Chile has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Resolution 1,463 states that mobile devices destined for public mobile telephony and data transmission services to be distributed or commercialized in the Chilean market must: be homologated, certified and validated by an authorised entity (SUBTEL), among other requirements. There is a transparent protocol of homologation (Annex II of the Resolution). According to Art. 3, a certificate of a country where a Mutual Recognition Agreement (MRA) applies is accepted for the purpose of homologation.
Under Exempt Resolution No. 737, mandatory certification applies solely to designated categories of medical devices, while all other short‑range devices demonstrate regulatory compliance through a compulsory QR code displayed on the product packaging. This QR code must direct users to a publicly accessible, Spanish‑language webpage containing specific required information, including the local importer’s business name, Chilean address, and contact details; the identification of a legal representative in Chile, which is obligatory for foreign manufacturers; a downloadable PDF test report issued by an accredited laboratory holding at least two internationally recognised accreditations (such as FCC, CE/ETSI or ISO/IEC 17025); a signed, downloadable declaration of conformity; and evidence of electromagnetic compatibility (EMC) certification. The regulation encompasses a broad range of equipment, including Wi‑Fi devices (routers, access points and IoT products), Bluetooth devices (headphones, speakers and wearables), Zigbee devices used in home automation, RFID readers and active tags, IoT sensors and telemetry units, and other short‑range devices such as wireless microphones, radio alarms and ultra‑wideband (UWB) equipment.

Decree No. 473 stipulates that the de minimis threshold, defined as the minimum value of goods below which customs duties are not levied, is set at USD 500. In October 2025, this threshold was increased from USD 41 to the current level of USD 500.

According to Art. 152 of Chapter X (included in September 2022 by Law No. 21.431) of the Labour Code of Chile, the employment contract of dependent digital platform workers shall indicate an official channel where the worker can present his/her objections, claims or requirements. The indicated channel must have a physical place of attention, a local telephone and a company representative responsible for attending to the described purposes. The law defines a digital service platform company as an entity that operates or manages a computer or technological system executable on mobile or fixed device applications for a fee.
Resolutions 2 and 3 of the SII Exempt Resolution No. 101 stipulate that digital service platform companies without domicile or residence in Chile are required to designate a representative within the country. This Exempt Resolution was issued within the framework of the implementation of Law No. 21.431.

The Subsecretaría de Telecomunicaciones (SUBTEL), Chile’s telecommunications regulator, operates within the Ministry of Transport and Telecommunications. Art. 6 of the General Telecommunications Law establishes that the application and enforcement of this law and its implementing regulations shall correspond to the Ministry of Transport and Telecommunications, acting through SUBTEL. The same provision further assigns to the Ministry the exclusive competence to provide the technical interpretation of the legal and regulatory framework governing telecommunications. Although the regulator is administratively dependent on the government, it is reported that, in practice, it has consistently exercised a degree of institutional independence, demonstrating autonomy in certain decision-making processes.

RAN Chapter 20-7 requires banks to maintain a real-time local copy of certain critical data, even where cloud-based or overseas services are used. In particular, when a bank outsources “significant or strategic” processing abroad, it must also retain a contingency data-processing centre in Chile containing up-to-date information to ensure operational continuity (Section IV.1.b.i), a requirement commonly interpreted as mandating the domestic mirroring of essential banking records. Although the Chilean regulator introduced a limited relaxation in 2019 by creating a narrow exception for institutions demonstrating exceptionally robust risk-management frameworks, most banks remain subject to the local-site obligation. In practice, therefore, RAN 20-7 encourages reliance on domestic infrastructure, as relatively few institutions qualify for the exception and banks using global cloud providers must generally establish backup facilities within Chile. Overall, the Chilean Financial Market Commission (CMF) ensures that critical financial data remain accessible within national territory, thereby reinforcing regulatory oversight while simultaneously increasing compliance costs and discouraging exclusive dependence on foreign cloud storage solutions.

Pursuant to Art. 27 of the Act on the Protection of Private Life, cross-border data transfers to an individual, entity, or organisation are authorised through the following mechanisms: (i) an adequacy decision; (ii) contractual clauses, binding corporate rules, or other legal instruments established between the transferor and transferee; or (iii) a compliance framework or certification mechanism accompanied by appropriate safeguards. In addition, a "specific and non-customary" transfer may be permitted under the following circumstances:
- With the explicit consent of the data subject;
- Where the transfer pertains to a banking, financial, or stock exchange transaction under the applicable legal framework;
- Where the transfer is necessary to fulfil international obligations arising from treaties and conventions ratified by the Chilean State;
- Where the transfer is essential for cooperation between public bodies in the execution of their functions or for international judicial cooperation;
- Where the transfer is required for the conclusion or performance of a contract or pre-contractual measures between the data subject and the data controller; or
- Where the transfer is necessary for urgent medical or public health measures or the management of healthcare services.

