Colombia has a new Delegate for Data Protection
Juan Carlos Upegui Mejía has been appointed as the new data protection delegate at the Colombian Superintendence of Industry and Commerce (SIC). With a strong background in law and human rights, Upegui’s appointment is seen as a step forward in strengthening the country’s enforcement of personal data protection laws. His leadership is expected to focus on ensuring compliance and enhancing privacy standards as digital and technological advancements increase.
For businesses in the TMT sector, Upegui’s appointment indicates a regulatory environment similar to the one under the past delegate, as the SIC is expected to continue its trend of investigations and enforcement actions. Companies operating in this space need to stay proactive in aligning with evolving data protection regulations to avoid potential penalties and reputational risks.
Source: Superintendencia de Industria y Comercio
New EDPB Guidelines on Pseudonymization: Strengthening Data Protection Compliance
The European Data Protection Board (EDPB) has published new guidelines on pseudonymization under the General Data Protection Regulation (GDPR). These guidelines clarify the distinction between pseudonymization—where data remains identifiable with additional information—and anonymization, which removes all means of re-identification. While not mandatory, pseudonymization enhances GDPR compliance by reducing data breach risks and supporting legitimate interest-based processing. The guidelines also provide best practices, including cryptographic techniques, access controls, and technical measures to strengthen data security. The public consultation period is open until February 28, 2025.
For companies handling large amounts of user data, especially in telecommunications, media, and technology, pseudonymization can be a strategic advantage. It enhances regulatory compliance, minimizes cybersecurity risks, and increases consumer trust by implementing privacy-preserving business models. While these guidelines are not legally binding, they influence enforcement actions and should be considered when developing data-driven services.
Source: Greenberg Traurig LLP
Thomson Reuters Wins Landmark AI Copyright Case in the US
Thomson Reuters has won the first major copyright case in the United States involving generative AI. The case, filed in 2020 against the legal AI startup Ross Intelligence, centered on allegations that Ross unlawfully reproduced materials from Thomson Reuters' legal research platform, Westlaw. US Circuit Court Judge Stephanos Bibas ruled in favor of Thomson Reuters, rejecting all of Ross Intelligence's defenses and concluding that the AI company’s use of Westlaw content did not qualify as "fair use." This ruling could have far-reaching consequences, as numerous legal battles over the use of copyrighted content to train AI systems are ongoing in the US and internationally.
For companies in the TMT sectors, this ruling underscores the growing legal risks associated with using copyrighted materials in AI training. Businesses developing or utilizing generative AI tools must carefully review their data sources and ensure compliance with intellectual property laws to avoid legal liability. This decision may also signal a stricter judicial stance on fair use defenses, making it crucial for TMT companies to implement robust IP due diligence processes when integrating AI technologies.
Source: Wired
Colombia Approves National AI Policy
On February 2025, Colombia approved CONPES 4144, establishing the country’s National Artificial Intelligence (AI) Policy. This policy, led by the Ministry of ICT, the Ministry of Science, and the National Planning Department (DNP), aims to foster ethical, sustainable, and responsible AI development and adoption until 2030. The government has allocated COP 479.3 billion (approximately USD 120 million) from the national budget to implement 106 specific actions. The primary goal is to position AI as a driver of social transformation, economic growth, and sustainable innovation.
The policy is built around six strategic pillars: (i) Ethics and Governance, (ii) Data and Infrastructure, (iii) Research and Innovation, (iv) Talent Development, (v) Risk Mitigation, and (vi) AI Adoption. These pillars aim to strengthen technical infrastructure, promote responsible AI use, and ensure the development of digital talent.
The National AI Policy represents significant opportunities and regulatory considerations for TMT companies operating in Colombia. It encourages investment in AI-driven innovation, promotes public-private collaboration, and outlines clear guidelines to mitigate risks related to data protection and AI ethics. Companies that align with these standards may benefit from government support and increased public trust. Additionally, the focus on data infrastructure and research funding offers TMT firms opportunities to expand their capabilities while ensuring compliance with evolving regulations.
