Tag Archives: Ecuador

On July 30, 2025, through Resolution No. SPDP-SPD-2025-0028-R, the Data Protection Authority (“SPDP”) issued the Governing Rules for the Data Protection Officer, with the purpose of regulating the activities associated with that role.

 

Below are the most relevant aspects:

 

     I.         Appointment of the Data Protection Officer (“DPO” or “DPOs”)

 

The DPO must be appointed by the legal representative or a duly authorized attorney-in-fact of the organization, in its capacity as data controller or data processor.

 

The appointment must include the following:

 

1. Date of appointment.
2. Identification details of the organization:
   a. For domiciled entities: Corporate name and tax identification number (RUC);
   b. For non-domiciled entities: Corporate name, tax identification number, address, phone numbers, and email addresses of the parent company or main office.
3. Name of the legal representative.
4. Name of the DPO.
5. Functions of the DPO.
6. Signature of the legal representative or attorney-in-fact.
7. Express acceptance of the position by the DPO.

 

The appointment must be submitted to the SPDP within fifteen (15) days of its issuance. Failure to comply with this deadline will be considered an infringement classified as a serious violation.

 

The appointment will be recorded in a public registry to be created by the SPDP.

 

   II.         Special Cases of Mandatory Appointment

 

In addition to the cases provided for in the Data Protection Law (“LOPDP”), the following entities are required to appoint a DPO:

 

1. Entities processing personal data of minors.
2. Higher education institutions that process special categories of personal data for academic or administrative purposes.
3. Entities engaged in financial activities.
4. Insurance entities, reinsurance companies or intermediaries, as well as insurance advisors, brokers, agents, and other service providers in the insurance sector.
5. Companies engaged in advertising, commercial prospecting, or market research that process personal data involving profiling.
6. Members of the healthcare system responsible for maintaining patient medical records, except for individual health professionals practicing privately.
7. Establishments in the pharmaceutical sector that carry out the production, distribution, or marketing of pharmaceutical products, including laboratories, drug representatives, pharmaceutical distributors, and pharmacies.
8. Private security companies, as well as private legal entities or trusts administering gated communities, private residential complexes, or condominiums, due to their processing of personal data for access control purposes.
9. Professional sports federations or associations, sports corporations, professional clubs, or sports academies.
10. Professional associations or bar councils.
11. Telecommunications service providers.
12. Companies offering or providing mass video surveillance, geolocation, or information technology services, including those involved in the development, implementation, or deployment of artificial intelligence.
13. Public or private legal entities that are public service concessionaires, as well as public-private partnerships distributing, marketing, or supplying public services.

 

These entities must appoint a DPO regardless of whether they act as data controllers or data processors, and regardless of whether they operate for profit.

 

 III.         Additional Requirements for the DPO

 

In addition to the requirements established in the Regulations to the LOPDP, the DPO must comply with and successfully complete the DPO professionalization program officially approved by the SPDP.

 

This obligation will become effective as of January 1, 2029.

 

 IV.         Prohibitions

 

The DPO may not engage in the following activities:

 

1. Carry out functions corresponding to the data controller or data processor.
2. Directly implementing data protection regulations within the organization.
3. Conduct data protection risks assessments or data protection impact assessments. The DPO may only issue non-binding comments or recommendations.
4. Make decisions regarding the purposes or means of processing.
5. Represent the organization before the SPDP.
6. Serve as the information security officer, compliance officer, implementer, or any other role that may create a conflict of interest.
7. Perform duties that compromise their independence, autonomy, impartiality, or objectivity as a DPO.

 

Local representatives on data protection matters of non-established processors or controllers may not serve as DPOs within the same organization.

 

    V.         Conflicts of Interest

 

Before their appointment, the DPO must disclose any actual, potential, or apparent conflict of interest. If such a conflict arises before or after the appointment, the organization must take corrective measures, such as refraining from appointing the individual, modifying their duties, or revoking the appointment, as appropriate.