Chile has joined several agreements with binding commitments to open transfers of data across borders. These include: the Chile - Uruguay FTA (Art. Art. 8.10), the Trade Agreement between the Argentine Republic and the Republic of Chile (Art. 11.6), the First Amending Protocol [which amends the Additional Protocol to the Framework Agreement of the Pacific Alliance (Arts. 13.11 and. 13.12(c)], the Chile - Brazil Bilateral Trade Agreement (Art. 10.12), the Digital Economy Partnership Agreement ("DEPA") Between Singapore, Chile & New Zealand (Art. 4.3(2)), the Economic Complementation Agreement No. 75 between the Republic of Chile and the Republic of Ecuador (Art. 10.11.2), the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP, Art. 14.11.2), the Chile - Paraguay Free Trade Agreement (Art. 7.11(2)), the Protocol to the Digital Economy Partnership Agreement (Art. 5), and the Pacific Alliance-Singapore Free Trade Agreement (Art. 13.14).

Law No. 19.628 establishes a comprehensive framework for data protection in Chile. At present, supervisory responsibilities rest with the Chilean Transparency Council. However, pursuant to an amendment enacted in 2024, the legislation provides for the creation of the Personal Data Protection Agency, which will assume responsibility for ensuring compliance with, and enforcement of, the law from 1 December 2026.

Art. 218 ter of the Criminal Procedural Code stipulates that public telecommunications service concessionaires and internet service providers must, on a confidential basis and employing the appropriate security measures, maintain on a continuous basis and for a period of one year an updated list and record of their authorised IP address ranges and of the IP numbers corresponding to the connections made by their clients or users, together with the relevant traffic data, as well as the domiciles or residences of those clients or users, so that this information is available to the Public Prosecutor’s Office when required for the purposes of a criminal investigation.

Art. 15 ter of Law No. 19.628 stipulates that a data protection impact assessment (DPIA) must be conducted whenever a type of processing, by virtue of its nature, scope, context, technology employed, or intended purposes, is likely to pose a high risk to the rights of data subjects. The obligation to carry out an impact assessment arises in the following circumstances:
- where there is a systematic and comprehensive evaluation of personal aspects relating to data subjects, based on automated processing or decision-making, including profiling, which produces significant legal effects concerning them;
- where the processing involves mass or large-scale data operations;
- where the processing entails systematic observation or monitoring of a publicly accessible area; or
- where sensitive or specially protected data are processed in situations where consent is not required.

Chile has a safe harbour regime in place for intermediaries for copyright infringements. According to Art. 85 L of Act No. 17.336, as amended by Act No. 20.435 of 2010, the intermediary has an 'effective knowledge' and is therefore liable only if it has been notified by a court order but has not properly executed the order.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Chile's law and jurisprudence. The scope of the safe harbour regime in place under Act No. 17,336 only applies to intellectual property rights.

Art. 15 of Decree No. 18 provides that, for all actions leading to the conclusion, amendment, or termination of a contract, as well as for any actions that may give rise to contractual obligations, telecommunications service providers must implement mechanisms that ensure the unequivocal identification of the parties. For these purposes, the Undersecretariat of Telecommunications may establish security standards, including minimum authentication protocols or factors that telecommunications service providers must comply with in order to verify the unambiguous identity of the parties, such as validation questions, biometric measures, and advanced electronic signature certificates, among others.
Art. 2 of Exempt Resolution No. 566 further provides that the conclusion of service contracts, as well as any activation of SIM cards and the sale of devices, must be undertaken using at least one recognised security standard for identity verification, regardless of whether the interaction occurs in person, by telephone or online, including the presentation of a valid national identity card or passport and verification of the applicant’s identity through live fingerprint biometrics compared against records held by the Civil Registry and Identification Service or authorised biometric providers; verification of the applicant’s valid identity document through facial biometrics by confirming the match between the document photograph and the scanned face, performing liveness detection and excluding impersonation attempts by means such as photographs, videos, image manipulation, video projection or masks; or the use of an advanced electronic signature.

According to Art. 26 bis of Law No. 21.245, concessionaires of public telecom services that are assigned rights to use the radioelectric spectrum must allow access and use of their facilities to other public service concessionaires (or concessionaires that are interested in establishing themselves as such) for virtual mobile and automatic roaming operations.