Compare
Compare
Thanks to its regulatory powers, robust digital economy, and active foreign and security policy, the European Union is one of the key players in cyberspace. The EU strongly promotes the position that international law, and in particular the United Nations (UN) Charter, applies in cyberspace. As a complement to binding international law, the EU endorses the voluntary non-binding norms, rules and principles of responsible State behaviour that have been articulated by the UN Group of Governmental Experts. It also encourages the development and implementation of regional confidence building measures, both in the Organisation for Security and Co-operation in Europe and other regions. On a bilateral level, the EU has established cyber dialogues with strategic partners to reinforce the exchange of good practices, lessons learnt and further the idea of responsible state behaviour in cyberspace.
As of 2020, 86 % of Uruguayans are active internet users, second in South America, only behind Chile. 9 out of 10 individuals in Uruguay are social media users. This provides a fabric for efficient digital policies and strategies that have transformed Uruguay since the 2010s. Uruguay is ranked first in Latin America and 35th place in the world on Digital Government Development, according to the UNDESA index, which measures dimensions related to technological infrastructure, availability of online services, and ability of citizens to take advantage of those resources. Uruguay also ranks first in Latin America and 42nd in the world on ICT Development, according to the 2017 IDI, published by the International Telecommunications Union. In all, this South American country has positioned itself at the forefront as a regional and world benchmark in Digital Government.
According to the International Telecommunications Union (ITU), as of 2021, Peru had an internet penetration rate of around 71.1 %. However other indexes place this number in the mid 60’s. Although many improvements were made in the past few years, Peru still possesses low network coverage, especially in rural areas and a relatively low network performance.
The government of Peru has been implementing initiatives to increase connectivity in rural areas, including a national broadband plan and a program to deploy free Wi-Fi hotspots in public spaces, with a year-on-year increase of almost 100 %.
Peru ranked 86 out of 182 countries surveyed in the ITU’s Global Cybersecurity Index in 2020.
The government of Peru has been implementing initiatives to increase connectivity in rural areas, including a national broadband plan and a program to deploy free Wi-Fi hotspots in public spaces, with a year-on-year increase of almost 100 %.
Peru ranked 86 out of 182 countries surveyed in the ITU’s Global Cybersecurity Index in 2020.
Under the auspices of the UN, the EU and its Member States have consistently reaffirmed that a universal cyber security framework can only be grounded in existing international law, including the Charter of the United Nations in its entirety, international humanitarian law, and international human rights law.
Addressing issues as to how existing international law and international humanitarian law, including the principles of humanity, necessity, proportionality and distinction, apply to the use ICTs by States is necessary to increase accountability and transparency. International humanitarian law is fully applicable in cyberspace and this should not be misunderstood as legitimising the use of force between states in the cyber domain. The EU has typically opposed calls for the need to adapt existing international law as a means to develop a new legal instrument for cyber issues. As a member state of the UNGA, Uruguay expressed their views at the OEWG in 2021, considering cybersecurity an essential element in the prevention of international conflicts. Uruguay provides a rather humanitarian approach to international law and its application on cyber issues. The country is a member of international organisations that promote the development and compliance with standards of transparency and access to information, such as the Open Government Partnership, the Electronic Government Network of Latin America and the Caribbean (GEALC) and Digital Nations.
Uruguay was the first Latin American country, in 2013, to sign the only existing binding, international document concerning the Automatic Processing of Personal Data (known as Convention 108). Its signature and membership have been ratified in 2021.
Uruguay’s Digital initiatives at the national level are also in compliance with the Digital Agenda for Latin America and the Caribbean (eLAC by CEPAL). In particular, Uruguay’s Cybersecurity goal is in line with CEPAL’s framework for confidence-building measures such as combating digital crime by formulating public policies and strategies for cybersecurity and critical infrastructure protection. Peru is one of the Latin American countries to have signed and ratified the Council of Europe’s Convention 108+.
The country has also participated in the United Nations Open-ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security. As a matter of fact, after the third substantive session of the OEWG, Peru issued a statement supporting the primacy of the UN Charter and the application of international law in the use of ICTs and in cyberspace, as well as the future establishment of legally binding obligations.
On the other hand, Peru along with Chile and the United States of America, has a divergent view on the notion of cyber attack and the applicability of international law. Peru states that in order for a cyber operation to be considered an attack, it results in direct death, injury or physical harm.
