On June 4, 2025, the National Cybersecurity Agency (ANCI) published General Instruction No. 1 in the Official Gazette, establishing a mandatory obligation for all Essential Service Providers (PSEs) —as defined in Article 4 of Law No. 21,663— to register with the ANCI’s incident reporting platform.

The instruction takes effect on June 11, 2025, and non-compliance will be considered a minor infraction, subject to fines of up to 5,000 UTM (approx. USD 370,000).

Key obligations:

• Mandatory registration at https://portal.anci.gob.cl by the designated incident officer.
• Formal designation through an electronically signed document issued by the institution’s legal representative.
• Institution-based registration with primary and alternate officers.
• Minimum technical qualifications in cybersecurity.
• Strong authentication required (ClaveÚnica + second factor via TOTP app or passkeys).

Recommendation:

We recommend all private entities that may be classified as PSEs to proceed with registration as soon as possible. Our team is available to support status assessments and formal registration with ANCI.

Services that may qualify as PSEs:

• Power generation, transmission, or distribution.
• Fuel transport, storage, or distribution.
• Potable water supply and sanitation.
• Telecommunications and digital infrastructure.
• Digital services and third-party IT providers.
• Land, air, rail, or maritime transportation.
• Banking, financial services, and payment systems.
• Social security administration, postal and courier services.
• Institutional healthcare.
• Pharmaceutical production or research.

Full text of General Instruction No. 1 available here.