Re: Request for Comments on the Operation of the Agreement between the United States of America, the United Mexican States, and Canada – Docket No: USTR-2025-0004
The Digi Americas Alliance appreciates the opportunity to submit comments regarding the review of the USMCA. As a trade organization composed of 22 member companies representing the technology and cybersecurity sectors across North America and Latin America, we recognize the critical role that the USMCA plays in shaping international trade and the resilience of digital supply chains. We believe this review presents an important opportunity to elevate cybersecurity cooperation among the Parties, promote adoption of internationally recognized frameworks such as the NIST Cybersecurity Framework, strengthen protections for digital and ICT supply chains, advance cross-border collaboration on data protection and privacy, and enhance workforce preparedness for jobs in the digital economy.
Elevate Cybersecurity Commitments Within USMCA
USMCA should build upon the language within Chapter 19: Digital Trade regarding cybersecurity best practices. While Article 19.15 – Cybersecurity already provides a solid foundation, it should be expanded and strengthened to ensure that Parties move beyond general cooperation and adopt concrete, practical measures that strengthen the digital ecosystem.
Recommendations:
Adopt the NIST Cybersecurity Framework (CSF):
Establish the NIST CSF as the shared baseline cybersecurity framework for the US, Mexico, and Canada.
Promote regulatory and policy alignment across Parties, fostering harmonization and simplifying compliance for companies operating regionally.
Encourage recognition of the CSF by sectoral regulators and industry associations to ensure consistent implementation.
Strengthen Information Sharing Mechanisms:
Include commitments that encourage and incentivize organizations to share cyber threat intelligence on a regular and secure basis.
Build trilateral mechanisms to facilitate real-time exchange of cybersecurity intelligence, threat reports, and best practices between governments and private sector actors.
Encourage public-private partnerships that broaden participation beyond critical infrastructure to include SMEs and mid-size enterprises in the digital supply chain.
Enhance Critical Infrastructure Protection:
Require Parties to identify critical infrastructure sectors and ensure they adopt higher cybersecurity baselines.
Encourage sector-specific risk assessments and the adoption of resilience measures for critical digital and ICT systems.
Promote cooperation in developing joint incident response exercises and continuity-of-operations plans for cross-border supply chains.
Enhance Supply Chain Security for Digital and ICT Systems:
Include language supporting secure-by-design and secure-by-default principles for digital products in regional markets.
Incorporate language that reflects the importance of supply chain resilience for digital infrastructure and emerging technologies (semiconductors, cloud, AI, quantum computing, etc.)
Encourage the development of a North American supply chain resilience strategy.
Advance Cross-Border Data Protection and Privacy Collaboration
Strengthen language to ensure alignment of privacy regimes to facilitate secure and trusted data flows across borders.
Support interoperability frameworks.
Encourage trilateral engagement on AI governance and personal data protection, focusing on principles such as security, privacy, and ethics.
Build Cybersecurity into Workforce and Skills Development
Support digital literacy and upskilling efforts to ensure a cyber-ready workforce.
Small and Medium-Sized Enterprises
We recommend strengthening the language in Chapter 25: Small and Medium-Sized Enterprises to reflect SMEs’ critical roles in both the labor market and the cybersecurity ecosystem. SMEs are essential participants in digital supply chains, yet they are often the most vulnerable to cyber threats. Explicit recognition of their importance, combined with measures that encourage adoption of international cybersecurity standards such as the NIST Cybersecurity Framework, will help ensure that SMEs operate securely and contribute to the resilience of the broader digital ecosystem.
Conclusion
As the United States, Mexico, and Canada reaffirm their commitment to the USMCA, the Parties should seize this opportunity to improve the overall cybersecurity ecosystem and secure digital supply chains, thereby preparing their economies for an increasingly digital future. Strengthening cooperation on cybersecurity and supply chain resilience will not only protect critical infrastructure and sensitive data but will also enhance trust in cross-border trade and digital services. By embedding internationally recognized standards such as the NIST Cybersecurity Framework, encouraging robust information sharing, and supporting the cybersecurity readiness of SMEs, the USMCA can set a global benchmark for digital trade.
Continuous collaboration in these areas will enable industry to flourish, drive innovation, and create high-quality jobs across the region. Most importantly, it will ensure that North America remains a trusted leader in the global digital economy. The Digi Americas Alliance appreciates the opportunity to comment and looks forward to collaborating with USTR in this process.
Respectfully Submitted,
Digi Americas Alliance
View the official submission here: https://comments.ustr.gov/s/commentdetails?rid=4TF6FK6CQW