Addressing issues as to how existing international law and international humanitarian law, including the principles of humanity, necessity, proportionality and distinction, apply to the use ICTs by States is necessary to increase accountability and transparency. International humanitarian law is fully applicable in cyberspace and this should not be misunderstood as legitimising the use of force between states in the cyber domain. The EU has typically opposed calls for the need to adapt existing international law as a means to develop a new legal instrument for cyber issues. As a member state of the UNGA, Uruguay expressed their views at the OEWG in 2021, considering cybersecurity an essential element in the prevention of international conflicts. Uruguay provides a rather humanitarian approach to international law and its application on cyber issues. The country is a member of international organisations that promote the development and compliance with standards of transparency and access to information, such as the Open Government Partnership, the Electronic Government Network of Latin America and the Caribbean (GEALC) and Digital Nations.
Uruguay was the first Latin American country, in 2013, to sign the only existing binding, international document concerning the Automatic Processing of Personal Data (known as Convention 108). Its signature and membership have been ratified in 2021.
Uruguay’s Digital initiatives at the national level are also in compliance with the Digital Agenda for Latin America and the Caribbean (eLAC by CEPAL). In particular, Uruguay’s Cybersecurity goal is in line with CEPAL’s framework for confidence-building measures such as combating digital crime by formulating public policies and strategies for cybersecurity and critical infrastructure protection. Peru is one of the Latin American countries to have signed and ratified the Council of Europe’s Convention 108+.
The country has also participated in the United Nations Open-ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security. As a matter of fact, after the third substantive session of the OEWG, Peru issued a statement supporting the primacy of the UN Charter and the application of international law in the use of ICTs and in cyberspace, as well as the future establishment of legally binding obligations.
On the other hand, Peru along with Chile and the United States of America, has a divergent view on the notion of cyber attack and the applicability of international law. Peru states that in order for a cyber operation to be considered an attack, it results in direct death, injury or physical harm.
Since 2014, the EU’s ambition has been to act as an ‘honest broker’ on multilateral discussions surrounding issues of cyber governance and norms of responsible state behaviour, aiming to ensure the support and partnership of proactive players in the context of the global debate. The EU has long promoted the need for voluntary, non-binding norms. It believes that norms crystallised under the UN GGE process should generally not be revisited and that progress should be made on matters relating to their implementation.
Within the OEWG, the EU advanced a suggestion to develop a global repository of existing practice within the United Nations, which would enable UN member states to showcase how they are implementing the voluntary norms of responsible state behaviour, confidence building and other measures. Uruguay is a represented member in the Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace. The South American country has openly stated that the voluntary norms included in the Report of the Group of Experts (GGE) represent an inescapable guide for the responsible behaviour of States in cyberspace. In session 5 of the second substantive session of the OEWG 2021-2025, Uruguay along with seven other States pointed out the importance of the protection of critical infrastructure, according to norm 13(f). Peru stresses the need to make a distinction between 'cyber attacks' (which involve 'damage being caused to a militarily relevant target, which may be totally or partially destroyed, even captured or neutralised') and an 'abrupt disruption of communications in cyberspace', i.e. cyber operations that cause inconvenience, even extreme inconvenience, but not direct injury or death, or destruction of property. Accordingly, Peru emphasises the determination of the legality of cyber operations in the context of the use of force by taking into account whether they may result in death or injury to persons or property.
Peru has noted the difficulty of attribution in cyberspace. Coinciding with other American states, Peru has focused on the state's duty to ensure that its territory is not used by non-state actors to launch attacks. In this regard, Peru states that the inertia of a state towards a non-state actor that could unleash a cyber-attack on another state and that it was in a position to control could make its behaviour attributable to the state.
In any case, Peru highlights the validity of various human rights in cyberspace, including 'the right to privacy and intimacy, freedom of information, freedom of expression, free and equal access to information, bridging the digital divide, intellectual property rights, free flow of information, the right to secrecy of communications'.
Within the OEWG, the EU advanced a suggestion to develop a global repository of existing practice within the United Nations, which would enable UN member states to showcase how they are implementing the voluntary norms of responsible state behaviour, confidence building and other measures. Uruguay is a represented member in the Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace. The South American country has openly stated that the voluntary norms included in the Report of the Group of Experts (GGE) represent an inescapable guide for the responsible behaviour of States in cyberspace. In session 5 of the second substantive session of the OEWG 2021-2025, Uruguay along with seven other States pointed out the importance of the protection of critical infrastructure, according to norm 13(f). Peru stresses the need to make a distinction between 'cyber attacks' (which involve 'damage being caused to a militarily relevant target, which may be totally or partially destroyed, even captured or neutralised') and an 'abrupt disruption of communications in cyberspace', i.e. cyber operations that cause inconvenience, even extreme inconvenience, but not direct injury or death, or destruction of property. Accordingly, Peru emphasises the determination of the legality of cyber operations in the context of the use of force by taking into account whether they may result in death or injury to persons or property.
