Mexico

● The Federal Law on Protection of Personal Data held by Private Parties was announced on July 6, 2010. This law defines the principles of personal data protection and obligations for parties involved in personal data processing. It regulates the legal, controlled, and informed processing of personal information to ensure personal privacy and autonomous decision-making.

● Mexico's new Privacy Notice Guidelines were put into effect in 2013. The guidelines include many regulations related to privacy notifications. For example, consent must be obtained before personal data is obtained through automated methods (cookies, web beacons, etc.). The guidelines are mandatory and are particularly important for employers who regularly collect, process, and transmit their employees' personal data, as well as for companies that use automated methods to collect personal data in Mexico.

Huawei Cloud white paper HUAWEI CLOUD Compliance with

Mexican Privacy Protection Laws and Regulations describes Huawei's experience and best practices in privacy protection in Mexico, along with how Huawei Cloud can help you meet the requirements of privacy regulations and laws in Mexico.

Regulatory requirements for financial institutions are as follows:

● Credit Institutions Law: This law regulates the credit requirements set by banking institutions. The law covers information security, employee management, infrastructure security, communication security, change management, storage security, log management, configuration management, network isolation, security test, password management, physical security, service continuity, emergency response system, audit, and supplier management.

● Securities Market Law: This law describes regulations primarily for companies other than financial institutions involved in securities and equity offerings and intermediaries. The law covers information security, employee management, infrastructure security, communication security, change management, storage security, log management, configuration management, network isolation, security testing, password management, physical security, service continuity, emergency response systems, audits, and supplier management.

● Financial Technology Institutions Regulatory Law: This law regulates the services provided by financing and electronic payment institutions. The law covers cloud security, information security, employee management, infrastructure security, communications security, change management, storage security, log management, configuration management, network isolation, security testing, password management, physical security, service continuity, emergency response systems, audits, and supplier management.

● Insurance and Bonding Institutions Law: This law sets out provisions for regulating the establishment, operation, and liquidation of insurance companies, guarantee companies, and reinsurance institutions. It specifically covers information security, employee management, infrastructure security, communication security, change management, storage security, business continuity, emergency response systems, audit, and supplier management.

● Provisions Applicable to Electronic Payment Funds Institutions: These provisions regulate information security and business continuity for electronic payment institutions such as digital wallets and prepaid cards. They specifically cover information security, employee management, infrastructure security, communication security, change management, storage security, log management, configuration management, network isolation, security testing, password management, physical security, business continuity, emergency response systems, audit, and supplier management.

● General Provisions Applicable to Participants in Managed Payment Systems: These provisions set out requirements for all financial institutions (including banks and electronic payment institutions, etc.) participating in central bank–managed payment systems. They specifically cover information security, employee management, infrastructure security, communication security, change management, storage security, log management, configuration management, network isolation, security testing, password management, physical security, business continuity, emergency response systems, audit, and supplier management.

As a cloud service provider, Huawei Cloud is committed to helping you meet these regulatory requirements and continuously providing you with cloud services and environments that meet financial industry requirements.

HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines in Mexico describes how Huawei Cloud will help you meet the regulatory requirements of the financial industry.

Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance issues, contact your account manager or Huawei Cloud.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3 (for audit)

Learn more from Compliance Certificates in the Compliance Center.