 

A conflict of interest shall be deemed to exist when the DPO:

 

1. Carries out or participates in personal data processing activities, even occasionally.
2. Provides advisory services beyond their functions that aim to safeguard the interests of the organization.
3. Make decisions regarding the organization, its activities, or its internal operations.

 

 VI.         Impartiality and Independence of the DPO

 

The DPO must act with full independence in the performance of their duties.

 

The organization must ensure the DPO’s independence and impartiality by implementing the following control mechanisms:

 

1. Direct access and communication with the highest executive and decision-making level within the organization.
2. Availability of technical, financial, and human resources.
3. Mechanisms for effective consideration of the DPO’s observations and recommendations regarding the data processing activities carried out by the organization.
4. Reports assessing the organization’s level of compliance with data protection regulations.

 

Compliance assessments must be conducted annually by the organization. Under no circumstance may the assessment be carried out by the DPO.

 

The DPO may report the data controller or processor to the SPDP for any actions that may undermine their independence or constitute retaliation related to their duties.

 

VII.         Additional Considerations

 

Data controllers and processors must register their DPO by December 31, 2025.

 

Failure to register the DPO will be considered a serious violation due to the lack of implementation of security measures.

 

Rafael Serrano, Partner at CorralRosales
rserrano@corralrosales.com
+593 2 2544144

Juan Martín Chavez, Associate at CorralRosales
jchavez@corralrosales.com
+593 2 2544144

 

The President of the Republic of Ecuador has submitted the “Law for the Control of Irregular Capital Flows” bill to the National Assembly. The most important tax provisions are detailed below:

1. Income Tax on Dividend Distribution

Profits or dividends distributed by entities with tax residence in Ecuador or permanent establishments located in Ecuador to its shareholders will be subject to a unique income tax.

The applicable rates are:

• 12% in general.
• 10% for distributions to individuals and entities that do not have tax residence in Ecuador.
• 14% in the following cases:
  • If the distribution is made to non-resident entities when: (i) a resident of a tax haven or low-tax jurisdiction is part of the ownership structure, and (ii) the final beneficiary is a tax resident in Ecuador.
  • If the local company distributing the dividend fails to report its ownership structure.

The following exemptions are established:

• The dividend distributed to another entities with tax residence in Ecuador or permanent establishments located is not considered taxable income, and
• If the dividend recipient is an individual with tax residence in Ecuador, an exemption applies equivalent to 3 minimum wages received by each company distributing the dividend, within the same fiscal period.

Dividends distributed between January 1, 2025, and the first day of the month following the effective date of this law, to individuals with tax residence in Ecuador, will be consolidated with global income and will be subject to taxation according to the applicable progressive tariffs.

1. Advance Income Tax on Undistributed Profits

Entities with tax residence in Ecuador and permanent establishments located in Ecuador, that as of July 31 of each fiscal year, do not distribute its retained earnings from previous years, are subject to pay the following:

This amount may be offset by the company with the corporate income tax during the two subsequent fiscal years. If the credit is not offset during this period, it will not be subject to a refund and will be recorded as a non-deductible expense in the respective year.

This payment is not applicable for: (i) trusts that do not carry out business activities or operate ongoing businesses; (ii) non-profit organizations; (iii) public companies; (iv) mixed-economy companies with respect to the Governments’ share.

Effectiveness of the Provisions

These provisions will come into force on the first day of the month following the publication of this law in the Official Registry.

 

Andrea Moya, Socia en CorralRosales
amoya@corralrosales.com
+593 2 2544144

Mateo Bravo, Asociado en CorralRosales
mbravo@corralrosales.com
+593 2 2544144

 

The Superintendency for Economic Competition (“SCE”) has released the findings of its Market Study on the Health Insurance and Prepaid Medical Services Sector (Case No. SCE-IGT-INAC-3-2023). The report identifies structural distortions that hinder competition and transparency in this market and puts forward a reform agenda directed at the Superintendency of Companies, Securities and Insurance (“SCVS”), the Ministry of Public Health (“MSP”), and the Agency for Quality Assurance of Health Services and Prepaid Medicine (“ACESS”).

