{"id":41834,"date":"2026-06-08T11:26:57","date_gmt":"2026-06-08T09:26:57","guid":{"rendered":"https:\/\/smartfense.com\/?p=41834"},"modified":"2026-06-08T11:27:05","modified_gmt":"2026-06-08T09:27:05","slug":"argentina-cybercrime-law-26388-risk-governance","status":"publish","type":"post","link":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/","title":{"rendered":"Argentina&#8217;s Law 26,388: what your risk governance must anticipate about cybercrime"},"content":{"rendered":"<p>When I review an organization\u2019s risk framework, there is one question almost no one can answer right away: do you know which of the behaviors you currently manage as \u201cbad internal practice\u201d are also defined crimes? Argentina\u2019s Law 26,388 drew that line more than fifteen years ago. And yet, in most governance frameworks, it still lives as something handed off to the legal team rather than as what it also is: a direct input for control design.<\/p>\n<p>I work in governance, risk and compliance, not in criminal law. So I am not interested in going through the statute article by article, but in looking at it from the place where it becomes relevant to anyone running an organization: the moment a behavior stops being a breach of internal policy and becomes conduct the Criminal Code addresses. From the framework toward operations, then: what Law 26,388 reformed, which controls in your program come under pressure when those behaviors occur, and what your risk governance needs to have in place so it does not improvise the day it happens.<\/p>\n<h2>What does Law 26,388 regulate, and why does it matter to your governance framework?<\/h2>\n<p><a href=\"https:\/\/servicios.infoleg.gob.ar\/infolegInternet\/anexos\/140000-144999\/141790\/norma.htm\">Law 26,388<\/a>, enacted in 2008, is not a standalone statute: it reformed Argentina\u2019s Criminal Code to incorporate what are known as computer crimes. Instead of creating a separate body of law, it brought digital conduct in line with existing criminal offenses and added new ones. Among the main ones: <strong>unlawful access to a computer system or data<\/strong> (article 153 bis), the <strong>violation of electronic communications<\/strong> such as email (articles 153 and 155), <strong>computer fraud<\/strong> through the manipulation of systems (article 173, subsection 16), <strong>computer damage<\/strong>, which covers altering or destroying data and distributing harmful programs (articles 183 and 184), and the distribution of child sexual abuse material through electronic means (article 128).<\/p>\n<p>For a security or compliance lead, the relevant fact is not the penalty. It is that the law put a criminal name on a set of behaviors your program already knows by another vocabulary. What you call \u201csharing credentials,\u201d \u201cimproper access,\u201d \u201cmanipulating a system\u201d or \u201cintroducing malware\u201d has had, since 2008, a second reading. That dual nature, internal breach and crime, is exactly what forces Law 26,388 onto the risk governance table and not just onto the lawyer\u2019s desk.<\/p>\n<p>A point of judgment is worth stating before going further: the criminal classification of a specific act is the work of legal specialists. My terrain, and that of anyone in GRC, is another one. It is making sure the organization has the controls, the policies and the records it needs so that conduct is less likely, is documented when it occurs, and can be managed without leaving the company exposed by improvising.<\/p>\n<h2>From the acceptable use policy to penalized risk: which controls come under pressure?<\/h2>\n<p>The practical value of Law 26,388 for risk governance appears when you read it backward. Instead of asking \u201cwhat does the law punish,\u201d it helps to ask \u201cwhich of my controls addresses each of these behaviors.\u201d That is where the statute stops being a legal text and becomes a map of exposure.<\/p>\n<p>The crossover is direct. Each behavior the law addresses has, on the organization\u2019s side, a control that prevents or detects it and an awareness component that sustains it. When that control fails or does not exist, it is not only an operational gap that opens: it is a gap that can carry criminal consequences for specific people and reputational ones for the organization.<\/p>\n<table>\n<thead>\n<tr>\n<th>Behavior addressed by Law 26,388<\/th>\n<th>Typical organizational risk<\/th>\n<th>Control and awareness that addresses it<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Unlawful access to systems or data (art. 153 bis)<\/td>\n<td>Shared credentials, access not revoked after offboarding, privilege escalation<\/td>\n<td>Access management, periodic permission reviews, acceptable use policy and awareness about not sharing credentials<\/td>\n<\/tr>\n<tr>\n<td>Computer fraud (art. 173, subsec. 