Compliance & Product Regulatory ApproVals

Act 2436/2022 – ANATEL Cyber Security requirements for CPE

Brazil, like many other countries, has experienced a significant increase in cyberattacks over the past few years, leading to an increased demand for cybersecurity regulations. In response, the Brazilian telecom authority ANATEL (Agência Nacional de Telecomunicações) implemented Resolution No. 740 and Act No.77 in 2021, which require manufacturers of equipment with internet connection to submit a declaration letter for ANATEL’s review, confirming that the device meets basic cybersecurity requirements as defined in Act 77.

On 7th March 2023, ANATEL published Act No. 2436, which outlines “Minimum Cybersecurity Requirements for Assessing the Conformity of CPE (Customer Premises Equipment) Equipment.” This Act mandates a set of minimum cybersecurity requirements for the assessment of compliance for CPE equipment used by the general public to connect to internet networks. This new Act covers devices such as cable modems, xDSL modems, Optical Network Units (ONU/ONT), routers or modems intended for fixed wireless access (FWA), routers or modems for fixed broadband access via satellite, and wireless routers or access points. These added requirements include guidelines related to passwords, defense against unauthorized access, and policies for software/firmware updates to fix security vulnerabilities.

The added requirements are aligned with various cybersecurity standards, including US NIST Special Publication 800-63B, the Broadband Forum-TR-181 Issue 2, and international standards ISO/IEC 29147:2018 and IEC 30111:2019.

more insights

Praveen Rao

CEO & Technical Director, C-PRAV Group: Australia, New Zealand, India & Canada 

C-PRAV Labs & Certifications 

Professional engineering experience of 30+ years with technical and managerial skills obtained from professional degree, courses, and hands-on experience, while working with organizations and companies involved in Design & Development, Testing, Inspection, Certification and Compliance (TICC). 

Management of electrical/electronic products & systems Testing and Certifications for Global markets in Consumer, Industrial, IT, Telecom, Defence, Medical, and Automotive Industries. Overall advisory for Standards, Regulations, Testing and Certifications for Global Market Access (GMA). 

  • ISO/IEC 17025 Lab Quality Management 
  • NATA Authorised Signatory (1995 to 2000) for EMC Testing 
  • NATA & IANZ Authorised Technical Assessor (current)
  • EMI/EMC, RF/Wireless, EMR-RF Exposure/SAR 
  • NATA Technical Assessors Advisory Committee (current) 
  • Current Chair of Australian EMC National Standards Committee 
  • Member of Australian National standards committees for Safety, Radio, RF Exp/SAR 
  • Represent Australia in International Standards committees like IEC, CISPR, IEEE 
  • Member of Telecommunications Certification Body Council, USA and European REDCA