Brazilian law lacks a broad national security exception – along the lines of the national security clause in Article XXI GATT – that would allow the administration to bar the use of a specific 5G technology based on its origin/nationality. Principles of free enterprise and free competition written in the Brazilian Constitution protect foreign enterprises doing business in Brazil alongside Brazilian companies, and any restriction based on national security concerns would need to be based on statutory rules enacted by the National Congress which, again, do not currently exist. And should any such rules be created, they could not discriminate against foreign-controlled entities.
A relevant parallel can be drawn with matters relating to the so-called national defense strategy and the defense industry. The national defense strategy was first issued in 2008. Special treatment to the production, marketing, importation and exportation of defense-related products required statutory basis and, accordingly, the administration issued executive order (medida provisória¹) no. 544 of 2011, which was eventually converted by Congress into Law no. 12598 of 2012. Law no. 12598 of 2012 authorizes the administration, whenever it carries out purchases of goods related to the defense industry, to buy exclusively from strategic defense companies (defined as companies with headquarters in Brazil that research, develop and manufacture strategic defense products). The administration may also grant such companies tax and credit incentives.
A National Policy on Information Security exists under (Presidential) Decree no. 9637 of 2018, which grants the Institutional Security Office (Gabinete de Segurança Institucional, or GSI), directly linked to the President of the Republic, powers to establish minimum requirements regarding the use of products that embody cybersecurity features and, more generally, to issue guidelines, strategies, recommendations and rules regarding information security. It was under this authority that GSI issued Rule (IN) no. 4 of March 26, 2020, providing for minimum cybersecurity requirements to be complied with by entities of the federal administration in the deployment of 5G network. (Amadeu Castro of Agrippa Consult comments on these rules in another article of this edition of LS Brazil Outlook). Furthermore, a National Cyber-Security Strategy was adopted under Decree no. 10222 of 2020, a lengthy, detailed document which essentially sets strategic goals and initiatives. Neither legal instruments, however, was approved by Congress, and no rules issued under such legal framework could prevail over Constitutional and statutory rules.
Requirements applicable to 5G technology in Brazil should, under the current legal framework, be based on neutral, technical aspects. In defining them, concerns regarding the level of investments and the time required to assure broad access to 5G services by the Brazilian population should be taken into account alongside concerns related to security and reliability of telecommunications services. Indeed, under Brazil’s General Telecommunications Law the administration must act in a manner that assures broad access to services at reasonable prices, the expansion of the telecommunications infrastructure and the promotion of technological development.
¹Medidas provisórias are legal instruments issued by the administration which must be ratified by Congress within a given timeframe in order to become definitive