16)<\/td>\n<td>System manipulation to defraud, CEO fraud, record tampering<\/td>\n<td>Segregation of duties, dual validation of sensitive operations, awareness about social engineering and urgent requests<\/td>\n<\/tr>\n<tr>\n<td>Computer damage and harmful programs (arts. 183 and 184)<\/td>\n<td>Malware introduction, data deletion or alteration, sabotage<\/td>\n<td>Change management, backups, software control, awareness about attachments and executables<\/td>\n<\/tr>\n<tr>\n<td>Violation of electronic communications (arts. 153 and 155)<\/td>\n<td>Interception or improper disclosure of emails and messages<\/td>\n<td>Information classification, confidentiality policy, forwarding controls, awareness about handling third-party data<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The table does not exhaust the law, but it organizes the conversation. What it shows is that Law 26,388 almost never demands a new control: it demands that the ones you already have work and, above all, that you can prove they existed and were communicated. Argentina\u2019s <a href=\"https:\/\/smartfense.com\/en\/blog\/argentina-data-protection-law-25326-awareness-evidence\/\">Law 25,326 on data protection<\/a> imposes that evidence logic explicitly; Law 26,388 imposes it indirectly, through the risk that conduct in your organization ends up examined under the Criminal Code.<\/p>\n<h2>What does your organization need to have documented?<\/h2>\n<p>If a behavior can be read in criminal terms, the governance question is always the same: what did the organization have to prevent it, and what can it show of that? Three blocks of documentation resolve most cases.<\/p>\n<p>The first is the <strong>acceptable use policy<\/strong>, current, communicated and accepted in a verifiable way. Existing in a folder is not enough. It has to state clearly what is allowed and what is not regarding system access, credential use, handling of third-party information and software installation. And it has to be able to prove that each collaborator knew and accepted it, against which version and on what date.<\/p>\n<p>The second is <strong>awareness evidence<\/strong>. The fact that people know that certain actions are not just a breach of internal policy but conduct the law treats as a crime changes the calculation of anyone who might commit them and protects anyone who might do so out of ignorance. For that knowledge to be a real control, it has to be recorded: who was trained, on what content, when, and with what result. <a href=\"https:\/\/smartfense.com\/en\/blog\/human-risk-cybersecurity-starts-before-click\/\">Human risk remains the factor that originates the most incidents<\/a>, and awareness is the control that acts before the conduct occurs.<\/p>\n<p>The third is the <strong>technical record of access and change controls<\/strong>: access logs, privilege management, traceability of modifications. This block tends to be the strongest in mature organizations and the weakest in those that grew fast without formalizing their governance.<\/p>\n<p>Platforms like <a href=\"https:\/\/smartfense.com\/en\/platform\/\">SMARTFENSE<\/a> resolve the second block by design: every policy acceptance, every module completion and every assessment pass is recorded with date, user authentication and content version. For a compliance lead, that turns awareness from a good intention into a control you can audit. The <a href=\"https:\/\/smartfense.com\/en\/resources\/compliance\/\">compliance resources<\/a> section has additional material on how to connect the legal framework with the awareness program.<\/p>\n<h2>When is filing a complaint a governance decision, and not only a legal one?<\/h2>\n<p>Here it is worth being precise about the limit of my role. The legal decision to initiate criminal proceedings, how to frame it and under what classification, belongs to the legal team and the specialists the organization designates. What is a governance decision, and therefore must be defined before the incident, is <strong>the criteria and the process<\/strong> that lead to that stage.<\/p>\n<p>An organization without that criteria defined improvises at the worst moment. Faced with unlawful access or internal fraud, the questions pile up: who decides whether this escalates to the criminal level? Against what threshold? Who preserves the information while the decision is made? Which area is notified first? If those answers are built on the fly, the organization loses time, loses traceability and often loses the ability to act.<\/p>\n<p>Risk governance does not resolve the criminal case. It defines who decides, under what criteria and with what information available. That is documented in an incident management procedure that contemplates, in addition to the technical response, the decision path for when an act could have criminal implications. The legal \u201chow\u201d stays in the hands of those who handle it; the \u201cwhen it is triggered and who triggers it\u201d is a governance responsibility.