds. Disputes are adjudicated by SUBTEL, whose favorable ruling compels immediate access and service launch within defined timelines.

In addition to the corresponding authorization granted by SUBTEL, depending on the characteristics of the project, it may be necessary to obtain an Environmental Qualification Resolution ("RCA") from the environmental authority, which, as mentioned, involves submitting the project to an environmental impact assessment process to ensure compliance with environmental regulations. Additionally, it may be necessary to apply for a maritime concession before the maritime authority ("DIRECTEMAR").

The same as those already explained, depending on whether it is an intermediate or limited telecommunications service, as previously described. There are no specific considerations based on the type of constellation.

A limited satellite television service permit is required for the installation and operation of ground stations in the SHF band. A concession is required in other cases, depending on whether the service is public or intermediate.

Currently, there is no specific regulation on this matter; Chile is in the process of developing and enabling this technology. The country has become one of the first in Latin America to take the necessary steps to allow this technology. In collaboration with Starlink and Entel, a successful test was conducted that enabled a mobile phone to connect directly to a satellite. The experimental test was made possible through a permit granted by SUBTEL, and the regulatory framework is being adapted so that this service will be available for public use.

Telecommunications devices must undergo type approval before being commercialized or connected to public networks. SUBTEL regulates this process through specific technical standards. Successful type approval results in certification, issued by a certifying company, confirming that the equipment model has been approved. To streamline the process, SUBTEL publishes a list of certified companies on its website, which are authorized to perform basic type approvals before the equipment is sold.

The audiovisual market in Chile is characterized by a transition toward digital platforms, with a growing participation of OTT services. According to SUBTEL, as of June 2025, Pay TV has a 41.3% penetration rate in Chile, with 2.72 million subscribers, representing a 9.6% decrease compared to the same period of the previous year. The use of OTT platforms has experienced significant growth in recent years.

The main players in the free-to-air television market are: (i) Grupo Bethia, a Chilean holding company and majority owner of Megavisión; (ii) Paramount Global, owner of Chilevisión; (iii) Grupo Luksic, a Chilean holding company that owns Canal 13; and (iv) TVN (Televisión Nacional de Chile), owned by the State of Chile. Together, they have 95% of the audience.

In the Pay TV sector, VTR is the leading cable television provider in Chile with a 29.5% market share as of June 2025, followed by Movistar with 20.4%, DirecTV with 17.5%, Mundo with 15.7%, and Claro TV with 7.9%.

Regarding OTT platforms, according to a report dated June 11, 2025, issued by the National Consumer Service (SERNAC), the most used platforms are: (i) Netflix with 88.9%, (ii) YouTube with 85.3%, (iii) Disney+ with 71.9%, (iv) Max with 66.3%, and (v) Prime Video with 55.8%.

The main issue relates to the regulatory framework, as the current legal framework faces challenges in adapting to new market dynamics, particularly regarding the regulation of digital platforms.

The main regulations applicable to audiovisual communication services are:

• Law No. 18,168, General Telecommunications Law ("Telecom Act").
• Law No. 19,981, Audiovisual Promotion Law
• Law No. 18,838, Creates the National Television Council ("CNTV")
• Law No. 20,750, Digital Television Law

The main authorities responsible for regulating this sector are:

• SUBTEL
• National Television Council ("CNTV")

The type of permit depends on the service to be provided:

1. Free-to-air television: Requires the granting of a concession by the National Television Council ("CNTV"), with a term of 20 years for services provided with the broadcaster’s own resources (with a preferential right to renewal) and 5 years for those provided with third-party resources (also renewable). Concessions are granted through a public tender called by CNTV and require the submission of the applicant’s technical, legal, and financial background (in exceptional cases, direct granting is allowed as provided by law). The term of existence of legal entities may not be shorter than that of the concession.
2. Pay television (cable or satellite): Considered a limited telecommunication service, it requires a permit granted by SUBTEL through an Exempt Resolution. It has a term of 25 years (renewable) or an indefinite term in the case of limited television services that do not use the radio spectrum.
3. OTT platforms: Are not subject to concession and are regulated only by the general rules on consumer protection, competition, and intellectual property.

