García & Bodán

El Salvador’s Legislative Assembly Approves Cybersecurity Law

On November 23, 2024, the new Cybersecurity and Information Security Law came into effect, aiming to ensure the protection of data and computer systems managed by state entities, as well as the country’s critical infrastructures.

The law applies to all government bodies, including its dependencies, autonomous institutions, municipal authorities, and any entity managing public resources, state assets, or impacting critical infrastructures. Additionally, it may extend to certain private sector entities, such as those managing public information or interacting with the country’s critical systems. 

The law also imposes various responsibilities on the obligated parties, particularly regarding the implementation of cybersecurity systems and strategies. 

Key Obligations Include: 

State Cybersecurity Agency 

With the approval of this law, the State Cybersecurity Agency is established, an entity responsible for overseeing and enforcing the provisions of the law. This agency will be responsible for coordinating with institutions and ensuring compliance with established security standards. Among its key responsibilities are: 

Once the president of the Republic sanctions the law, it will come into effect 8 days after its publication in the Official Gazette. 

Rodrigo Benítez 
rodrigo.benitez@garciabodan.com
Associate
García & Bodán
El Salvador