Key discoveries include:

• High market concentration and practices that restrict user mobility.
• Lack of pricing transparency: unjustified premium surcharges without a technical or financial basis.
• Information asymmetry: 77% of users are unaware of the factors that drive their premium increases.
• Barriers to mobility and gender-based premium segmentation without technical justification.

The SCE recommends seven regulatory reforms to be implemented by the SCVS, aimed at (i) ensuring free portability of health insurance policies that preserve benefits and waiting periods when changing providers; (ii) requiring technical justification for premium surcharges that may distort pricing; (iii) establishing a local registry for reinsurers operating in the country to ensure compliance with SCVS regulations; (iv) aligning the obligations of prepaid medicine companies with those of insurance companies, including the mandatory contracting of reinsurance and compliance with equivalent minimum capital requirements; (v) adapting prepaid medicine contracts to conform with the provisions of the Organic Law of the National Health and Social Security System; and (vi) mandating individualized and confidential transparency in the provision of information to beneficiaries regarding the variables that determine premium renewal values.

Additionally, the SCE recommends that the MSP adopt measures to ensure the recognition of fulfilled waiting periods when modifying contracts within the same company and revise the current 24-month waiting period considering its restrictive effects on treatment continuity and overall market efficiency.

ACESS is encouraged to review the structure of currently approved plans to apply the principle of minimal differentiation and prevent the proliferation of products with artificial distinctions that confuse users and may distort competition.

Finally, SCE proposes the establishment of inter-institutional technical working groups to coordinate the implementation of these recommendations, reaffirming its commitment to fostering more efficient, equitable markets focused on user welfare.

 

Ana Samudio, Associate at CorralRosales
asamudio@corralrosales.com
+593 2 2544144

Thalía Ordoñez, Associate at CorralRosales
tordonez@corralrosales.com
+593 2 2544144

 

On July 23, 2025, through Resolution No. SPDP-SPD-2025-0022-R, the Data Protection Authority (“SPDP” or “Authority”) issued the Regulation for the application of the methodology for calculating fines under the SPDP´s administrative sanctions regime (“Regulation”).

 

The Regulation is mandatory for the SPDP and aims to establish the methodology for calculating fines applicable to violations outlined in the Data Protection Law.

 

In determining the applicable fine, the Authority shall apply the principle of proportionality, and the corresponding amounts shall be supported by justifications or rationales.

 

If the calculated fine is below the minimum threshold established in the LOPDP, the minimum value shall apply. If the estimated amount exceeds the maximum threshold, the maximum value outlined in the LOPDP shall be applied.

Under the Regulation, the SPDP may apply one of two models for calculating fines. The Authority may use the deterministic model when the applicable values are known with certainty, or the stochastic model when uncertainty exists.

 

1. Deterministic calculations

 

• Calculation model MPRIV-1

 

The SPDP may apply this model to determine the applicable fine for private for-profit institutions. The model takes into account the following factors:

 

1. Turnover (“VDN”): Refers to the revenue from the most recent fiscal year of the alleged infringer, after deducting taxes related to the economic operation.

 

1. Category of the infringement (“CDI”): Considers the following components:

 

1. 1. Fine range (“RDM”): Identifies the category of the infringement and establishes the applicable percentage for the fine. Minor violations are sanctioned with a percentage ranging from 0.1% to 0.7%, while serious violations are sanctioned with a percentage ranging from 0.7% to 1% of the VDN.
   2. Weight of the infringement (“PDI”): Assesses the maturity level of compliance with the LOPDP and the corrective measures implemented by the alleged infringer. This is determined within a range of 0% to 100%.