Source: CONPES 4144 (2025)
Julián Molina Appointed as Colombia’s New ICT Minister
On March 1, 2025, President Gustavo Petro announced the appointment of Julián Molina as the new Minister of Information and Communication Technologies (ICT), replacing Mauricio Lizcano. Molina, a lawyer with experience in public administration and telecommunications regulation, was nominated by the Partido de la U, ensuring continuity in the Ministry’s policies. His prior roles include serving as the Superintendent of Family Subsidies and as an advisor within the ICT Ministry. His appointment comes amid government efforts to enhance digital infrastructure and connectivity across Colombia.
Molina's appointment signals continuity in the Ministry's agenda, but he faces critical challenges, including reducing the digital divide, advancing 5G deployment, strengthening cybersecurity, and fostering the digital economy. Ensuring connectivity in rural areas remains a priority, requiring significant investment in infrastructure. Moreover, the regulatory landscape is shifting, with pressing concerns over market competition and the financial stability of telecom operators such as WOM and Tigo. The minister must navigate these issues while ensuring regulatory clarity and promoting digital innovation. The Colombian ICT sector will closely watch how Molina tackles these challenges, particularly in a context where ministerial turnover has often disrupted long-term policy execution.
Source: El País, El Espectador, La Silla Vacía, Infobae
TSMC Expands U.S. Investment with $100 Billion AI Chip Manufacturing Plan
On March 3, 2025, Taiwan Semiconductor Manufacturing Company (TSMC) announced an additional $100 billion investment in semiconductor plants in the United States. This move aligns with President Donald Trump’s objective of bolstering domestic chip production to support artificial intelligence (AI) and advanced manufacturing. The new investment will expand TSMC’s presence to five U.S.-based facilities, enhancing supply chain resilience for major tech firms such as Nvidia and Apple. While the initiative strengthens U.S. leadership in AI chip manufacturing, it still requires approval from the Taiwanese government.
For the TMT sector, this investment highlights the increasing strategic importance of semiconductor production and supply chain localization. AI-driven businesses will benefit from more stable access to cutting-edge chips, potentially reducing reliance on Asian manufacturers. For Colombian companies, this shift in the global semiconductor landscape may impact costs, supply chains, and access to next-generation AI hardware. Additionally, ongoing U.S.-China trade tensions and potential tariffs on foreign-made chips could further reshape the global technology market, prompting firms in Colombia to evaluate alternative supply strategies and partnerships.
Source: La República
Carlos Slim Pushes ‘Fair Share’ Model
Mexican billionaire Carlos Slim has reignited the debate over the ‘Fair Share’ model, which proposes that large digital platforms like Netflix and YouTube pay telecom operators for using network infrastructure. During a recent press conference, Slim argued that content providers generate massive data traffic without investing in the networks that sustain them, creating an imbalance that burdens telecom companies. The GSMA, a global association of mobile operators, has also highlighted that platforms such as Meta, Google, and TikTok account for 70% of data traffic in Latin America. Operators warn that as data consumption triples by 2030, maintaining network infrastructure will require additional funding, making the ‘Fair Share’ model an attractive option for ensuring sustainability.
In Colombia, telecom operators have expressed similar concerns, citing the high costs of spectrum auctions, network deployment, and maintenance. Industry leaders from Claro, Movistar, and Tigo have emphasized the need for a more equitable distribution of financial responsibility, warning that without new revenue models, network expansion and service quality could suffer. However, critics argue that implementing a ‘Fair Share’ model could lead to higher costs for consumers or even limit the availability of digital services. Given Colombia’s ongoing efforts to expand 5G and close the digital divide, policymakers must carefully assess whether adopting such a framework would boost infrastructure investment or create unintended barriers to digital access.
