Code of Ethics & Cybersecurity Legal Framework

Code of Ethics & Cybersecurity Legal Framework

Paloma Belenguer A01830473

Innovation comes with dilemmas: privacy, fairness, and the rising tide of cybercrime.

Computing and AI are no longer just tools — they are engines shaping our future..

GENERAL INTRODUCTION

The stakes are global: climate change, sustainability, and resilience demand responsible action.

Cybercrime grows more complex every day, threatening personal data, institutions, and national security.

Ethics and law must go hand in hand, guiding professionals to act with honesty, transparency, and responsibility.

Our challenge: to use technology ethically, protecting both people and the planet.

Ten Principles for Ethical Computing

Social Responsibility and Trust

2- Security & Privacy by Design Protection must be integrated from the start, not patched later. - Insecure systems cause massive har m. Enablement: Encryption, anonymization, and strict access controls.

3- Honesty & Transparency Trust depends on truth and integrity in communication. - Misleading claims or hidden risks destroy credibility. Enablement: Publish limitations, disclose errors, provide clear documentation..

.1- Human Well-being Technology must serve people and communities, reduce harm, and respect diversity. - Avoid inequality and mistrust. Enablement: Impact assessments to evaluate social and ethical risks.

FAIRNESS , RIGHTS AND ACCOUNTABILITY

Fairness & Non-Discrimination

Algorithms must not reinforce social prejudices. Enablement: Bias audits, fairness metrics, interdisciplinary reviews.

Privacy & Data Rights

Data belongs to individuals, not institutions. Enablement: Informed consent, minimization, retention limits, ARCO rights.

Continuous Learning & Competence

Professionals must update their knowledge regularly. Enablement: Training, peer reviews, following legislation and new risks.

Explainability & Accountability

Automated decisions must be understandable and reviewable. Enablement: Transparent logs, dataset documentation, user-friendly explanations.

Sustainability, Protection, and Cooperation

8-Sustainability and Environmental ResponsibilityEfficient algorithms, renewable energy, recycling.

9-Protection of Minors & Vulnerable GroupsGreater protection against cyberbullying, exploitation, exclusion

10- Responsible Vulnerability Disclosure Coordinated disclosure, safe harbor, cooperation with authorities.

Current Situation of the Mexican Legal Framework

Mexico’s cybersecurity legal framework is still fragmented and under development. Existing regulations are dispersed across different laws: the Federal Criminal Code, the Federal Law on Protection of Personal Data Held by Private Parties, the General Law on Transparency and Access to Public Information, and the National Security Law. While these laws cover certain aspects, such as privacy, fraud, and unauthorized access, they lack clear definitions, technical standards, and robust enforcement mechanisms. As a result, law enforcement struggles with jurisdictional conflicts, insufficient resources, and limited specialized training. In today’s context, Mexico remains vulnerable to increasingly complex cyber threats like ransomware, AI misuse, and large-scale attacks on critical infrastructure.

OPPORTUNITIES FOR IMPROVEMENT : COMPARATIVE ANALAYSIS WITH THE EU FRAMEWORK

The European Union has built one of the most advanced legal frameworks for cybersecurity. Instruments such as the GDPR, the NIS Directive (and NIS2), and the Cybersecurity Act provide strong protection for users, organizations, and critical infrastructure. Compared to the EU, Mexico shows weaknesses in four main areas:

• Data rights and accountability: weaker enforcement and limited sanctions.

• Critical infrastructure protection: absence of comprehensive requirements for essential services.

• Certification standards: no unified national system to ensure quality and resilience in ICT products.

• Cross-border cooperation: limited participation in international cybersecurity agreements.

Mexico has the opportunity to adapt EU practices to its own legal and cultural context, strengthening protection while respecting national realities.

ANALYSIS OF THE 2024 PÉREZ AND ESPINO BILL

Progress Achieved Creation of a National Cybersecurity System & Strategy Clear classification of cybercrimes (fraud, identity theft, unauthorized access) Defined responsibilities for public and private institutions

Remaining Gaps No regulation for AI misuse (deepfakes, automated attacks) Weak critical infrastructure protection Missing mandatory incident reporting Limited international cooperation No integration of sustainability in digital policies

Proposal: Objectives of a Stronger Framework

Promote accountability: Establish clear obligations for organizations, mandatory audits, and proportional sanctions for non-compliance. Encourage international cooperation: Build alliances, join agreements such as the Budapest Convention, and exchange expertise on cyber defense. Integrate sustainability: Ensure that digital growth is energy-efficient, environmentally responsible, and aligned with the Sustainable Development Goals (SDGs).

Protect digital rights: Guarantee privacy, freedom of expression, and informational self-determination in the digital sphere. Strengthen national resilience: Safeguard critical infrastructure and ensure the continuity of essential services against cyber threats

Conclusions and Reflections

Mexico has made important progress with the 2024 bill, but its framework still falls short of addressing the full spectrum of cyber threats. The European Union provides valuable models that Mexico can adapt, focusing on rights protection, resilience, and strong enforcement. By closing the gaps in the Pérez and Espino initiative—particularly in AI regulation, critical infrastructure protection, mandatory reporting, and sustainability. Mexico can develop a modern, comprehensive, and future-ready legal system. As computing professionals, it is our responsibility to align our technical expertise with ethical principles and the legal needs of society, helping to build a safe, transparent, and sustainable digital environment.

BIBLIOGRAPHY

ACM. (2018). ACM Code of Ethics and Professional Conduct. Association for Computing Machinery. https://www.acm.org/code-of-ethics UNESCO. (2021). Recommendation on the Ethics of Artificial Intelligence. UNESCO. https://www.unesco.org/en/artificial-intelligence/recommendation-ethics Pérez, J., & Espino, A. (2024). Iniciativa de Ley Federal de Ciberseguridad. Congreso de la Unión, México. European Union. (2016). General Data Protection Regulation (GDPR). Official Journal of the European Union. European Union. (2019). Cybersecurity Act. Official Journal of the European Union. European Union. (2016/2023). Directive on Security of Network and Information Systems (NIS/NIS2). Official Journal of the European Union.