In the case of free-to-air television concessions, authorization from CNTV is required, after a favorable report from the National Economic Prosecutor’s Office. For concessions granted through a public tender, the authorization cannot be requested until the necessary transmission works and facilities have been approved and at least two years have passed since the date on which legal transmissions commenced. In all other cases, authorization from SUBTEL is required, which cannot be denied without just cause. The transferee must comply with the same requirements and will be subject to the same obligations as the original concessionaire or permit holder, and a new financial plan submitted by the acquirer must be approved.
The transfer, assignment, lease, or granting, by any means, of the right to free-to-air television broadcasting may not result in a change in the nature of the signals, except with a duly justified authorization of the CNTV.

No, regarding audiovisual communication services.

No new concessions using their own resources may be granted to legal entities that already hold a concession of the same nature, or that control or manage other holders of free-to-air television broadcasting service concessions that have been awarded through a public tender, within the same service area — except for the specific exception established for Televisión Nacional de Chile, a State-owned company. The limitations apply to the corresponding corporate group.

No, not in a dedicated registry.

TV providers are required to transmit at least 4 hours of cultural programming per week. Programs shall be considered cultural if they address the values arising from the country’s multicultural identities, focus on civic education, or aim to promote and strengthen national, regional, or local identities.

For sound broadcasting concessions, at least 20% of the total daily music broadcast must consist of national music, distributed throughout the daily programming schedule. No more than half of this national music quota may be concentrated in nighttime hours (from 10:00 p.m. to 6:00 a.m.). Of the required percentage of national music, at least 25% must consist of: (i) emerging musical works or performances, meaning those recorded within the last three years prior to broadcast, or (ii) regional or local musical compositions or performances, according to the station’s concession area.

TV providers are required to transmit at least 4 hours of cultural programming per week. Two of these four hours must be aired during prime-time hours established by the National Television Council ("CNTV"), while each concessionaire may determine the specific day and time within that schedule. The equivalent of the remaining two hours, as also determined by CNTV, may be broadcast at other times. When more than one television signal is operated, controlled, or managed within the same service area, this obligation must be fulfilled for each signal. In the case of limited television service permit holders, this requirement shall be met considering the total number of channels included in their basic package. 

The CNTV may establish a quota of up to 40% of Chilean-produced content for programs broadcast by free-to-air television channels. This percentage must include the screening of nationally produced independent films, documentaries, and short films.

Pay TV operators must include, in the region or locality where they operate and whenever technically feasible, at least four regional, local, or community channels in their respective programming line-ups. The distribution of these channels through limited television services may not alter the service area of the corresponding concessionaire. The costs of interconnection required for the transmission of such signals shall always be borne by the concessionaire. The CNTV is responsible for determining, through a public tender process, which channels must be carried by such operators, for a maximum period of five years, ensuring a representative diversity among them and giving preference to educational and cultural channels. This obligation does not apply to national channels.

There are no specific legal restrictions distinguishing domestic from foreign advertising production.

Advertising for people under 18 years of age must comply with child protection standards.

There are child protection time slots, during which the broadcast of certain advertising content is limited or prohibited (from 6:00 a.m. to 9:00 p.m.), and restrictions on inappropriate content for minors must be observed. For example, television advertising for alcoholic beverages may only be aired between 10:00 p.m. and 6:00 a.m. Advertising promoting the consumption of drugs classified as illegal is prohibited. Advertising of tobacco and cigarettes is prohibited in all audiovisual media.

The transmission or exhibition of films rated by the Film Rating Council as containing pornographic or excessively violent content is prohibited on free-to-air television broadcasting services.

