Mexico’s Federal Law for the Protection of Industrial Property establishes a framework for trade secret protection, including safeguards against unlawful disclosure. The Law provides for both administrative and criminal enforcement mechanisms, including administrative infringements (Art. 386) and criminal offences relating to trade secrets (Art. 402).
However, it is reported that the Conformity Assessment Procedure for Telecommunications and Broadcasting issued by the Plenary of the Federal Institute of Telecommunications (DOF: 25 February 2020) has raised confidentiality concerns, insofar as it contemplates the submission of test reports that may contain detailed confidential information on ICT products. While the amendment to the 2021 Agreement has reportedly addressed earlier concerns about the automatic sharing of such reports, regulators may still request test reports in specific cases, which continues to generate trade secret and confidentiality risks for ICT manufacturers.

Mexico’s Federal Law for the Protection of Industrial Property establishes a framework for the protection of trade secrets. Title III of the Act defines trade secrets and misappropriation, recognises lawful means of acquisition, and provides administrative enforcement mechanisms to protect trade secrets.

Art. 125 of the Telecommunications and Broadcasting Act establishes a framework for infrastructure sharing. It requires the Telecommunications Regulatory Commission to issue guidelines to promote, in a structured and progressive manner, co-location and the shared use of passive and active infrastructure and other physical resources, prioritising negotiated agreements between concessionaires. Where no agreement is reached, and sharing is necessary, the Commission may set the applicable technical, tariff, and operational conditions, and resolve disputes through the interconnection procedure, subject to a maximum time frame of 30 working days. The Law also requires that sharing agreements be registered in the Public Telecommunications Register.
Art. 123 further provides that operators with significant market power in the telecommunications sector are subject to specific obligations, including the obligation to conclude agreements for the shared use of infrastructure. The Law expressly repeals the previous Federal Telecommunications and Broadcasting Law (LFTR, DOF 14/07/2014), which already contained comparable infrastructure-sharing provisions (Arts. 138 and 139) under which the Telecommunications Regulatory Commission promoted co-location and shared-use arrangements. In addition, the “Agreement issuing the Guidelines for the Deployment, Access and Shared Use of Telecommunications and Broadcasting Infrastructure” (DOF 15/01/2020) sets out operational rules, including procedures, timelines, and registration requirements, for implementing access and shared-use arrangements.

The Mexican State maintains equity participation in parts of the telecommunications sector through the Federal Electricity Commission (Comisión Federal de Electricidad, CFE). Following the publication of the Agreement creating CFE Telecomunicaciones e Internet para Todos in the Official Gazette in August 2019, the CFE created CFE Telecomunicaciones e Internet para Todos (CFE TEIT), a State-owned entity mandated to provide mobile telephony and internet services on a non-profit basis in order to support the right of access to information and communication technologies. In addition, in February 2025, CFE reported that its Board of Directors authorised the acquisition of a 49% stake in Altán Redes, a provider of wholesale mobile telephony and internet services, thereby strengthening the State’s presence in wholesale telecommunications infrastructure and operations.

Pursuant to Art. 123 of the Telecommunications and Broadcasting Act, operators designated as having significant market power (SMP) in the telecommunications sector are subject to specific obligations, including the obligation to submit, at least once per year, separated accounts and cost-accounting information for interconnection services to the Commission and to the authority responsible for competition and market access, in the form and in accordance with the methodologies and criteria determined by the competent authorities. Moreover, operators designated as having SMP are subject to functional separation obligations in the telecommunications market (Art. 256 and 267).

Mexico has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

In December 2024, Mexico removed the constitutional basis for the Instituto Federal de Telecomunicaciones (IFT) as an autonomous regulator and reassigned its core telecommunications and broadcasting regulatory functions to the Federal Executive. Under the subsequent institutional architecture, the IFT was replaced by the Telecommunications Regulatory Commission (Comisión Reguladora de Telecomunicaciones, CRT), which operates as a deconcentrated technical body attached to the Agency for Digital Transformation and Telecommunications (ATDT). It is reported that the CRT is not independent from the government in its decision-making.

Art. 14 of the Guidelines for Collaboration in the Matter of Security and Justice stipulates that data processing and storage systems employed by authorised telecommunications providers must be located within the national territory, in order to facilitate cooperation with national security authorities.

There are concerns that Art. 50 of the Provisions on Electronic Payment Fund Institutions might force firms to choose only cloud providers based in Mexico, thus indirectly imposing a local data processing requirement. The law requires electronic payment fund institutions to use secondary cloud services provided by a company that is not subject to a different jurisdiction. That would mean that the secondary cloud provider would need to be subject to the Mexican jurisdiction and therefore be located in the country.

The "Federal Law for the Protection of Personal Data in the Possession of Private Parties" applies conditions to transfers of personal data, which apply regardless of whether the data is transferred to national or foreign third parties. For any transfer, the company must inform those third parties of the privacy notice and the purposes for which the data subject has authorised the processing of their data (Art. 35). According to Art. 2, the privacy notice is the document made available to the data subject in physical, electronic, or any other format at the time their personal data are collected, with the purpose of informing them of the intended uses of their data. Art. 35 also requires that the processing of personal data follow the terms set out in the privacy notice, which must specify whether the data subject consents to the transfer, and the receiving third party must assume the same obligations as the transferring controller. Art. 36 further establishes that national or international data transfers may take place without the data subject’s consent when specific conditions are met, including when the transfer is required by law or treaty, necessary for medical prevention, diagnosis, treatment, or healthcare management, carried out within a corporate group under common control, required by a contract concluded or to be concluded in the data subject’s interest, necessary or legally mandated to safeguard the public interest or to pursue or administer justice, required for the recognition, exercise, or defence of a right in judicial proceedings, or necessary for maintaining or fulfilling a legal relationship between the controller and the data subject.
Similar limitations on the transfer of personal data were already contained in the earlier statute of the same name, now repealed, where comparable provisions were set out in Arts. 36 and 37.

Mexico has joined several agreements with binding commitments to open transfers of data across borders. These include: the Mexico-Panama Free Trade Agreement (Art. 14.10), the First Amending Protocol [which amends the Additional Protocol to the Framework Agreement of the Pacific Alliance (Arts. 13.11 and. 13.12(c)], the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP, Art. 14.11.2), and the United States-Mexico-Canada Agreement (USMCA, Art. 19.8.6).

The new Federal Law for the Protection of Personal Data in the Possession of Private Parties, enacted in 2025, establishes a comprehensive framework for data protection in Mexico. It supersedes the 2010 law of the same name, which had likewise introduced an extensive regime governing the protection of personal data.

Mexico has a copyright regime under the Federal Copyright Act. However, the exceptions do not follow the fair use or fair dealing model, therefore limiting the lawful use of copyrighted work by others. Art. 148 and the following list the exceptions, which include the reproduction of: parts of the work for scientific, literary or artistic criticism and research; of a single copy by an archive or library for security and preservation reasons, and which is out of print, out of print and in danger of disappearing; among others.