Legal Regime

Law No. 46/2018, of 13 August, sets out the legal regime for cyberspace security, transposing Directive (EU) 2016/1148 of the European Parliament and of the Council, of 6 July 2016, on measures to ensure a high common level of security of network and information systems across the European Union.

The Legal Framework for the Security of Cyberspace applies to public administration entities, critical infrastructure operators, operators of essential services, digital service providers, as well as any other entities using networks and information systems, including in the context of voluntary incident reporting.

Chapter II establishes the National Structure for Cyberspace Security, which includes the Higher Council for Cyberspace Security as a specific body to consult the Prime Minister on matters concerning cyberspace security. Also in this Chapter, it establishes the National Cybersecurity Centre as the National Cybersecurity Authority and "CERT.PT" as the National Computer Security Incident Response Team.

Chapter III provides that the entities to which the Legal Framework for Cyberspace Security applies must adopt security requirements and notify the National Cybersecurity Centre of incidents with a relevant impact on the security of the respective networks and information systems.

Finally, Chapter IV sets out the system of supervision and sanctions and Chapter V the final provisions with emphasis on the identification system of operators of essential services and digital service providers.

Cyberspace Security Legal Regime

Network and Information Security throughout the Union

Implementing rules of Directive (EU) 2016/1148