Public policies inspired by international practices to strengthen Brazil's digital sovereignty and resilience
*Per Darci de Borba and Luiz Felipe Vieira de Siqueira
The exponential advancement of digital technologies has profoundly transformed the functioning of governments, businesses, and societies on a global scale. In Brazil, this transformation is marked by opportunities for economic and social inclusion, but also by structural challenges related to digital security.
Building a robust national cybersecurity strategy is essential for the country to position itself as a resilient, autonomous, and globally competitive digital player. International debate shows that countries like Germany, France, and China have been adopting sovereign cloud policies, vendor certification, and massive investments in local infrastructure to reduce external dependencies and protect national assets.
In Brazil, the challenges are even more pronounced, due to institutional gaps, a shortage of specialized professionals, and regulatory fragmentation. Studies highlight that the country lacks a coordinated approach that integrates cybersecurity policies, technological innovation, and the protection of fundamental rights.
This article proposes a set of coordinated public policies to strengthen Brazil's digital resilience, based on international best practices, relevant legislation, and contemporary debates.
1. Cybersecurity in Brazil
In Brazil, the debate on cybersecurity takes place in a context marked by specific challenges: a lack of technical capabilities, vulnerabilities in critical infrastructure, and external technological dependence.
The report “Cybersecurity Report 2020” highlights that only 12 Latin American countries have national cybersecurity strategies and that the shortage of specialized human resources remains a structural barrier. Furthermore, the "Latin American Economic Outlook 2023" reinforces that the region's sustainable development depends on an inclusive digital transformation that considers not only economic gains but also security risks.
Globally, new challenges are rapidly emerging as technology evolves. The report “The State of AI Cyber Security” reveals how AI is being used to sophisticate cyberattacks, including deepfakes, malware automation, and advanced social engineering. At the same time, the "Space Threat Landscape" report highlights the growing threats to space infrastructure, such as satellites and global communications networks, which are essential for critical operations on the planet. The "Global Cybersecurity Outlook" summarizes these trends, warning that cyber resilience depends not only on technology investments but also on political leadership, international cooperation, and strengthening national capabilities.
Brazil has developed legislation to address cybersecurity and data protection. More recently, Brazil established the National Cybersecurity Policy (PNCiber) through Decree No. 11,856, of December 26, 2023. The purpose of the PNCiber is to guide cybersecurity activities in the country, with national sovereignty as one of its principles. The PNCiber seeks to standardize regulatory diversity and reduce the damage inflicted on society by cyberattacks.
The PNCiber is implemented by the National Cybersecurity Strategy and the National Cybersecurity Plan. The Decree also established the National Cybersecurity Committee (CNCiber) to monitor the implementation and evolution of the PNCiber. The CNCiber is composed of representatives from the government, civil society, scientific institutions, and business entities. Its mission is to propose updates to the PNCiber, the Strategy, and the Plan, evaluate measures to increase security, formulate proposals to improve incident response, promote dialogue with federal entities and society, and propose international cooperation strategies (Polido, 2024).
Brazil faces the challenge of balancing the protection of the digital environment without compromising the rapid and healthy evolution of the technology sector. To achieve this, it is essential to adopt strategies that encourage cybersecurity without restricting innovation, ensuring a robust and trustworthy digital ecosystem.
One of the fundamental approaches in this process is the adoption of open standards and national technologies, strengthening the country's digital autonomy. Encouraging the development of proprietary cybersecurity solutions allows for greater control over critical infrastructure and reduces external dependencies. PNCiber reinforces this need by promoting initiatives that drive the creation of products and services aligned with Brazil's strategic interests.
Furthermore, security must be incorporated from the design stage of digital products and services. The concept of Security by Design, already present in the LGPD, requires that protective measures be observed from the initial stages of development. PNCiber reinforces this idea, highlighting that well-implemented technical and administrative measures are the foundation for preventing cyberattacks and mitigating systemic vulnerabilities.
Finally, technical and professional training is a central aspect of the PNCiber. Investing in cybersecurity education is essential to increasing the country's digital resilience and developing talent capable of facing contemporary challenges. Promoting the National Digital Education Policy and the Brazilian Media Literacy Strategy contributes to greater awareness of opportunities and risks in the digital environment, strengthening national security and encouraging responsible innovation.
