The Superintendency of Industry and Commerce (SIC) issued External Circular 002 of 2025, which establishes an important reminder for the innovation ecosystem: technology transfer and data protection must advance at the same pace. From now on, when a company shares software, algorithms, AI models, or datasets that include personal data, it must strictly comply with Law 1581 of 2012 and be able to demonstrate its compliance.
The SIC requires technology providers and recipients to verify risks, document decisions, and incorporate data protection by design and by default, in addition to signing contracts with clear clauses on security, confidentiality, and liability.
Consequently, it emphasizes responsible innovation and not only promotes technological development but also strengthens digital trust.