<\/p>\n<h2>The line between the disciplinary and the criminal<\/h2>\n<p>A good share of the acts Law 26,388 addresses originate inside the organization. A collaborator who accesses a system they are not authorized to use, who forwards confidential information or who tampers with a record is, at the same time, breaching internal policy and carrying out conduct the criminal law addresses. Distinguishing those two planes is one of the most delicate tasks in risk governance.<\/p>\n<p>The disciplinary plane is resolved by the organization with its own tools: the policy, the internal rules, the consequences set for each breach. The criminal plane exceeds the organization and is governed by the law and by the work of those who apply it. Confusing them produces two opposite errors, and both are costly. Treating as a simple internal breach something the law addresses as a crime can leave the organization exposed. Treating every minor breach as a criminal case wears down the work climate and saturates the legal team with matters that a better-designed control would have resolved.<\/p>\n<p>The way out is not legal, it is prior judgment. A matrix that classifies incident types by their severity and defines, for each level, what response is appropriate and who decides it, prevents that confusion. It is not a legal document: it is a governance instrument that gives the organization a common language to decide with a cool head what, in the heat of the moment, is almost always decided badly.<\/p>\n<h2>Business continuity after an incident with criminal implications<\/h2>\n<p>An incident that crosses into the criminal plane does not end when it is technically contained. It actually begins a stage many organizations have not mapped: the coexistence of continuing to operate and sustaining a process that may stretch over time. Preserving information without halting operations, communicating to the right parties without feeding the noise, and keeping the service running while the case is managed are continuity challenges, not incident response.<\/p>\n<p>That is why I insist, every time I review a framework, that Law 26,388 is not managed on the day of the act. It is managed beforehand, in the design of controls, in the clarity of policies, in the traceability of awareness, and in a procedure that contemplates the possibility of an incident escalating. An organization that arrives prepared to that moment not only reduces its exposure: it protects its ability to keep functioning, which is, ultimately, what risk governance is about.<\/p>\n<p>The connection between the legal framework and the security culture is not unique to Argentina. <a href=\"https:\/\/smartfense.com\/blog\/la-ley-marco-de-ciberseguridad-en-chile-y-el-nuevo-rol-de-la-concienciacion\/\">Chile\u2019s framework cybersecurity law<\/a> and the regulatory debate across the region push in the same direction: treating awareness as a formal control and not as filler activity. <a href=\"https:\/\/smartfense.com\/en\/blog\/regulatory-compliance-a-sustained-commitment-to-cybersecurity\/\">Regulatory compliance understood as a sustained commitment<\/a> is the best description of where the requirement is heading.<\/p>\n<h2>What to take from Law 26,388 for risk governance?<\/h2>\n<p>Law 26,388 has been in force for more than fifteen years, and its greatest value for an organization is not the fear of the penalty. It is that it offers a map of the behaviors the governance framework has to address with concrete controls, clear policies and evidence that both exist.<\/p>\n<p>The question worth taking away is not whether your organization could suffer a computer crime, because the answer is that it can. It is whether your risk governance has anticipated which controls prevent it, who decides when an act escalates, and what the organization can demonstrate the day it has to respond. If those answers are built on the fly today, that is the work to do. Not to dodge a sanction, but to sustain the trust of clients, regulators and leadership, which is the underlying condition of business continuity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Argentina&#8217;s Law 26,388 turned into crimes conduct your governance already manages as risk. What policies and controls your organization needs to respond.<\/p>\n","protected":false},"author":34,"featured_media":41831,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3,686],"tags":[591,1215,2236,2242,2231],"class_list":["post-41834","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-compliance-en","tag-delito-informatico-en","tag-delitos-informaticos","tag-gobierno-de-riesgos","tag-ley-26-388"],"acf":[],"yoast_head":" \n<title>Law 26,388: cybercrime and risk governance in Argentina<\/title>\n<meta name=\"description\" content=\"Argentina&#039;s Law 26,388 turned into crimes conduct your governance already manages as risk. What policies and controls your organization needs to respond.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Law 26,388: cybercrime and risk governance in Argentina\" \/>\n<meta property=\"og:description\" content=\"Argentina&#039;s Law 26,388 turned into crimes conduct your governance already manages as risk. What policies and controls your organization needs to respond.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/\" \/>\n<meta property=\"og:site_name\" content=\"SMARTFENSE\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-08T09:26:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-08T09:27:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/smartfense.com\/file\/2026\/06\/hero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1376\" \/>\n\t<meta property=\"og:image:height\" content=\"768\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Carla Caggiano\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carla Caggiano\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/\"},\"author\":{\"name\":\"Carla Caggiano\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/person\\\/f88c39d826fb9430f0e1bad25938ae2c\"},\"headline\":\"Argentina&#8217;s Law 26,388: what your risk governance must anticipate about cybercrime\",\"datePublished\":\"2026-06-08T09:26:57+00:00\",\"dateModified\":\"2026-06-08T09:27:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/\"},\"wordCount\":1914,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/hero.jpg\",\"keywords\":[\"compliance\",\"delito inform\u00e1tico\",\"delitos inform\u00e1ticos\",\"gobierno de riesgos\",\"ley 26.388\"],\"articleSection\":[\"Blog\",\"Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/\",\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/\",\"name\":\"Law 26,388: cybercrime and risk governance in Argentina\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/hero.jpg\",\"datePublished\":\"2026-06-08T09:26:57+00:00\",\"dateModified\":\"2026-06-08T09:27:05+00:00\",\"description\":\"Argentina's Law 26,388 turned into crimes conduct your governance already manages as risk. What policies and controls your organization needs to respond.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/#primaryimage\",\"url\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/hero.jpg\",\"contentUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/hero.jpg\",\"width\":1376,\"height\":768,\"caption\":\"Ilustraci\u00f3n editorial vista desde arriba de un plano de oficina dividido en dos zonas de distinto tono, con una figura de pie en el umbral que las separa\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/argentina-cybercrime-law-26388-risk-governance\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/smartfense.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Argentina&#8217;s Law 26,388: what your risk governance must anticipate about cybercrime\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/\",\"name\":\"SMARTFENSE - Concienciaci\u00f3n en Ciberseguridad\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/smartfense.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#organization\",\"name\":\"SMARTFENSE\",\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-smartfense-240x40-1.png\",\"contentUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-smartfense-240x40-1.png\",\"width\":241,\"height\":40,\"caption\":\"SMARTFENSE\"},\"image\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/person\\\/f88c39d826fb9430f0e1bad25938ae2c\",\"name\":\"Carla Caggiano\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/cropped-Carla-Caggiano-96x96.png\",\"url\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/cropped-Carla-Caggiano-96x96.png\",\"contentUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/cropped-Carla-Caggiano-96x96.png\",\"caption\":\"Carla Caggiano\"},\"description\":\"Ejecutiva en Gobierno, Riesgo y Cumplimiento (GRC), Seguridad de la Informaci\u00f3n y Continuidad del Negocio, con m\u00e1s de 8 a\u00f1os liderando equipos y proyectos en banca, salud y tecnolog\u00eda. Dise\u00f1a e implementa marcos basados en ISO 27001, ISO 22301 e ISO 31000, y traduce regulaciones complejas (SOX, NIST, GDPR, DORA, COBIT) en soluciones aplicables y sostenibles.\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/carla-v-caggiano\\\/\"],\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/author\\\/carla\\\/\"}]}<\/script>\n ","yoast_head_json":{"title":"Law 26,388: cybercrime and risk governance in Argentina","description":"Argentina's Law 26,388 turned into crimes conduct your governance already manages as risk. What policies and controls your organization needs to respond.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/","og_locale":"en_US","og_type":"article","og_title":"Law 26,388: cybercrime and risk governance in Argentina","og_description":"Argentina's Law 26,388 turned into crimes conduct your governance already manages as risk. What policies and controls your organization needs to respond.","og_url":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/","og_site_name":"SMARTFENSE","article_published_time":"2026-06-08T09:26:57+00:00","article_modified_time":"2026-06-08T09:27:05+00:00","og_image":[{"width":1376,"height":768,"url":"https:\/\/smartfense.com\/file\/2026\/06\/hero.jpg","type":"image\/jpeg"}],"author":"Carla Caggiano","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Carla Caggiano","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/#article","isPartOf":{"@id":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/"},"author":{"name":"Carla Caggiano","@id":"https:\/\/smartfense.com\/en\/#\/schema\/person\/f88c39d826fb9430f0e1bad25938ae2c"},"headline":"Argentina&#8217;s Law 26,388: what your risk governance must anticipate about cybercrime","datePublished":"2026-06-08T09:26:57+00:00","dateModified":"2026-06-08T09:27:05+00:00","mainEntityOfPage":{"@id":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/"},"wordCount":1914,"commentCount":0,"publisher":{"@id":"https:\/\/smartfense.com\/en\/#organization"},"image":{"@id":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/#primaryimage"},"thumbnailUrl":"https:\/\/smartfense.com\/file\/2026\/06\/hero.jpg","keywords":["compliance","delito inform\u00e1tico","delitos inform\u00e1ticos","gobierno de riesgos","ley 26.388"],"articleSection":["Blog","Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/","url":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/","name":"Law 26,388: cybercrime and risk governance in Argentina","isPartOf":{"@id":"https:\/\/smartfense.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/#primaryimage"},"image":{"@id":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/#primaryimage"},"thumbnailUrl":"https:\/\/smartfense.com\/file\/2026\/06\/hero.jpg","datePublished":"2026-06-08T09:26:57+00:00","dateModified":"2026-06-08T09:27:05+00:00","description":"Argentina's Law 26,388 turned into crimes conduct your governance already manages as risk. What policies and controls your organization needs to respond.","breadcrumb":{"@id":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/#primaryimage","url":"https:\/\/smartfense.com\/file\/2026\/06\/hero.jpg","contentUrl":"https:\/\/smartfense.com\/file\/2026\/06\/hero.jpg","width":1376,"height":768,"caption":"Ilustraci\u00f3n editorial vista desde arriba de un plano de oficina dividido en dos zonas de distinto tono, con una figura de pie en el umbral que las separa"},{"@type":"BreadcrumbList","@id":"https:\/\/smartfense.com\/en\/blog\/argentina-cybercrime-law-26388-risk-governance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/smartfense.com\/en\/"},{"@type":"ListItem","position":2,"name":"Argentina&#8217;s Law 26,388: what your risk governance must anticipate about cybercrime"}]},{"@type":"WebSite","@id":"https:\/\/smartfense.com\/en\/#website","url":"https:\/\/smartfense.com\/en\/","name":"SMARTFENSE - Concienciaci\u00f3n en Ciberseguridad","description":"","publisher":{"@id":"https:\/\/smartfense.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/smartfense.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/smartfense.com\/en\/#organization","name":"SMARTFENSE","url":"https:\/\/smartfense.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/smartfense.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/smartfense.com\/file\/2023\/08\/logo-smartfense-240x40-1.png","contentUrl":"https:\/\/smartfense.com\/file\/2023\/08\/logo-smartfense-240x40-1.png","width":241,"height":40,"caption":"SMARTFENSE"},"image":{"@id":"https:\/\/smartfense.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/smartfense.com\/en\/#\/schema\/person\/f88c39d826fb9430f0e1bad25938ae2c","name":"Carla Caggiano","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/smartfense.com\/file\/2026\/06\/cropped-Carla-Caggiano-96x96.png","url":"https:\/\/smartfense.com\/file\/2026\/06\/cropped-Carla-Caggiano-96x96.png","contentUrl":"https:\/\/smartfense.com\/file\/2026\/06\/cropped-Carla-Caggiano-96x96.png","caption":"Carla Caggiano"},"description":"Ejecutiva en Gobierno, Riesgo y Cumplimiento (GRC), Seguridad de la Informaci\u00f3n y Continuidad del Negocio, con m\u00e1s de 8 a\u00f1os liderando equipos y proyectos en banca, salud y tecnolog\u00eda. Dise\u00f1a e implementa marcos basados en ISO 27001, ISO 22301 e ISO 31000, y traduce regulaciones complejas (SOX, NIST, GDPR, DORA, COBIT) en soluciones aplicables y sostenibles.","sameAs":["https:\/\/www.linkedin.com\/in\/carla-v-caggiano\/"],"url":"https:\/\/smartfense.com\/en\/author\/carla\/"}]}},"_links":{"self":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts\/41834","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/comments?post=41834"}],"version-history":[{"count":4,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts\/41834\/revisions"}],"predecessor-version":[{"id":41872,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts\/41834\/revisions\/41872"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/media\/41831"}],"wp:attachment":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/media?parent=41834"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/categories?post=41834"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/tags?post=41834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}