 

1. Severity of the infringement (“SDI”): Composed of three factors, each calculated using the PERT formula:

 

a. Impact on Data Subjects’ rights and freedoms (“IED”), with a weight of 60%. This includes four elements:

1. 1. Types of personal data.
   2. Number of affected data subjects and volume of data.
   3. Nature of the breach.
   4. Groups of particularly vulnerable data subjects.

b. Intentionality (“INT”), with a weight of 40%. Assessed based on the willful misconduct or negligence and the level of awareness of the alleged infringer.

c. Recidivism[1] and reiteration [2] (“RER”), as an optional factor, may be included with an additional weight of 20%.

 

1. The final fine is obtained by multiplying the value estimated based on the CDI by the SDI.

 

• Formulas for calculating the fine under the MPRIV-1 model

 

• CDI = VDN x RDM minimum + (PDI/100) x (VDN (RDM maximum – RDM minimum))
• SDI = 2 (IED + INT + RER)
  • IED: PERT = (minimum value + 4 x most probable value + maximum value) / 6
  • INT: PERT = (minimum value + 4 x most probable value + maximum value) / 6
  • RER: PERT = (minimum value + 4 x most probable value + maximum value) / 6
• Fine = CDI x SDI

 

2. Calculation model MPUB-1

 

This model applies to sanctions imposed on public officials and civil servants. It follows the same methodology as the MPRIV-1 model, with the exception that the business volume factor is replaced by a value based on Statutory Minimum Wage.

 

3. Stochastic Calculation

 

This method is applied using a Monte Carlo analysis in cases where there is uncertainty regarding the values required to calculate the fine. Through this analysis, multiple random scenarios are generated, enabling the SPDP to operate within a range of outcomes and make decisions informed by sound judgment.

 

[1] Art. 71 and 72 of the Data Protection Law, Official Register Supplement 459 of May 26, 2021. Occurs when the previous and current infringements are of the same nature; that is, they involve the same type of non-compliance or infringing conduct.

[2] Ibid. Occurs when the offender has previously been sanctioned for two or more minor infringements, or one infringement of equal or greater severity than the current one, even if not necessarily of the same nature.

Rafael Serrano, Partner at CorralRosales
rserrano@corralrosales.com
+593 2 2544144

Juan Martín Chavez, Associate at CorralRosales
jchavez@corralrosales.com
+593 2 2544144

Through Official Register Fifth Supplement No. 81 dated July 15, 2025, the General Regulations to the Law of National Solidarity were published. This regulations establish how to access the income tax reduction for donations made to the National Police and Armed Forces.

Below is a summary of the most relevant provisions:

1. On the goods that may be donated

The Ministry of Defense and the Ministry of the Interior will prepare catalogs of goods based on institutional needs. These goods include:

a) Motor vehicles: patrol cars, motorcycles, trucks, ambulances, buses, machinery, armored amphibious vehicles, boats or launches, sweeper trucks, armored vehicles, battle tanks, among others;
b) Technological equipment: radars, cameras, drones, scopes, GPS devices, communication radios, batteries, jammers, wireless tools, systems or software, scanners, computers, preventive or corrective maintenance, among others;
c) Forensic equipment: detectors, chromatographs, laboratory equipment and supplies, polygraph equipment, among others;
d) Weapons: non-lethal weapons, all types of firearms, ammunition, explosives, among others;
e) Protection and security: protective clothing, helmets, vests, masks, survival kits, shields, tactical accessories, among others;
f) Aircraft: helicopters, airplanes, light aircraft; and,
g) Any other items provided by the relevant authorities.

2. On the donation procedure

The donor must issue a letter of intent addressed to the Ministry of the Interior or Ministry of Defense. The corresponding ministry will assess the relevance of the donation based on institutional needs and will issue feasibility reports. Once approved, the donation or remission contract will be signed.