Advertising aimed at children under 14 that promotes the consumption of foods high in sugar, saturated fats, or sodium, and that, through its graphics, symbols, or characters, primarily attracts their attention, is prohibited. Television and cinema services may only air such advertising between 10:00 p.m. and 6:00 a.m., and only if it is not targeted at children under 14.

In addition to the above, Chilean legislation imposes specific advertising restrictions on certain regulated products. The Sanitary Code (Código Sanitario) prohibits advertising that could mislead the public or harm collective or individual health. The advertising of pharmaceutical products is strictly limited to those authorized for over-the-counter sale.

These rules are complemented by the Consumer Protection Act (Law No. 19.496) and the Chilean Advertising Ethics Code, which mandate that all advertising be truthful, verifiable, and non-deceptive, regardless of the medium or audience.

No, there is no official registry of advertisers, nor any reciprocity obligations.

Generally, audiovisual services are subject in Chile to income tax and value-added tax.

There are no licensing requirements, registration obligations, quotas, or specific regulations for these platforms. However, as of June 2020, a requirement was introduced to declare and pay VAT (19%) on digital services provided by suppliers without domicile or residence in Chile, which includes platforms such as Netflix, Spotify, Amazon Prime, and others.

There is no specific regulation for Artificial Intelligence (AI). However, in 2021, the country approved its first National Artificial Intelligence Policy, updated and approved in 2024. Its main objective is to promote sustainable and equitable national development, while encouraging the ethical and responsible use of artificial intelligence, placing technology at the service of people. Associated with this Policy is the Artificial Intelligence Action Plan, which sets forth the initiatives required to achieve the objectives outlined in the Policy.

Since those milestones, significant progress has been made in this area. For instance, the National Center for Artificial Intelligence ("CENIA") was established, and in May 2024, the Artificial Intelligence Systems Bill (Bill No. 16821-19) was introduced in the National Congress, where it is currently under discussion. The bill establishes a risk-based framework categorizing AI systems as unacceptable, high, limited, or no-risk, and mandates transparency, human oversight, and accountability obligations.

Additionally, to ensure consistency across the public sector, the Ministry of Science, Technology, Knowledge, and Innovation, the competent authority in this area, issued the document titled “Guidelines for the Use of Artificial Intelligence Tools in the Public Sector.” This document provides general principles and recommendations aimed at promoting the responsible, ethical, safe, and transparent use of AI-based tools within public administration.

There are no binding requirements yet for AI-based services in Chile. Nonetheless, the draft AI Bill and Law No. 19.628 on Personal Data Protection (amended by Law No. 21.719, effective December 2026) provide an emerging regulatory baseline. In particular, amended Law No. 19.628 grants individuals the right not to be subject to decisions based solely on automated processing of personal data, including profiling, when such decisions produce legal or similarly significant effects. The same regulation requires that, whenever automated decisions are allowed (based on consent, contract performance, or legal mandate), data controllers must ensure transparency, the right to explanation, human intervention, the ability to express one’s point of view, and to request a review of the decision.

Although Chile does not currently have general regulations applicable to artificial intelligence, there are certain sectoral binding regulations that govern the use of artificial intelligence (particularly in sectors where its use is frequent), such as, among others:

• CMF General Norms and Circulars on risk management, IT governance, outsourcing and cloud services, and rules requiring documentation, model validation, and incident reporting applicable to artificial intelligence systems used for trading, credit scoring, robo-advice, and other financial services.
• Data Protection Law (Law No. 19.628) establishes limits on the collection, storage, and disclosure of personal data and sets duties of confidentiality, proportionality, and purpose limitation, all of which apply to the processing of personal data by artificial intelligence. Amended law, effective in December 2026, establishes strict requirements on lawful processing, security, and accountability for AI systems using personal data, including privacy by design, data protection impact assessments, and mandatory security breach notifications.
• Consumer Protection Law (Ley N° 19.496) and SERNAC enforcement actions: Binding rules on information duties, unfair practices, and product/service safety apply to artificial intelligence-driven products and services (i.e., requirements to provide truthful information, not to deceive consumers, and to ensure safety).
• Competition Act (Decree Law No. 211) prohibits anticompetitive agreements and abuses of a dominant position. Enforcement against algorithmic collusion or exclusionary conduct is binding under existing competition rules.

