The Central Bank (CB) has initiated in-depth studies on the impacts of quantum computing and artificial intelligence (AI), focusing on the security of the financial system. Carlos André de Melo Alves, coordinator of the CB, presented the guidelines on March 25 during the Trust Exchange 2026 event, highlighting the need for new approaches to protect sensitive data in light of the advancement of these technologies.
Additionally, the CB is analyzing suitable encryption standards for the post-quantum scenario, aiming to ensure the confidentiality of financial information. This concern arises in the context of the processing of Bill (PL) 2,338 of 2023, known as the AI Bill, which passed the Senate in 2024 and is still under review in the Chamber of Deputies.
The Central Bank’s Financial Stability Report, released in the first half of 2025, pointed out the challenges presented by artificial intelligence in the sector, especially regarding cybersecurity and fraud prevention. Therefore, at the end of 2025, the National Monetary Council (CMN) and the Central Bank published resolutions CMN 5,274/2025 and BCB 538/2025, which established rules in effect since March 1, 2026.
These rules mandated the implementation of minimum controls, such as rigorous management of digital certificates and regular penetration testing. The proposal also includes a reorientation of digital security, shifting from practices focused solely on declarative compliance to prioritizing the operational resilience of financial institutions.
The CB maintains continuous monitoring of compliance with measures against fraud and cyber threats, requiring that organizations in the sector adapt their security policies according to the new requirements. In this regard, Carlos André emphasized the importance of secure system integration and transaction traceability as fundamental points to strengthen protection.
A dialogue is also underway with other regulatory bodies to establish guidelines on the use of quantum encryption, especially to defend critical communications in the financial sector and essential infrastructures. Although the Central Bank has not disclosed specific cases of fraud related to Pix, it stated that it may deepen investigations if necessary.
Meanwhile, the AI Bill aims to establish a general regulatory framework for artificial intelligence systems in the country, covering aspects that directly impact the practices adopted by financial institutions. Even so, the CB considers that the current rules for fraud prevention involving Pix are adequate but remains attentive to the practical application of these regulations.
Overall, the recent decisions of the Central Bank indicate a concentrated effort to reinforce minimum controls in the face of the growing sophistication of virtual attacks. The introduction of additional requirements reflects the impact of emerging technologies on the cybersecurity policies of regulated institutions.
The expectation is that the Central Bank will advance in analyses and may adjust the regulatory guidelines according to the progress of research and the development of quantum and artificial intelligence technologies. Besides national oversight, the proposed measures will also be submitted to evaluation by other regulators, aiming at the comprehensive protection of the financial system.