2. Public policies to strengthen resilience
Training and strengthening of human capital: The shortage of specialized professionals is one of Brazil's main bottlenecks. National training programs in cybersecurity, AI, and risk management are needed, covering everything from technical training to postgraduate programs and specific training for public officials. Digital inclusion policies should also ensure that small and medium-sized businesses have access to basic security knowledge.
Regulation aligned with global standards: Brazil must advance in harmonizing its cybersecurity regulations with international standards, such as the NIST frameworks, ISO/IEC standards, and the European Union Agency for Cybersecurity guidelines. This alignment must occur without relinquishing regulatory autonomy, ensuring the protection of national interests and active participation in international digital governance forums.
Protection of critical infrastructure and global supply chains: Critical infrastructure—such as energy, telecommunications, transportation, the financial sector, and space assets—requires priority attention. Several studies point to the growing vulnerability of satellites and global networks, highlighting the need for specific strategies for these assets. In the Brazilian context, this involves mapping vulnerabilities, creating sectoral resilience protocols, and establishing integrated monitoring and response centers.
Consolidating a national cybersecurity strategy in Brazil represents not only a technical imperative, but also an essential dimension of digital sovereignty and autonomy. The set of policies and regulatory frameworks the country has already established, such as the LGPD and PNCiber, provide a relevant foundation, but are still insufficient in the face of the growing sophistication of threats and the rapid pace of technological transformation. In this scenario, strengthening digital resilience requires political commitment, institutional clarity, and consistent investment in innovation, training, and critical infrastructure, so that Brazil can protect its citizens, organizations, and strategic assets.
At the same time, it is crucial that these security measures do not become barriers to innovation and economic development. Building a secure, competitive, and dynamic digital ecosystem must combine global cybersecurity standards with encouragement of technological entrepreneurship and applied research. Only then will it be possible to promote an inclusive digital transformation that expands opportunities, preserves rights, and positions Brazil as a resilient and responsible player in the global digital landscape.
*Luiz Felipe Vieira de Siqueira is a lawyer and researcher at ABES Think Tank, PhD student in Innovation & Technology – PPGIT UFMG and partner at Privacy Point.
Notice: The opinion expressed in this article is the responsibility of its authors and not of ABES – Brazilian Association of Software Companies
Article originally published on the IT Forum website: https://itforum.com.br/colunas/ciberseguranca-no-brasil/
References
European Union Agency for Cybersecurity. (2025). Space Threat Landscape. Publications Office. https://data.europa.eu/doi/10.2824/8841206
Ifeanyi-Ajufo, N. (2023). Cyber governance in Africa: At the crossroads of politics, sovereignty and cooperation. Policy Design and Practice, 6(2), 146–159. Scopus. https://doi.org/10.1080/25741292.2023.2199960
Kari, M. (2019). Protecting the besieged cyber fortress: Russia's response to cyber threats. 2019-July, 685–691. Scopus. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85070014506&partnerID=40&md5=c4d04ba33db3a9f561fe1052aa4fc5ec
OECD, Economic Commission for Latin America and the Caribbean, CAF Development Bank of Latin America, & European Commission. (2023). Latin American Economic Outlook 2023: Investing in Sustainable Development. OECD. https://doi.org/10.1787/8c93ff6e-en
Brazil. Decree No. 11,856 of December 26, 2023. Institutes the National Cybersecurity Policy and the National Cybersecurity Committee. Official Diary of the Union, Brasília, DF, December 27, 2023. Available at: https://www.planalto.gov.br/ccivil_03/_Ato2023-2026/2023/Decreto/D11856.htm. Accessed on: May 27, 2025.
Polido, Fabrício Bertini Pasquot. State, digital sovereignty, and emerging technologies: interactions between international law, cybersecurity, and artificial intelligence. State Science Journal, Belo Horizonte, v. 9, n. 1, 2024. Available at: https://doi.org/10.35699/2525-8036.2024.53066. Accessed on: May 27, 2025.
EN 
PT 