In April 2017, Chile approved its first National Cybersecurity Policy for the period 2018–2022, establishing the State’s strategic framework in cybersecurity with the objective of ensuring a free, open, secure, and resilient cyberspace. This policy was updated in 2023 with the adoption of the National Cybersecurity Policy 2023–2028, which is complemented by the National Cybersecurity Policy Plan 2023–2028.

In addition, Chile recently enacted Law No. 21.663, the Cybersecurity Framework Law, which establishes a new institutional structure for cybersecurity. The law creates the National Cybersecurity Agency ("ANCI"), whose main function is to safeguard, promote, and ensure the right to cybersecurity. It also establishes the Multisectoral Cybersecurity Council, which advises ANCI and provides recommendations through the periodic analysis and review of the national cybersecurity situation, and the National Security Incident Response Team ("CSIRT"). The law sets forth the principles and regulatory framework for coordinating cybersecurity actions among State entities and between the public and private sectors, imposing a series of obligations on both public and private entities primarily aimed at protecting the country’s critical infrastructure against cyber threats.

This regulatory framework is further complemented by: (i) the Cybersecurity Incident Reporting Regulation, approved by Supreme Decree No. 295/2024, which establishes reporting obligations for public and private institutions that provide essential services or have been designated as operators of vital importance, in relation to cyberattacks or cybersecurity incidents that may have significant effects, and defines the minimum content of such reports; (ii) Exempt Resolution No. 7 of 2025, which approves the cybersecurity incident taxonomy and sets out the official reporting process through the national cybersecurity platform; and (iii) Law No. 21.459 on Cybercrimes.

The Cybersecurity Framework Law establishes a series of general and specific obligations for public and private institutions that, according to the law, provide services classified as essential ("SE") (e.g., electricity generation, transmission, and distribution companies; telecommunications and internet operators; financial institutions; public transport companies; hospitals/clinics; water and sanitation companies) and those classified as Operators of Vital Importance ("OIVs").

Among the general obligations, which may be technological, organizational, physical, or informational in nature, the obligation to implement the protocols and standards established by the National Cybersecurity Agency is particularly relevant, as well as sector-specific cybersecurity standards issued under the relevant sectoral regulation.

Among the specific obligations, the following can be highlighted: (a) implement a continuous information security management system; (b) maintain a record of actions carried out as part of the information security management system; (c) develop and implement operational continuity and cybersecurity plans, subject to periodic reviews by the obligated entities, with a minimum frequency of every two years; (d) continuously carry out reviews, exercises, drills, and network analyses; (e) promptly and efficiently adopt measures necessary to mitigate the impact and spread of a cybersecurity incident; (f) hold specific certifications as established by law; (g) inform potentially affected parties, as far as they can be identified and when required by the Agency, about incidents or cyberattacks that could seriously compromise their information or IT systems; (h) maintain training, education, and continuous professional development programs for their employees and collaborators; and (i) designate a cybersecurity officer, who will act as the counterpart to the National Cybersecurity Agency ("ANCI").

There are several relevant jurisdictional cases related to cybersecurity incidents where private or public entities were sanctioned because of an infringement following cybersecurity incidents or data breaches. The following are some examples:

1. Banco de Chile - 2018 SWIFT-related cyberattack (funds transfer fraud)
   
   Summary: A major cyber heist using malware and fraudulent SWIFT messages to transfer funds abroad. Banco de Chile sued insurers and faced regulatory investigations.
   
   Outcome: Legal disputes over insurance coverage; Superintendencia de Bancos e Instituciones Financieras (SBIF, now part of CMF) and other authorities increased oversight; banks implemented stronger controls. Specific monetary administrative fines were discussed in regulatory follow-ups and enforcement actions impacting compliance practices.
   
