NIS2 Implementation in the EU |
|
Portugal |
|
|
(Europe)
Firm
Morais Leitão, Galvão Teles, Soares Da Silva & Associados
Contributors
Helena Barroso |
|
| Status | On hold |
| Status of the NIS2 Implementation Act | On 24 October 2024, the Portuguese government approved for public consultation two projects on cybersecurity legislation - one of which is a draft for the implementation of the NIS2 Directive (the other being a new cybersecurity legal regime for Portugal). Public consultation of the drafts was opened on November 22, 2024. It is currently unknown when the projects will be submitted as bills before the Portuguese Parliament (information indicates the Government's intention would be to do so once the current work, in Parliament, for the approval of the 2025 State Budget is completed). |
| If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive | The law submitted to public consultation will not directly transpose the NIS2 Directive, but grant legislative powers for the Government to issue transposition legislation, whilst including the wording for the authorised legislative act. The scope of the application is expanded, including public administration entities (including at the local level). Specific entities that carry out activities in the areas of national security, public security, defense or law enforcement, including the prevention, investigation, detection and prosecution of criminal offenses are exempted from the scope of application. The competent authority responsible for cybersecurity strengthens its role as national cybersecurity authority and the projected legislation foresees the designation of “sectoral” and “special” supervisory authorities. The risk management model expected to be provided for in the local legislation consists of setting pre-defined risk standards, applicable to each sector and type of sector and type of entity (and application of corresponding preventive measures). |
| Expected date of entry into force of the Implementation Act | Not applicable. |
NIS2 Implementation in the EU
Portugal
(Europe) Firm Morais Leitão, Galvão Teles, Soares Da Silva & AssociadosContributors Helena Barroso
Updated 06 Feb 2025On hold
On 24 October 2024, the Portuguese government approved for public consultation two projects on cybersecurity legislation - one of which is a draft for the implementation of the NIS2 Directive (the other being a new cybersecurity legal regime for Portugal). Public consultation of the drafts was opened on November 22, 2024. It is currently unknown when the projects will be submitted as bills before the Portuguese Parliament (information indicates the Government's intention would be to do so once the current work, in Parliament, for the approval of the 2025 State Budget is completed).
The law submitted to public consultation will not directly transpose the NIS2 Directive, but grant legislative powers for the Government to issue transposition legislation, whilst including the wording for the authorised legislative act. The scope of the application is expanded, including public administration entities (including at the local level). Specific entities that carry out activities in the areas of national security, public security, defense or law enforcement, including the prevention, investigation, detection and prosecution of criminal offenses are exempted from the scope of application. The competent authority responsible for cybersecurity strengthens its role as national cybersecurity authority and the projected legislation foresees the designation of “sectoral” and “special” supervisory authorities. The risk management model expected to be provided for in the local legislation consists of setting pre-defined risk standards, applicable to each sector and type of sector and type of entity (and application of corresponding preventive measures).
Not applicable.