Due to questions and unclear alignment from industry representatives, Anatel released Official Letter 100/2024 on March 20th clarifying that cybersecurity testing does not apply to CPE devices exclusively used in corporate environments.
This clarification addresses discrepancies among Designated Certification Bodies (OCDs) and industry inquiries. ANATEL Act nº 2436, effective March 10th, 2024, sets mandatory cybersecurity requirements for Customer Premises Equipment (CPE), including
- Cable modems
- xDSL modems
- ONTs
- ONUs
- Routers/modems for fixed wireless access
- Wireless routers/access points
Summary of Official Letter 100/ 2024
Anatel’s Certification and Numbering Management (ORCN) received inquiries from industry representatives and Designated Certification Bodies (OCDs) regarding Act No. 2436’s cybersecurity requirements.
- Act No. 2436's requirements apply to Customer Premises Equipment (CPE) used by the general public to connect to Internet service provider networks.
- Equipment exclusively for corporate use, installed and configured by specialized professionals on secure corporate networks, falls outside this scope.
- ORCN confirms that Act No. 2436 requirements do not apply to CPE equipment intended solely for corporate use.
Read the full official letter on the ANATEL website here.
Global Validity is your partner for global certification success
Need a fast, accurate and competitive quote? Please provide the following information so our team can get to work for you: