The Coverage Gap: Chile's Cyber Disclosure Framework versus the USA, EU and UK

arXiv:2606.05594v1 Announce Type: new Abstract: We introduce the Coverage Gap as a measurable distance between the observable public exposure of critical-infrastructure operators and their declared capability to coordinate vulnerability disclosure. We instantiate it against the 915 Chilean Operadores de Importancia Vital (OIVs -- Operators of Vital Importance) designated by the National Cybersecurity Agency (ANCI) under Ley 21.663 (Resolucion Exenta No. 87, 16 December 2025). Using a passive-only, OSINT-based method consistent with the principles of ISO/IEC 29147:2018 and Chile's computer-crimes safe harbour (Ley 21.459), we conduct a full-universe census of the foundational disclosure-capability layer (Layer 1, verifiable disclosure contact) across approximately 98.7% of the official catalogue. Only 16 of 915 OIVs (1.7%) publish a verifiable RFC 9116 disclosure channel; among operators of physical-world infrastructure -- energy, health, banking, telecommunications, fuel, water, transport, and state administration -- fewer than ten do so, and all four major banks and both telecommunications incumbents lack one entirely. This compares with over 99% adherence in the U.S. federal civilian branch under CISA Binding Operational Directive 18-01. Email-authentication misconfiguration affects 766 of 915 (84%) OIVs, and end-of-life or known-vulnerable stack components an estimated 23.5% (Wilson 95% CI [12%, 38%]). Cross-jurisdictional benchmarking situates Chile roughly eight years behind the USA, the UK, and the Netherlands on email-authentication mandates, and three years behind Denmark. We propose a four-stage roadmap modelled on BOD 18-01 and the UK Public-Sector DMARC Toolkit, and release the open-source tool anci-oiv-resolver (Apache 2.0) to enable independent reproduction of the OIV-domain mapping that underpins universe-scale auditing.