1. Application of the Tax Reduction

a) If the donation does not exceed 30% of the income tax incurred, it will be treated as a tax credit. In that case, the regulation establishes that the value should not be recorded as an accounting expense.
b) If the donation exceeds the 30% limit of the income tax incurred, or if no income tax is incurred, such amounts must be recorded as non-deductible expenses.
c) The value of the donation will be determined based on the total amount indicated in the invoice. However, the amount stated must be consistent with market prices.
d) The VAT paid cannot be recorded by the donor as either an expense or a tax credit.
e) Real estate properties may also be donated through the execution of a public deed, using the cadastral appraisal as a reference.

The regulation establishes that the benefit is effective from June 11, 2025, and therefore will be applicable for the settlement of the Income Tax for fiscal year 2025.

 

Andrea Moya, Partner at CorralRosales
amoya@corralrosales.com
+593 2 2544144

Mateo Bravo, Associate at CorralRosales
mbravo@corralrosales.com
+593 2 2544144

 

Supplement No. 81 of the Official Register, dated July 15, 2025, published the General Regulations to the Organic Law on National Solidarity (the “Regulations”), which establish the following transitional regime applicable to Simplified Stock Companies (SAS) incorporated prior to the enactment of the law:

 

1. Within a period of six (6) months from the date the Regulations are published in the Official Register, SAS incorporated prior to the Organic Law on National Solidarity that include in their bylaws activities related to financial operations, securities markets, insurance, mining, or strategic sectors must: i) Transform into another form of commercial company that is legally authorized to engage in such activities; ii) Amend their bylaws to remove the prohibited activities; or iii) Voluntarily dissolve and liquidate. Failure to comply within the prescribed period may result in the Superintendence of Companies, Securities and Insurance ordering the dissolution of the company by operation of law.

 

1. Permits and authorizations granted to SAS engaged in mining or strategic sector activities, prior to the Organic Law on National Solidarity, shall remain valid for a period of six (6) months from the date the Regulations are published in the Official Register. During this period, if the company opts to transform, such permits must be updated to reflect the newly adopted company type. For this purpose, submission of the duly registered transformation document will be deemed sufficient. As the transformation does not alter the company’s legal personality, which continues to exist under the new legal form, no additional documentation shall be required for the issuance of the updated permits.

 

1. The ministries responsible for the oversight of strategic sectors shall provide the Superintendence of Companies, Securities and Insurance with relevant information regarding activities that must be expressly listed as prohibited for SAS.

 

Such information must be submitted within two (2) months from the date the Regulations are published in the Official Register.

Milton Carrera, Partner at CorralRosales
mcarrera@corralrosales.com
+593 2 2544144

 

The “Law on the Prevention, Detection, and Combating of the Crime of Money Laundering and the Financing of Other Crimes” (“Law”), published in the Official Register Fourth Supplement No. 610 on July 29, 2024, will enter into force on July 29, 2025.

 

The Law establishes that the Financial Policy and Regulation Board (“Board”) is the governing authority in matters related to the prevention of money laundering and the financing of other crimes.

 

The Financial and Economic Analysis Unit (“UAFE”) is the technical entity responsible for gathering information, preparing reports, and implementing national policies to prevent, detect, and combat money laundering and the financing of crimes. In addition, it has the authority to impose sanctions on obligated entities.

 

The “Law on the Prevention, Detection, and Eradication of the Crime of Money Laundering and the Financing of Crimes” is repealed[1].

 

Below are the main aspects covered by the Law:

 

1. Obligated entities

 

The Law establishes the following as obligated entities:

 

• Financial sector
  1. Public: Banks and cooperatives
  2. Private: multiple and specialized banks; financial services (general deposit warehouses, exchange houses, and corporations for the development of the secondary mortgage market); credit card administrators; companies providing national and international money transport services.