   On May 24, 2018, Banco de Chile suffered a cyberattack involving malware that affected the SWIFT system, which is used for high-value interbank transactions. As a result, four fraudulent payments were made, totaling approximately 10 million U.S. dollars. The bank’s owner filed a criminal complaint in Hong Kong, as most of the funds were transferred to that region of China.
   
   In response, the Chilean Ministry of Finance convened a working group on operational continuity in the financial system, aimed at enhancing standards for cyberattack prevention and response. Additionally, the SBIF conducted an investigation and required bank general managers to take immediate actions to strengthen IT security. Among the first measures implemented by the bank following the attack were the creation of a Cybersecurity Division, the review and strengthening of security protocols, the modernization of technological infrastructure, collaboration with cybersecurity experts, and staff training programs.
   
   Regarding sanctions, no fines or direct regulatory penalties were imposed on Banco de Chile as a result of this cyberattack. However, the incident prompted both the institution and the Chilean financial sector to adopt preventive measures and reinforce resilience against future cyber threats, becoming a reference case in banking cybersecurity in Chile.
   
   
2. Massive Cyberattack on Estado Mayor Conjunto de las Fuerzas Armadas - 2022
   Summary: Massive cyberattack targeting the Joint Chiefs of Staff of Chile, resulting in the leak of classified documents, including information on cybersecurity, satellite communications, and logistics. The breach exposed internal vulnerabilities and previously unaddressed security weaknesses.
   
   Outcome: Ministry of Defense and EMCO initiated internal investigations and administrative reviews; stricter security protocols and staff training were implemented. No criminal sanctions reported; collaboration with international cybersecurity organizations enhanced cyber defense capabilities
   
   In September 2022, a massive cyberattack targeted the Joint Chiefs of Staff ("EMCO") of Chile, resulting in the leak of approximately 400,000 documents and emails, many of which were classified as restricted, secret, or top secret. The leak included sensitive information regarding cybersecurity strategy, satellite communication monitoring systems along borders, logistical plans, and other data relevant to national security.
   
   In response to the incident, the Consejo para la Transparencia requested EMCO to provide information about the leaked documents and the measures adopted to handle the incident, considering its potential impact on individuals’ rights and national security.
   
   According to investigative reports, the leak occurred due to improperly secured data storage, despite previous warnings about vulnerabilities. As a consequence of the cyberattack, the Ministry of Defense launched a comprehensive review of EMCO’s security systems, implementing stricter security protocols, strengthening staff cybersecurity training, and adopting measures to protect classified information through the implementation of zero-trust practices in system architecture. Additionally, the Ministry filed a complaint with the military justice system to investigate internal responsibilities related to the hack, and an administrative inquiry was initiated to determine possible negligence or failures in security protocols. To date, no specific criminal sanctions have been reported against individuals within the institution.
   
   Finally, communication channels were established with international cybersecurity organizations to share information about the attack, enhance the country’s cyber defense capabilities, exchange intelligence on threats and vulnerabilities, and implement best practices in information security.

Other cases that should be mentioned are:

1. Universidad del Desarrollo / Clínica Alemana incident investigations - healthcare data breaches (various years)
   
   Summary: Several healthcare providers and universities faced leaks of patient/student data, prompting complaints to the Agencia de Protección de Datos/Consejo para la Transparencia.
   
   Outcome: Administrative investigations led to required remedial measures, reputational sanctions, and sometimes fines or settlements under data protection and health confidentiality rules.
   
   
2. Municipality of Peñalolén / other municipalities - leaks and improper data handling
   
   Summary: Municipalities have been subject to transparency authority decisions for improper publication or handling of personal data.
   
   Outcome: Rulings ordering removal of data, process changes, and compliance measures; some decisions included fines or injunctions.
   
   
3. Entel / Telefónica and telecom incidents - regulatory enforcement and resolutions
   
   Summary: Telecom operators have faced administrative actions for service outages and improper handling of user data.
   