Peru has noted the difficulty of attribution in cyberspace. Coinciding with other American states, Peru has focused on the state's duty to ensure that its territory is not used by non-state actors to launch attacks. In this regard, Peru states that the inertia of a state towards a non-state actor that could unleash a cyber-attack on another state and that it was in a position to control could make its behaviour attributable to the state.
In any case, Peru highlights the validity of various human rights in cyberspace, including 'the right to privacy and intimacy, freedom of information, freedom of expression, free and equal access to information, bridging the digital divide, intellectual property rights, free flow of information, the right to secrecy of communications'.
The EU places great importance on cyber resilience and capacity building. Internally, the Union has built a robust legal acquis in relation to the resilience of critical infrastructures, the cornerstone of which rests upon the 2016 Network and Information Security (NIS) Directive and the 2013 and 2019 Cybersecurity Acts. This legal meshwork seeks to integrate cybersecurity into all elements of the supply chain and introduce soft law mechanisms like the EU cybersecurity certification scheme. In doing so, it harmonises national cybersecurity capabilities, cross-border collaboration and the supervision of critical sectors across the EU.
In the coming months, the Commission intends to add upon the existing cyber-acquis by introducing an array of new initiatives, such as the updated NIS Directive (the so-called NIS2), a proposal on a Critical Entities Resilience (CER) Directive, and a plan to launch a network of Security Operations Centres across the Union. The aim is to create a Union-wide ‘cybersecurity shield’ that will facilitate the detection of cyberattacks and provide an impetus for proactive action.
This internal buildup of capabilities is supplemented by the development of a specialised ‘cyber diplomacy toolbox’ that allows the Union and its Member States to address cyber incidents through various joint policies, from cooperation and stabilisation measures to restrictive measures and attribution. Objective 10 of Uruguay’s Digital Agenda for 2025 provides a clear guideline for resilience measures in cybersecurity and ICT. Uruguay is focused on enhancing cybersecurity to prevent and mitigate risks in cyberspace, advancing compliance with the national cyber-security framework, based on public-private cooperation and ensuring the availability of critical information assets. Uruguay intends to achieve this goal by improving efficiency in detecting and responding to cyber incidents by implementing new technologies that allow for predictive analytics and response automation, among others. The Personal Data Protection Law N° 29733 (PDPL) was enacted in June 2011. In March 2013, the Supreme Decree N° 003-2013-JUS-Regulation of the PDLP (Regulation) was published in order to develop, clarify and expand on the requirements of the PDPL and set forth specific rules, terms and provisions regarding data protection.
Together, the PDLP and its Regulation are the primary data protection laws in Peru.
As of 2021, Peru approved the Bill that creates the National Authority for Transparency, Access to Public Information and Protection of Personal Data.
Peru possesses a Digital Trust Framework, as a means to establish certain obligations for public or private entities acting as digital service providers. These include reporting when a digital security incident involving personal data occurs, as well as implementing technical, organisational, and legal security measures to guarantee the confidentiality of information transmitted through its communications services.
Over the last decades, the Peruvian state has made efforts to promote digital transformation, both within its institutions and in the services it offers to citizens and has outlined a Digital Agenda in 2021 for Digital Transformation.
In the coming months, the Commission intends to add upon the existing cyber-acquis by introducing an array of new initiatives, such as the updated NIS Directive (the so-called NIS2), a proposal on a Critical Entities Resilience (CER) Directive, and a plan to launch a network of Security Operations Centres across the Union. The aim is to create a Union-wide ‘cybersecurity shield’ that will facilitate the detection of cyberattacks and provide an impetus for proactive action.
This internal buildup of capabilities is supplemented by the development of a specialised ‘cyber diplomacy toolbox’ that allows the Union and its Member States to address cyber incidents through various joint policies, from cooperation and stabilisation measures to restrictive measures and attribution. Objective 10 of Uruguay’s Digital Agenda for 2025 provides a clear guideline for resilience measures in cybersecurity and ICT. Uruguay is focused on enhancing cybersecurity to prevent and mitigate risks in cyberspace, advancing compliance with the national cyber-security framework, based on public-private cooperation and ensuring the availability of critical information assets. Uruguay intends to achieve this goal by improving efficiency in detecting and responding to cyber incidents by implementing new technologies that allow for predictive analytics and response automation, among others. The Personal Data Protection Law N° 29733 (PDPL) was enacted in June 2011. In March 2013, the Supreme Decree N° 003-2013-JUS-Regulation of the PDLP (Regulation) was published in order to develop, clarify and expand on the requirements of the PDPL and set forth specific rules, terms and provisions regarding data protection.