 

• Popular and solidarity-based financial sector
  1. Central savings banks
  2. Communal banks and savings and loan associations
  3. Mutual savings and loan institutions for housing
  4. Credit card administrators

 

• Insurance system entities that issue life or investment-related insurance
  1. Companies engaged in insurance operations
  2. Reinsurance companies
  3. Reinsurance intermediaries
  4. Insurance advisor-producers

 

• Non-financial entities that grant credit above the limits established by the Board

 

• Entities participating in the National Payment System[2]

 

• Entities offering financial leasing services

 

• Companies engaged in currency exchange services

 

• Corporate service and trust service providers

 

• Acting as a trustee of an express trust

 

• Virtual asset service providers: those whose business involves the exchange between virtual assets and legal tender; exchange between one or more forms of virtual assets; transfer of virtual assets; custody or administration of virtual assets or instruments enabling control over virtual assets; and participation in or provision of financial services related to an issuer’s offer or sale of a virtual asset

 

1. Lawyers and accountants as obligated entities

 

The Law establishes that lawyers and accountants will be considered obligated entities when they carry out transactions on behalf of their clients involving:

 

1. Purchase and sale of real estate
2. Management of the client’s money, securities, or assets
3. Management of bank accounts
4. Organization of contributions for the creation or management of companies
5. Creation, operation, or management of entities

 

Independent lawyers and accountants are required to report suspicious transactions carried out by their clients if they act as legal representatives, provided that the relevant information was not obtained when they are subject to professional secrecy.

 

• Responsibilities of the obligated entities

 

1. Develop a program for detecting, preventing, mitigating, and managing risks related to money laundering, the financing of terrorism, and the proliferation of weapons of mass destruction.

 

1. Design and implement a risk management methodology for money laundering that includes: identification, assessment, monitoring, management, and mitigation of risks.

 

1. Develop and implement a methodology that categorizes risks as high, medium, or low, and incorporates at least the following risk factors: clients and users, products or services, geographic areas, distribution channels, and transaction patterns.

 

1. Apply due diligence to current or potential clients and suppliers, considering the following:

 

1. Confirm the identity of clients or suppliers.
2. Identify and confirm the authorization of the individual acting on behalf of the client.
3. For entities, identify and verify the beneficial owner of the entity or trust.
4. Gather information on the purpose of the business relationship and the source of funds.
5. Continuously monitor the business relationship and review transactions to ensure they align with the client’s profile and risk level.

 

For clients that are entities, legal structures, or trusts, the identification and verification must include:

 

1. Name, legal or trade name, legal form, proof of existence, and address of the main office;
2. The governing authorities of the entity, legal structure, or trust, as well as the names of the individuals holding senior management positions; and
3. Understanding the nature of the client’s or supplier’s business, and their ownership and control structure.

 

If the obligated entity fails to comply with risk-based due diligence measures, it may not initiate a business relationship, open an account, or execute a transaction. If the business relationship has already begun, it must be terminated, and a suspicious transaction report must be submitted to the UAFE.

 

1. Request the corresponding registration code from the UAFE.

 

1. In In the event of suspicion of illicit activity, a suspicious transaction report must be submitted to the UAFE within five days of becoming aware of the activity.

 

1. Report to the UAFE all individual operations or transactions equal to or greater than USD 10,000, within the first 15 days of each month.

 

1. Record the absence of suspicious transactions in the UAFE’s reporting system within 10 days after the end of each month.

 

1. Administrative violations and sanctions

 

Violations are classified as follows:

 

1. Minor violations: a fine of one to ten unified basic salaries will be imposed for the following offenses:
   • Lack of training for personnel in matters related to money laundering prevention;
   • Failure to comply with regulations issued by the supervisors of obligated entities; and
   • Failure to implement risk mitigation or management measures when low-risk situations have been identified.