   Outcome: Fines, service remediation orders, and strengthened regulatory conditions imposed by SUBTEL and consumer protection authorities.
   
   
4. SERNAC enforcement actions against digital platforms - security/privacy failures
   
   Summary: Consumer agency investigations into platforms with security lapses that exposed consumer data or caused consumer harm.
   
   Outcome: Administrative sanctions, corrective measures, and requirements to improve security practices and provide redress.
   
   
5. Servicio de Impuestos Internos ("SII") - 2016 data exposure administrative sanction
   
   Summary: The Internal Revenue Service ("SII") experienced exposure of taxpayer data. The Consejo para la Transparencia investigated and sanctions/proceedings addressed obligations on handling personal data and transparency duties.
   
   Outcome: Administrative scrutiny and corrective measures; emphasized the duty to protect personal data and improve safeguards.

Public and private institutions providing essential services ("SE") and Operators of Vital Importance ("OIVs") must promptly and efficiently adopt the necessary measures to mitigate the impact and spread of a cybersecurity incident. They are also required to report cyberattacks and cybersecurity incidents that may have significant effects on the National Security Incident Response Team, as soon as possible, through the platform provided by the National Cybersecurity Agency ("ANCI") or through other means established by ANCI for this purpose. The established reporting deadlines are as follows:

• Early alert: Within a maximum of three hours from becoming aware of the incident.
• Second report: Within a maximum of seventy-two hours, providing an update of the initial information, including a preliminary assessment of the incident, its severity and impact, as well as indicators of compromise, if available. The deadline is reduced to 24 hours if the affected institution is an OIV and its essential service provision is impacted.
• Final report: Within a maximum of fifteen calendar days from the submission of the early alert, meeting the requirements established by law. If the incident is still ongoing after the submission of the final report mentioned above, it shall be replaced by an interim report on the situation at that time. The final report must be submitted within fifteen calendar days from the moment the incident has been managed.

Institutions are required to report incidents and coordinate their actions with the National Cybersecurity Agency and the National Security Incident Response Team, which are responsible for responding to cyberattacks or cybersecurity incidents when these have a significant impact.

Cyber-related offenses are regulated under Law No. 21.459 (2022) on Cybercrimes, which implements the Budapest Convention.

The law defines and penalizes a broad range of computer-related crimes, including unauthorized access, illegal interception, data interference, system interference, computer fraud, forgery of computer documents, and misuse of devices.

Penalties include imprisonment and fines, with aggravated sanctions when offenses target critical infrastructure, essential services, or state information systems.

Chile acceded to the Budapest Convention on Cybercrime in 2017 and, in 2022, signed the Second Additional Protocol to enhance international cooperation in cross-border digital evidence collection. In 2024, the country was designated a regional hub for the Council of Europe’s GLACY-E Program on cybercrime, and in 2025, it joined the Counter Ransomware initiative, aimed at coordinating global efforts to combat ransomware attacks.

Other notable initiatives include:

• Signing a Memorandum of Understanding on cybersecurity and cyber defense cooperation with the United Kingdom in 2019.
• In 2024, signing a bilateral cooperation agreement with Brazil to improve cybersecurity risk management and preparedness.
• Signing a Memorandum of Understanding on cybersecurity cooperation with Spain in 2018.
• Maintaining a defense cooperation agreement with South Korea, which includes cybersecurity, signed in 2019 and promulgated in 2023.
• Proposing and approving new measures to promote trust and cooperation in cyberspace with the Organization of American States ("OAS") in 2022.
• Launching the “Strengthening and Capacity Building in Cybersecurity in Latin America and the Caribbean” Project with the European Union, which will allow Chile to strengthen its cybersecurity policies, including the development of its Cybersecurity Framework Law and the implementation of its National Cybersecurity Agency ("ANCI").
• Signing a Memorandum of Understanding on Cybersecurity Cooperation with the National Cybersecurity Directorate of Israel in 2019.