The new era of digital regulation in Brazil

This movement is evident in the publication, in December 2025, of the Map of Priority Themes for the 2026-2027 biennium and the update of the 2025-2026 Regulatory Agenda. Although not the first instruments of this type, both reinforce a logic of planned and transparent action, indicating more clearly which themes the ANPD (National Data Protection Authority) tends to see as posing the greatest risk to data subjects and having the greatest systemic impact, therefore being more exposed to regulatory and supervisory action.

Among these axes, the protection of children and adolescents in the digital environment stands out, especially with the entry into force of the so-called Digital ECA (Statute of the Child and Adolescent), scheduled for March 2026. The designation of the ANPD as the agency responsible for its supervision places the theme at the center of the regulatory agenda. Obligations related to age verification mechanisms, parental supervision, and the adoption, by design and by default, of more protective privacy models become part of the core of regulatory requirements.

The scope of the ECA Digital, however, is not limited to products or services explicitly aimed at children and young people. The law also adopts the so-called "probable access" criterion, significantly expanding its scope. In practice, this gives the new regulation a cross-cutting character, affecting digital platforms, applications, online services, marketplaces, and business models based on advertising and engagement, regardless of their main target audience.

The impact on product architecture, data flows, and monetization strategies tends to be even more significant. Another central vector of this agenda is artificial intelligence. Even before the approval of Bill No. 2338/2023, which establishes the legal framework for artificial intelligence in Brazil, the National Data Protection Agency has already been acting consistently based on the LGPD (Brazilian General Data Protection Law), especially regarding automated decisions, profiling, and the use of sensitive personal data.

The Map of Priority Themes indicates that AI systems and emerging technologies will be at the center of oversight from 2027 onwards, including when they involve data from children and adolescents, reinforcing the centrality of the topic in regulatory action.

This prominence is likely to intensify. The AI ​​Bill designates the ANPD (National Data Protection Authority) as the coordinating body of the National System for Regulation and Governance of Artificial Intelligence (SIA), an attribution that, if confirmed, will significantly expand its institutional relevance. In practice, the discussion about AI is no longer optional: all companies, to a greater or lesser degree, are already investing in solutions based on automation, advanced data analysis, or artificial intelligence, whether due to their own strategy or competitive pressure.

Even those that still they did not adopt such technologies they face not only regulatory risks, but also competitive risks. In this context, governance, risk assessment, and impact documentation cannot be postponed while waiting for the law, as regulatory risk already arises from the direct application of the LGPD (Brazilian General Data Protection Law).

In parallel, the Agency is advancing in the consolidation of issues still pending regulation within the scope of personal data protection and the LGPD itself. Data subject rights, impact reports on personal data protection, and the use of biometric data are featured in both the Regulatory Agenda and the Map of Priority Issues, indicating that processing considered to be of higher risk will require higher levels of transparency, technical justification, and mitigation measures.

This set of initiatives indicates that the LGPD (Brazilian General Data Protection Law) is gaining more traction in its qualified application phase. The trend is towards less diffuse and more strategic oversight, focused on practices involving large volumes of data, vulnerable populations, or automated decisions with significant effects on individuals and markets.

The ANPD's actions reinforce an environment of greater predictability, but also of less tolerance for improvisation. Anticipating adjustments, investing in governance, and incorporating these concerns into product and strategy design will be increasingly crucial for competitiveness and sustainability in the Brazilian market.