Source: El Tiempo
Trump Announces ‘Crypto Strategic Reserve’: Implications for the Digital Economy
On March 2, 2025, U.S. President Donald Trump announced the creation of a “Crypto Strategic Reserve,” which will include major cryptocurrencies such as Bitcoin, Ethereum, XRP, Solana, and ADA. This initiative aims to bolster the cryptocurrency industry and prevent volatility caused by government sell-offs of seized digital assets. The announcement follows Trump’s earlier executive order directing his administration to explore a national crypto stockpile as part of a broader strategy to support digital assets. While crypto advocates see this as a boost for the industry, critics warn that government-backed crypto investments could expose taxpayers to financial risks given the sector’s volatility.
For the TMT industry, this decision marks a potential shift in government involvement in digital finance, reinforcing the legitimacy of cryptocurrencies as strategic assets. It could drive increased investment in blockchain technology, impact regulatory frameworks, and encourage wider adoption of digital currencies in global markets. In Colombia, where crypto adoption has been rising, this move could influence local regulations and investment trends. However, given the volatility of cryptocurrencies, businesses in the region must assess the risks and opportunities of engaging with an increasingly government-backed digital asset ecosystem.
Source: Forbes
FBI Accuses North Korean Hackers of Stealing $1.5 Billion in Crypto from Bybit
On February 27, 2025, the FBI accused North Korean-backed hacker groups, including the Lazarus Group, of stealing $1.5 billion worth of Ethereum from Bybit, a major Dubai-based cryptocurrency exchange. The hackers allegedly used sophisticated malware to manipulate a routine transfer from a secure offline wallet, converting the stolen assets into Bitcoin and other cryptocurrencies to launder them. The U.S. government has linked previous cyber heists to North Korea’s efforts to fund its nuclear weapons program, with a UN panel investigating similar cyberattacks totaling $3 billion since 2017. The breach has triggered a decline in cryptocurrency prices and is expected to increase regulatory scrutiny on crypto exchanges worldwide.
For the TMT sector, this attack underscores the growing cybersecurity risks in the digital asset ecosystem and highlights the urgent need for stronger security measures in financial technology. Companies involved in crypto transactions, blockchain development, and digital finance must enhance security protocols to mitigate vulnerabilities. In Colombia, where cryptocurrency adoption is on the rise, this incident serves as a warning for regulators and businesses to implement stricter compliance measures and risk management strategies. Additionally, as Latin America emerges as a growing crypto hub, regional players must evaluate the resilience of their digital infrastructure to prevent similar cyber threats.
Source: Associated Press
Colombian Communications Regulator Clarifies Rules on Presidential Addresses
In March 2025, the Colombian Communications Regulation Commission (CRC) issued a statement clarifying the legal framework for presidential television addresses, responding to recent public debates. Under Article 32 of Law 182 of 1995, the President of Colombia has the authority to use television services to address the nation at any time. However, Constitutional Court rulings have established that this power is not absolute and must adhere to constitutional principles such as proportionality and necessity. Additionally, a 2014 ruling by the Council of State outlined four strict conditions for such addresses, requiring them to be personal, urgent, relevant to public interest, and directly related to presidential duties.
For the TMT sector, this clarification reinforces the importance of regulatory oversight in audiovisual content and the balance between government communication and media pluralism. Television operators must comply with legal requirements to ensure the mandatory broadcast of presidential addresses while upholding neutrality and fair access to information. In Colombia, where media regulation plays a crucial role in political discourse, ongoing regulatory projects by the CRC—such as its initiative to strengthen pluralism in television—may shape future policies affecting both broadcasters and digital content providers. Businesses operating in media and telecommunications should monitor these developments closely, particularly in the context of electoral periods and government messaging.
Source: CRC
Colombian Constitutional Court Upholds Right to Public Information on Government Software
In March 2025, the Colombian Constitutional Court ruled in favor of a citizen's right to access public information by ordering the disclosure of the source code for CoronApp, a government-developed COVID-19 tracking application. The case originated after the Agencia Nacional Digital (AND), the National Institute of Health (INS), and the Ministry of Health refused to provide the requested information, arguing that its release would compromise user data security, public health strategies, and intellectual property rights. Lower courts had upheld the government's position, but the Constitutional Court found that the agencies failed to justify the restriction adequately under the Law on Transparency and Access to Public Information (Law 1712 of 2014).
