Executive Summary

• Artificial intelligence (AI), social media, and instant messaging regulation will be a hot topic in Brazil in 2025, with substantial activity in Congress and the Supreme Court.
• Cloud, cybersecurity, data centers, and data privacy are topics that could also see legislative or regulatory action throughout the year at different policymaking stages.
• Technology companies will also be affected by horizontal and sector-specific tax policy-related measures, and Brazil’s digital policy might be impacted by U.S.-Brazil relations under the new Trump administration.

Analysis

2025 is shaping up to be a key year for digital policymaking in Brazil.  It is the last year for President Luiz Inácio Lula da Silva’s administration to pursue substantial policy change before the 2026 general elections.  It is also the first year for the new congressional leadership, in particular the new Speaker of the House and President of the Senate, to put their stamp on key legislation before their own reelection campaigns next year.

Existing Legal Framework: LGT, MCI and LGPD

Brazil’s current approach to digital policy is based on three key federal statutes.  The first one is the General Telecommunications Act of 1997 (“LGT”).  LGT established the rules for the country’s transition from a state-owned monopoly to a competitive, private sector-led telecommunications market.  It is the bedrock of Brazil’s digital economy infrastructure regulation as, among other aspects, it sets rules for radio spectrum and orbit uses.

The second key statute is the Civil Rights Framework for the Internet Act of 2014 (“MCI”).  MCI sets the principles, rights and obligations for internet use, including the net neutrality principle and a safe harbor clause protecting internet service providers from liability for user-generated content absent a court order to remove the content.  The statute also established the first layer of data privacy provisions as well as rules for the federal, state, and local governments internet-related policies and actions.

The third key federal statute is the General Personal Data Protection Act of 2018 (“LGPD”).  LGPD sets rules for the treatment of personal data by individuals, companies, state-owned and state-supported enterprises, and governments.  It slightly amends MCI and adds a more robust layer of data privacy protection.

Each statute has its own regulator, respectively the National Telecommunications Agency (“ANATEL”), Brazil’s Internet Management Committee (“CGI.br”), and the National Data Protection Authority (“ANPD”).

Hot Topics in 2025: AI, Social Media, and Instant Messaging

Two agenda items will likely dominate the policy debate in Brazil in 2025.  The first one is the creation of a new legal framework for AI.  After years of intense debate, the Senate approved its AI bill in December 2024.  The bill sets rights and obligations for developers, deployers, and distributors of AI systems, and takes a human rights, risk management, and transparency approach to regulating AI-related activity.  It also contains contentious provisions establishing AI-related copyright obligations.  In 2025, the House will likely debate and try to approve the bill, which is also a priority for the Lula administration.Continue Reading Brazil’s Digital Policy in 2025: AI, Cloud, Cyber, Data Centers, and Social Media