The Ministry of Information and Communications Technologies (“Ministry of ICT”) published a draft Decree, which aims at creating a governance structure model focused on digital and cybersecurity. The draft Decree reflects the growing concern of the Colombian Government in cybersecurity, and the need to develop greater and better analysis, prevention and response capabilities, from the public sector jointly with private entities. We highlight the following sections of the draft Decree:

• Its purpose is to coordinate and strengthen the capabilities of all parties involved in digital and cybersecurity to manage risks and security incidents, and to establish adequate responses to such incidents, to protect infrastructure, systems, technology, and digital ecosystem networks in the country. 
• The parties involved in digital and cybersecurity are those who “within the scope of their functions and responsibilities, must guarantee or contribute to digital security, protection of networks, critical cyber-infrastructure and its environment, essential services and information systems in the digital space”. The Ministry of Defense will determine which economic sectors, owners of critical infrastructure and service operators are essential to this governance model, and therefore will be subject to this regulation, including operators located in other countries with a permanent establishment in Colombia. 
• The Ministry of Defense will be responsible of developing an inventory of national cyber-infrastructure and of essential services, according to the specific regulation to be issued to this effect. 
• Telecommunications networks and services providers domiciled in Colombia and which business activity is aimed at ensuring networks and information in Colombia, must implement human, technical, and organizational measures to guarantee digital security, cybersecurity risk management, the identification and report of critical cyber-infrastructure and of essential services. 
• It seeks to create new administrative entities which will oversee regulation, the effective implementation and compliance of obligations regarding digital and cybersecurity, including a Computer Security Incident & Response Team (CSIRT).
• The draft Decree points out that the Ministry of ICT will establish the appropriate and specific regulation to be applicable to all interested parties and will provide additional guidance.