Cybersecurity regulation in Argentina (2026)

The newly created CNC set mandatory requirements for public agencies running data centers or technological infrastructure—covering continuity of operations, disaster recovery and digital resilience. It is the first binding rule from the new national cyber authority, giving agencies a compliance window to harden systems.

This DNU established the CNC as the national cybersecurity authority and application authority, consolidating incident response (CERT.AR), protection of critical information infrastructure and state digital assets under the Secretariat of Innovation, Science and Technology. It is the current cornerstone of Argentina's cyber governance.

President Milei signed a presidential decree creating the CNC as a decentralised entity under the Secretariat of Innovation, Science and Technology, separating civilian cybersecurity governance from intelligence functions and designating it the sole national cybersecurity authority and implementing body for all cybersecurity regulations.

The Ministry of Security adopted a three-year federal plan coordinating all security forces on cybercrime prevention, digital-forensic capacity-building, and regulatory modernisation; it invites all provincial governments and the City of Buenos Aires to formally adhere to the unified framework.

The Chief of Cabinet formalised a dedicated Management and Cooperation Unit exclusively responsible for monitoring the Second Strategy's 42-action plan and assigned the Subsecretaría de Tecnologías de la Información as chair of the Cybersecurity Committee, accelerating implementation.

The data protection authority approved a comprehensive information security policy framework (asset classification, access management, incident management, continuity) aligned with international 72-hour breach notification practice. It tightened obligations for entities handling personal data under Law 25.326.

The Public Innovation Secretariat approved Argentina's second national cybersecurity strategy and created the Cybersecurity Management and Cooperation Unit. It updated national objectives and governance structures established by the 2019 strategy.

Following the RENAPER breach, the data protection authority launched a formal probe into the alleged mass leak of citizens' personal data. It marked one of the most significant enforcement responses under the personal data protection regime.

A hacker obtained ID-card data—names, addresses, birth dates and government photos—of effectively the entire Argentine population from the National Registry of Persons, after access via a Health Ministry VPN. The incident exposed weaknesses in the protection of state-held identity data.

A threat actor used a compromised government VPN credential from another agency to access RENAPER (National Registry of Persons) and extract records on Argentina's entire population; the breach became public in October 2021 when biometric data of high-profile figures — including President Fernández — was posted on Twitter, triggering a congressional investigation.

The government established mandatory minimum information-security requirements for national public-sector bodies, requiring each to adopt a risk-based information security policy reported to the National Cybersecurity Directorate. It became the baseline obligation for state agencies.

Argentina created the Centro Nacional de Respuesta a Incidentes Informáticos (CERT.ar) under the Dirección Nacional de Ciberseguridad, replacing the legacy ONTI-based structure, and gave it a mandate to coordinate incident response across the public sector and critical information infrastructures nationally.

This decision established mandatory baseline information security requirements (Requisitos Mínimos de Seguridad de la Información) for all entities of the National Public Sector, making cybersecurity compliance legally binding for government agencies for the first time.

Argentina's Dirección Nacional de Migraciones suffered a Netwalker ransomware attack that temporarily stopped border crossings, with attackers demanding a multimillion-dollar ransom. It was one of the highest-profile ransomware hits on Argentine government infrastructure.

Argentina's Secretariat of Government of Modernization approved the country's inaugural National Cybersecurity Strategy, articulating principles for prevention, detection, response, and recovery, and establishing the Executive Unit of the Cybersecurity Committee to drive implementation.

Argentina adopted its first national cybersecurity strategy, defining guiding principles and central objectives for protecting national cyberspace. It laid the policy foundation for the country's modern cybersecurity framework.

President Macri's government established the Comité de Ciberseguridad under the Ministry of Modernization — the first dedicated national-level cybersecurity governance body — tasked with drafting Argentina's national cybersecurity strategy in coordination with the Ministries of Defense and Security.

The executive established a Cybersecurity Committee tasked with drafting the National Cybersecurity Strategy, the first institutional step toward coordinated national cyber policy. It set the stage for the 2019 strategy.

Argentina criminalized computer-related offenses—unauthorized access, computer fraud and damage, data interception, falsification of digital documents and distribution of malware—by reforming the Criminal Code. It remains the principal basis for prosecuting cyber offenses.

Argentina established its foundational data protection regime, granting individuals rights over their personal data and imposing data-security duties on controllers, later overseen by the AAIP. It underpins data-security and breach obligations applicable to cybersecurity today.

Argentina enacted one of Latin America's first comprehensive data protection statutes, establishing rights of access, rectification, and deletion over personal data held in public and private databases; the law later earned EU adequacy status (2003) and — enforced by the AAIP — remains the cornerstone data-security obligation, with a legislative reform draft pending in Congress since 2022.