Skip to content
Looplex Docs

Legal Framework

Regulatory requirements and standards

There are specific industry, government, and regulatory requirements that dictate or provide recommendations on criteria that Looplex security controls must meet to render services to the Brazilian legal market, in particular to certain regulated sectors.

To help you meet your own compliance obligations across regulated industries and markets, Looplex maintains one of the best compliance portfolios in the Brazilian lawtech market.

Disclaimer: You are wholly responsible for ensuring your own compliance with all applicable laws and regulations. Information provided in Looplex online documentation does not constitute legal advice, and you should consult your legal advisor for any questions regarding regulatory compliance

General Rules and Regulations

Looplex is a technology company that operates in Brazil and is subject to various laws and regulations aimed at ensuring data protection, cybersecurity, privacy, and fair competition.

Data Protection

In Brazil, the General Data Protection Law (LGPD), Law No. 13,709/2018, is the main legislation that regulates the collection, storage, processing, and sharing of personal data. The LGPD establishes clear guidelines on how companies should handle their users’ personal information and penalties for violations.

The Brazilian Dat Protection Authority (ANPD) was formally constituted in November 2021 and is gradually expanding its activities. ANPD published its “2021-2022 Regulatory Agenda”, which defines the agency’s priorities for the period, which include: data subjects rights; criteria for administrative sanctions; international data transfers; and breach of reporting obligations. Throughout 2021 and 2022 ANPD has conducted public hearings and published a number of guidelines to address specific topics in the LGPD, such as the Guide on Data Processing Agents and DPO, the Security Guide for Smal Business, and Regulation on Supervision and Enforcement Procedures.

However, despite ANPD efforts, many aspects of the LGPD remain unregulated, such as the mechanisms for international data transfers, rules on data protections impact assessments, rules on the exercise of data subject rights, among others. Because of this, Looplex and several other companies have adopted compliance with the European Union’s General Data Protection Regulation (GDPR) as a benchmark to the fullest extent possible, considering that Brazilian legislation is essentially based on the European GDPR.

Autoridade Nacional de Proteção de Dados (ANPD) Phone: +55 (61) 2025-8101

Intellectual Property

The Brazilian Copyright Law (Law 9610/1998) establishes the general rules for the protection of copyright in Brazil, while the rules for software licensing and intellectual property are regulated by Law No. 9,609/1998. This law establishes the conditions for protecting intellectual property in software and provides for sanctions in case of violation.

In Brazil, the protection of know-how is carried out through confidentiality agreements. Brazilian law does not recognize know-how as an intellectual property right, but the Industrial Property Law (Law 9.279/96) provides for the protection of confidential information that can be used in economic activity. Because of this, it is necessary that this information be kept confidential and not disclosed without the owner’s authorization. Therefore, Looplex includes a standard confidentiality clause in its Terms of Use, in which Looplex agrees to maintain strict confidentiality of any Confidential Information received from the Licensee, including information related to clients and business cases. Confidential Information is defined as any information related to the Licensee’s business or clients that is not publicly accessible or authorized to be disclosed by the Licensee, with few exceptions.

Artificial Intelligence

Artificial intelligence (AI) is a topic of growing interest and concern in Brazil. Although there is not yet a specific regulatory framework for AI in the country, the LGPD and the Consumer Protection Code (CDC), Law No. 8,078/1990, establish some guidelines for the use of AI in decisions that affect consumers’ rights, even though Looplex does not provide services directly to end-users that would be considered consumers as defined by the legislation.

The scope of transparency requirements for AI solutions and how such platforms will enable requests for review of automated decisions, as well as other controversial matters related to security, reliability, traceability of decisions, system auditing, explanation facility and human intervention are currently under analysis by the Brazilian National Congress on Bill Proposals 21-A/2020, 872/2021 and 5051/2019, which are in the process of being consolidated in the Senate into one unified bill proposal.

Regulated Sectors

To be able to offer services as an authorized supplier to various customers, Looplex also observes specific regulations of certain regulated sectors.

For law firms and legal departments in any sector, Looplex observes, as applicable, the Statute of the Lawyer (Law No. 8,906/94), which establishes the exclusive activities of lawyers and the limits of the professionals who are not lawyers. Looplex does not provide services that would constitute the exclusive activities of lawyers, thus ensuring the legality and ethics of its business activities.

Banks and Financial Institutions

For the banking sector, Looplex complies with Resolution No. 4,658/2018 of the Central Bank of Brazil (BCB). This regulation establishes minimum requirements for banks and financial institutions to contract technology services providers, cybersecurity, and data governance.

Insurance Companies

For the insurance sector, technology companies that provide solutions to insurers also need to comply with regulations of the Brazilian Private Insurance Authority (SUSEP), in accordance with SUSEP Rule No. 638/2021. This regulation establishes requirements for information security and data governance for insurers’ technology providers, including measures for preventing, detecting, and responding to security incidents.

Compliance Offerings

Looplex maintains a compliance portfolio that covers Brazilian Government, industry specific, and region/country standards. For corporate and premium customers, we offer customized assessments and answers to accountability readiness checklists for you to check if our security controls are aligned to the overall regulatory requirements and to each costumer security requirements.

Compliance offerings are based on various types of assurances, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments, and customer guidance documents produced by Looplex.