For the TMT sector, this ruling sets a precedent on transparency in government-managed digital platforms and reinforces the principle of algorithmic transparency. It highlights the obligation of public entities to disclose technological processes affecting citizens, ensuring accountability in state-managed digital tools. In Colombia, where digital governance is expanding, businesses working with government technology contracts must consider the evolving legal landscape around open data and transparency. This decision may also influence future regulations on software development, cybersecurity, and digital privacy in public administration.
Source: Corte Constitucional de Colombia
Colombia Opens Public Consultation on .CO Domain Licensing Process
In March 2025, the Colombian Ministry of ICT published the draft bidding documents for the selection of the next operator of the .CO domain, inviting public participation through the SECOP II platform. This consultation phase allows citizens, businesses, and digital stakeholders to review and provide feedback on the preliminary documents until March 31, ensuring a transparent and participatory process. The .CO domain is a key digital asset, essential for e-commerce, innovation, and the online presence of businesses worldwide. Revenues from this contract will help fund digital transformation and connectivity projects in Colombia.
For the TMT sector, this process represents a significant regulatory milestone, as the management of the .CO domain impacts internet governance, digital commerce, and cybersecurity. Companies operating in Colombia or using the .CO extension should closely monitor the bidding process to anticipate potential changes in domain management policies. The consultation phase also highlights the government's commitment to transparency and public engagement in strategic digital infrastructure decisions, setting a precedent for future regulatory frameworks in Colombia’s digital economy.
Source: Ministerio TIC
Gabriel Jurado Resigns as Colombia’s Deputy Minister of Connectivity
In March 2025, Gabriel Jurado, Colombia’s Deputy Minister of Connectivity, submitted his irrevocable resignation, citing concerns over budgetary constraints affecting key digital infrastructure projects. During his tenure, Jurado led the rollout of 5G, overseeing the installation of over 1,400 base stations, and promoted policies to expand internet access, particularly in rural areas. However, he warned that fiscal limitations could jeopardize the continuity of these initiatives, impacting Colombia’s digital development. In his resignation letter, Jurado called for long-term policies to ensure sustained investment in connectivity, proposing that the National Digital Expansion Plan be formalized through a CONPES document to guarantee funding over the next decade.
For the TMT sector, Jurado’s departure raises concerns about the future of Colombia’s digital agenda, particularly regarding the implementation of 5G, spectrum regulation, and internet expansion programs. The transition in leadership at the Ministry of ICT could affect ongoing projects and policy continuity, requiring close monitoring by industry players and investors. The success of Colombia’s digital transformation will depend on the government’s ability to maintain stability in its connectivity initiatives and secure long-term funding for critical infrastructure projects.
Fuente: Infobae, La República, W Radio
Alphabet Acquires Cybersecurity Firm Wiz for $32 Billion to Strengthen Cloud Security
In March 2025, Alphabet, Google’s parent company, announced its largest acquisition to date: the $32 billion purchase of cybersecurity startup Wiz. The deal aims to enhance Google Cloud’s security offerings, allowing it to better compete with Amazon Web Services (AWS) and Microsoft Azure. Wiz, an Israeli-founded company specializing in cloud security, had previously rejected a $23 billion bid from Alphabet in 2024. Despite regulatory scrutiny under the Trump administration, Alphabet is confident the transaction will proceed, with Wiz maintaining its services across multiple cloud platforms.
For the TMT sector, this acquisition signals an intensified focus on cloud security amid rising cyber threats and corporate investments in digital infrastructure. The move also underscores the increasing consolidation in the cybersecurity market, with major tech companies acquiring specialized firms to bolster their competitive edge. In Colombia, where cloud adoption is growing, this deal could influence enterprise security strategies and regulatory discussions on data protection. Businesses relying on cloud services should monitor how Google’s expanded security capabilities impact the global cybersecurity landscape.
Fuente: Reuters, The Guardian, Financial Times