 

1. Serious violations: a fine of eleven to twenty unified basic salaries will be imposed for the following situations:
   • Improperly requesting the registration code issued by the UAFE or operating with an outdated code;
   • Incomplete, incorrect, or late reporting of suspicious transactions to the UAFE;
   • Delays in providing information required by the UAFE;
   • Failure to appoint a compliance officer;
   • Failure to implement due diligence measures;
   • Failure to comply with continuous monitoring provisions regarding the commercial relationship with the client;
   • Failure to comply with provisions related to electronic transactions concerning the information of the originator and beneficiary, and their retention;
   • Failure to implement due diligence and mitigation measures by identified money laundering risk;
   • Failure to implement mitigation or risk management measures when medium or high-risk situations have been identified;
   • Failure to comply with the provisions for the development and implementation of a program for the detection, prevention, and management of money laundering risks; and
   • Repeated commission of the same minor violation within one year.

 

1. Severe violations: a fine of twenty to forty unified basic salaries will be imposed for the following offenses:

• Operating without the registration code issued by the UAFE;
• Operating without the required registration, license, or authorization related to money laundering prevention;
• Failure to retain records of information for ten years;
• Failure to report suspicious transactions to the UAFE;
• Holding or opening an account without identifying the beneficial owner, or holding or opening anonymous accounts;
• Maintaining a business relationship or account without ongoing identification of the beneficial owner;
• Initiating, continuing, or failing to terminate a relationship with a shell bank;
• Disclosing to unauthorized third parties the submission or existence of a suspicious transaction report or any information sent to the UAFE, or revealing that a suspicious transaction is under examination;
• Failure to provide information required by the UAFE;
• Refusing, preventing, obstructing, or hindering the oversight, supervision, and monitoring conducted by regulatory bodies;
• Failure to comply with preventive measures ordered by the competent authority;
• Failure to implement corrective measures; and
• Disclosing or using information classified as confidential or secret by the UAFE.

[1] Official Register Supplement No. 802 of July 21, 2016.

[2] Entities that belong to the Central Payment System include: the interbank payment system, interbank collection system, check clearinghouse, specialized clearinghouses, online payment system, integrated payment system, and the instant payment network; and to the Auxiliary Payment System: financial institutions, auxiliary service providers of the financial system, technology service providers, specialized electronic deposit and payment companies, and administrators of the Auxiliary Payment System (Resolution No. JPRM-2024-018-M).

 

Dario Escobar, Asociado en CorralRosales
descobar@corralrosales.com
+593 2 2544144

 

On July 12, 2025, Ecuador’s Official Register published the Organic Law for the Strengthening of Protected Areas. The law introduces significant amendments to the country’s aviation legal framework aimed at facilitating the entry of new international air operators into the domestic market.

 

Key reforms:

 

1. Automatic recognition of foreign air operator certificates (AOCs). A new general provision has been added to the Aeronautical Code that allows international operators domiciled in Ecuador to use their Air Operator Certificate (AOC) issued by their home state authority without further validation once they obtain their operating permit from the National Civil Aviation Council (CNAC). The Civil Aviation Authority (DGAC) must issue the technical regulations implementing this recognition within 30 days.

 

1. Requirements to Provide Air Services The amendment to Article 59(5) of the Civil Aviation Law clarifies that air services may be provided by legal entities authorized by the CNAC without requiring them to incorporate as Ecuadorian companies.

 

Comment

 

These reforms eliminate key barriers to entry in Ecuador’s domestic market by reducing the time and cost of regulations for foreign airlines that wish to operate internal routes. Using a foreign Air Operator Certificate (AOC) directly eliminates duplicative technical certification processes, representing a significant improvement over the previous regime.

 

The new framework is also expected to increase national air connectivity, particularly on underserved routes, and boost competition, which will help lower domestic airfares for passengers.

 

The CorralRosales aviation law team is prepared to guide international operators through the entire Operating Permit process and coordinate technical matters with the DGAC.

 

 

Xavier Rosales, Partner at CorralRosales
xrosales@corralrosales.com
+593 2 2544144

Veronica Olivo, Associate at CorralRosales
volivo@corralrosales.com
+593 2 2544144