Features

Cybercrime Law Bolsters Uruguay’s Campaign Against Online IP Crime

Published: March 24, 2026

Lucía Cantera

Lucía Cantera Cervieri Monsuarez Montevideo, Uruguay Unfair Competition Committee

The use of technology has grown exponentially, transforming the way we interact, work, and access information. However, this growth has led to a new form of crime, cybercrime (also referred to as computer-related offenses), which poses a global challenge.

Cybercrimes are defined as illegal activities committed through the use of computer systems or digital networks, which affect individuals, companies, institutions, or governments alike. In an increasingly globalized world, this type of crime is also growing exponentially, thereby challenging all stakeholders in their efforts to combat it.

The growth of the Internet and digital platforms has made intellectual and industrial property rights holders particularly vulnerable to cybercrimes affecting copyrighted, patented, and trademark content. They are the daily victims of cybercrimes that infringe on their intellectual property (IP) rights, particularly their musical, audiovisual, photographic, literary, and scientific creations.

Among the cybercrimes affecting intellectual and industrial property rights, the most notable are the following:

  • Digital piracy;
  • The sale of counterfeit products;
  • Hacking and data theft;
  • Phishing and identity fraud; and
  • The unauthorized distribution of merchandise.

These crimes have various negative consequences for intellectual and industrial property rights holders, ranging from damage to their reputation and loss of customer trust in their brand to market and financial losses, operational disruptions, and even legal implications.

Therefore, intellectual and industrial property rights holders should have updated and effective regulations that not only focus on crime prevention but also prosecute and penalize such offenses in the States where copyrights, trademarks, patents, and designs are protected. These regulations should also include a strong international cooperation policy to effectively address the global nature of these infringements.

 

The growth of the Internet and digital platforms has made intellectual and industrial property rights holders particularly vulnerable to cybercrimes affecting copyrighted, patented, and trademark content.

In an effort to prevent and combat cybercrime in line with international standards, Uruguay enacted Law No. 20.327, “Regulation for the Prevention and Suppression of Cybercrime,” on August 23, 2024. This law establishes a specific regulatory and criminal framework on the subject, representing a significant step forward for the country.

The first chapter of Law No. 20.327 adds new articles to the Criminal Code, defining the following crimes:

  • Cyberstalking: Anyone who, through telematic means, monitors, stalks, attempts to contact, or establishes contact with a person in a way that seriously disrupts the course of their life.
    • Penalty: Three months of imprisonment to three years of penitentiary arrest.
    • Aggravating circumstances: Anyone committing cyberstalking against a minor, an unfit adult, a person in a prior affective or intimate relationship, or other vulnerable individuals.
  • Computer Fraud: Whoever, by means of schemes, misleads a person to obtain data via information and communication technologies with the purpose of taking unfair advantage; or anyone who manipulates information through computer systems with the purpose of carrying out financial operations to the detriment of another; or who uses any type of card or other payment method to carry out unauthorized financial transactions in order to gain an advantage at the expense of another.
    • Penalty: Six months of imprisonment to four years of penitentiary arrest.
    • Aggravating circumstances: Anyone committing computer fraud against a relative or employee, against the State, or by causing fear of an imaginary threat or using a fictitious authority.
  • Computer Damage: Whoever, without authorization, destroys or alters data or computer systems with the purpose of causing damage.
    • Penalty: Six to 24 months of imprisonment.
    • Aggravating circumstances: When the damage is irreparable or committed against the State.
  • Unauthorized Access to Computer Data: Whoever, by computer means, accesses, disseminates, or sells third-party digital information without authorization.
    • Penalty: Six to 24 months of imprisonment.
  • Illegal Interception: Whoever, without authorization, intercepts computer data or private transmissions without the consent of the owner.
    • Penalty: Six to 24 months of imprisonment.
  • Data Breach: Whoever unlawfully takes, accesses, or modifies third-party data stored in digital media.
    • Penalty: Six to 24 months of imprisonment.
    • Aggravating circumstances: If committed by individuals responsible for safeguarding the digital media, if done for profit, if it affects individuals’ personal data, or if it involves the State’s data.
  • Identity Theft: Whoever usurps, adopts, creates, or appropriates the identity of another individual or legal entity through technological means with the purpose of causing harm to the rightful owner.
    • Penalty: One year of imprisonment to six years of penitentiary arrest.
    • Aggravating circumstances: If used to disclose information, if credentials are used to access third-party areas, if services are acquired or contracted in the victim’s name, if the identity of a State body is impersonated, or if there is extortion directed at the victim or third parties.
  • Misuse of Devices: Whoever produces, acquires, sells, or facilitates computer programs or systems intended for committing a crime.
    • Penalty: Six to 24 months of imprisonment.

 

This law establishes a specific regulatory and criminal framework on the subject, representing a significant step forward for the country.

The second chapter creates a national educational campaign aimed at instructing individuals on personal finance management and cybersecurity.

The third chapter provides for financial institutions and electronic money issuers to create a cybercriminal registry. It also grants such institutions the power to waive the obligation of banking secrecy, for the purpose of sharing their records with the authorities, solely for the purpose of making complaints and taking steps aimed at preventing cybercrime.

The fourth chapter empowers financial intermediary institutions and electronic money issuers to refrain from carrying out any type of asset transaction when they find out that transactions declared as unknown or unauthorized by the holder of the originating account have deposited third-party funds into the referenced accounts.

This law significantly strengthens intellectual and industrial property protection and, in doing so, reinforces Uruguay’s broader response to cybercrime by pairing criminal enforcement with preventive measures.

Introducing specific criminal offenses avoids the use of generic offenses that may not adequately adapt to the new electronic methods of committing crimes. This new regulation recognizes certain criminal behaviors—previously categorized under other crimes, such as fraud—as specific offenses, with aggravating circumstances applicable in certain situations.

Secondly, promoting educational measures enhances crime prevention, reducing the number of people who fall victim to these criminal behaviors. This, in turn, decreases the profitability of such crimes and helps deter criminals from committing them.

 

This law reinforces Uruguay's broader response to cybercrime by pairing criminal enforcement with preventive measure.

Furthermore, in cases of identity theft, it helps the public recognize that they are victims of cybercrime and that the genuine brand is not responsible for these acts. This mitigates reputational damage and reduces customer distrust caused by such situations.  

Lastly, the creation of a cybercriminal registry and the blocking of illicit financial transactions play a crucial role in preventing financial damage. This provides IP rights holders with an effective legal framework to address violations of their rights and, if such violations occur, allows them to hold those responsible accountable. 

Intellectual and industrial property rights holders consider this amendment to be highly beneficial, as there is now an updated, effective, and specially tailored legal framework in place to protect their rights from the ways that these illicit activities are carried out. 

Although every effort has been made to verify the accuracy of this article, readers are urged to check independently on matters of specific concern or interest. The opinions expressed in this feature are those of the authors and do not purport to reflect the views of INTA or its members.  

© 2026 International Trademark Association 

Topics
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

To find out more please see our Cookies Policy and Privacy Policy.