Together, the PDLP and its Regulation are the primary data protection laws in Peru.
As of 2021, Peru approved the Bill that creates the National Authority for Transparency, Access to Public Information and Protection of Personal Data.
Peru possesses a Digital Trust Framework, as a means to establish certain obligations for public or private entities acting as digital service providers. These include reporting when a digital security incident involving personal data occurs, as well as implementing technical, organisational, and legal security measures to guarantee the confidentiality of information transmitted through its communications services.
Over the last decades, the Peruvian state has made efforts to promote digital transformation, both within its institutions and in the services it offers to citizens and has outlined a Digital Agenda in 2021 for Digital Transformation.
The EU has been an early champion of the Budapest Convention signed under the auspices of the Council of Europe, given the overlapping membership of the two organisations. Much of the EU’s cyber diplomatic efforts have focused on promoting the Convention as the main instrument of choice for fighting cybercrime on a global level. EU member states have consistently opposed Russian bids for replacing this regime with another legal framework.
The Union is represented in the recently constituted Ad Hoc Committee established by UNGA resolution 74/247 by its Member States and is currently focused on ensuring that the process is inclusive, transparent, consistent with the progress of the UNGGE and OEWG processes, and committed to legal consistency. Uruguay is not a signatory State of the Budapest Convention on Cybercrime, cooperating in international affairs outside of the framework established by the Council of Europe. However, it has a relatively low rate of cybercrime compared to other countries in the region, staking its position as one of the most advanced countries in Latin America and the Caribbean in terms of cybersecurity. Much of its success relies on the Cybersecurity Framework published in 2021, which is allowing Uruguay to start using artificial intelligence to automate incident response and pattern detection, as well as incorporating data analytics to make projections and anticipate incidents.
Regarding Data Protection, Uruguay has adapted its national framework to the European GDPR, despite its latest Data Protection Law dating back to 2008. Peru’s signature and ratification of the Budapest Convention on Cybercrime, which is the only binding international instrument dealing with cybercrime, was a great step towards advancing a cyber agenda.
In 2019, Peru passed a Cyber Defence Act, with the objectives of defending and protecting sovereignty, national interests, critical national assets and key resources to maintain national capabilities against threats or attacks in and through cyberspace, when these affect national security.Peru has also passed a Cybersecurity Framework for the private sector, with the objective of identifying and protecting information assets, detecting security events, and providing for response and recovery from cybersecurity incidents.
In this context, there are more and more reports of cybercrime in the country. According to data from the Public Prosecutor's Office, in 2021 they received 18,596 reports of cybercrime cases, which represents a percentage increase of 92.9% compared to 2020, with phishing and ransomware being the most common attacks.
The Union is represented in the recently constituted Ad Hoc Committee established by UNGA resolution 74/247 by its Member States and is currently focused on ensuring that the process is inclusive, transparent, consistent with the progress of the UNGGE and OEWG processes, and committed to legal consistency. Uruguay is not a signatory State of the Budapest Convention on Cybercrime, cooperating in international affairs outside of the framework established by the Council of Europe. However, it has a relatively low rate of cybercrime compared to other countries in the region, staking its position as one of the most advanced countries in Latin America and the Caribbean in terms of cybersecurity. Much of its success relies on the Cybersecurity Framework published in 2021, which is allowing Uruguay to start using artificial intelligence to automate incident response and pattern detection, as well as incorporating data analytics to make projections and anticipate incidents.
Regarding Data Protection, Uruguay has adapted its national framework to the European GDPR, despite its latest Data Protection Law dating back to 2008. Peru’s signature and ratification of the Budapest Convention on Cybercrime, which is the only binding international instrument dealing with cybercrime, was a great step towards advancing a cyber agenda.
In 2019, Peru passed a Cyber Defence Act, with the objectives of defending and protecting sovereignty, national interests, critical national assets and key resources to maintain national capabilities against threats or attacks in and through cyberspace, when these affect national security.Peru has also passed a Cybersecurity Framework for the private sector, with the objective of identifying and protecting information assets, detecting security events, and providing for response and recovery from cybersecurity incidents.
In this context, there are more and more reports of cybercrime in the country. According to data from the Public Prosecutor's Office, in 2021 they received 18,596 reports of cybercrime cases, which represents a percentage increase of 92.9% compared to 2020, with phishing and ransomware being the most common attacks.
