Ir para conteúdo
Imagem Regime jurídico

Law No. 46/2018, of 13 August, sets out the legal regime for cyberspace security, transposing Directive (EU) 2016/1148 of the European Parliament and of the Council, of 6 July 2016, on measures to ensure a high common level of security of network and information systems across the European Union.

The Legal Framework for the Security of Cyberspace applies to public administration entities, critical infrastructure operators, operators of essential services, digital service providers, as well as any other entities using networks and information systems, including in the context of voluntary incident reporting.

Chapter II establishes the National Structure for Cyberspace Security, which includes the Higher Council for Cyberspace Security as a specific body to consult the Prime Minister on matters concerning cyberspace security. Also in this Chapter, it establishes the National Cybersecurity Centre as the National Cybersecurity Authority and "CERT.PT" as the National Computer Security Incident Response Team.

Chapter III provides that the entities to which the Legal Framework for Cyberspace Security applies must adopt security requirements and notify the National Cybersecurity Centre of incidents with a relevant impact on the security of the respective networks and information systems.

Finally, Chapter IV sets out the system of supervision and sanctions and Chapter V the final provisions with emphasis on the identification system of operators of essential services and digital service providers.

Cyberspace Security Legal Regime

Law No. 46/2018, of August 13

To view the document

Frequently asked questions (FAQ)

Decree-Law No. 65/2021, of June 30

To view the document

Frequently asked questions (FAQ)

Sending information

Technical Instruction

To view the document

Network and Information Security throughout the Union

Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 on network and information security throughout the Union (Network and Information Security Directive - NIS)

To view the document

Implementing rules of Directive (EU) 2016/1148

This Regulation specifies in detail the elements to be taken into account by digital service providers when identifying and adopting measures to ensure the level of security of the network and information systems which those providers provide in the context of the provision of services referred to in Annex III of Directive (EU) 2016/1148 and specifies in detail the parameters to be taken into account in order to determine whether the impact of an incident on the provision of those services is substantial.

To view the document
Last updated on 26-09-2022