top of page

【Brazil】Mandatory cybersecurity requirements for assessing the compliance of CPE Equipment

On March 20th 2024, ANATEL released Official Letter No. 100, clarifying that cybersecurity testing does not apply to devices designed solely for corporate environments. ANATEL issued this clarification due to not harmonized between all OCDs and in response to inquiries from industry representatives.

On March 7, 2023, the Agência Nacional de Telecomunicações (ANATEL) in Brazil published Ato No. 2436, titled "Minimum Cybersecurity Requirements for Assessing the Conformity of CPE (Customer Premises Equipment) Equipment." This act aims to establish mandatory cybersecurity requirements for assessing the compliance of CPE Equipment used by the general public to connect subscribers to Internet networks.

ANATEL Act No. 2436, which outlines cybersecurity requirements for evaluating the conformity of CPE (Customer Premises Equipment), came into effect on March 10th, 2024.

This legislation mandates cybersecurity requirements for CPE devices utilized to connect to Internet service provider networks, including

-cable modems;

-xDSL modems;


-routers or modems for fixed wireless access (FWA);

-routers or modems for fixed broadband access via satellite, and;

-wireless routers or access points.

However, these requirements are not compulsory for products intended exclusively for enterprise or industrial environments.


Glodacert can provide you with professional, accurate, and prompt service, so please feel free to contact us with any queries or concerns you may have!


bottom of page