On November 17, 2025, the National Cybersecurity Agency (ANCI) published the executive summary of the public consultation conducted as part of the first qualification procedure for Operators of Vital Importance (OIV), pursuant to Law No. 21,663 and Supreme Decree No. 285 of 2024.

This initial stage assessed critical sectors such as energy, telecommunications, digital infrastructure, financial services, institutional healthcare, public companies, and State agencies, preliminarily identifying 1,712 entities as potential OIVs from a pool of more than 60,000 institutions.

Key Findings

Participation and methodology
The consultation was carried out between September 16 and October 16, 2025, through three forms on the ANCI Portal, receiving 1,233 submissions. Participation was largely concentrated in the Metropolitan Region, with significant representation from IT professionals, engineers, lawyers, and commercial engineers.

Feedback on preliminarily qualified entities
Comments focused on:

• Support for OIV qualification in sectors such as banking, telecommunications, digital infrastructure, and municipal critical service providers.
• Objections, mainly related to low technological dependency, limited scale, or reduced sectoral relevance.
• Requests for clarification regarding criteria, definitions, and proportionality.

Feedback on entities not preliminarily qualified

Respondents highlighted additional sectors and providers that may warrant OIV designation in future stages, including:

• Digital infrastructure and managed cybersecurity providers.
• Payment systems and financial software platforms.
• Key operational systems supporting government services.
• Infrastructure for essential services and logistics.
• Digital systems supporting clinical and administrative healthcare processes.

Conclusions and Implications

The findings reflect a diverse ecosystem with broad recognition of the critical role played by digital infrastructure, connectivity services, financial systems, and healthcare. They also underscore the need for regulatory coordination, proportionality, and phased implementation of the OIV regime.

Preliminarily qualified entities should monitor the final qualification decision and evaluate potential regulatory impacts. Non-qualified entities are encouraged to assess their criticality and consider proactive alignment with cybersecurity standards.

Next Steps

• November 2025: start of the second stage (drinking water, transportation, fuels).
• Final OIV qualification: ANCI will issue the definitive list considering the feedback received.
• Complementary rules: further guidance on regulatory coordination and proportionality is expected.

Download the executive summary of the Public Consultation on the Qualification Process for Operators of Vital Importance (OIV) here.