News Cyberspace Security Legal Regime - Proposal to transpose the NIS2 Directive (SRI2) 22/11/2024

The portuguese government has made available today, for public consultation until 7 December, through the portal consulta.lex, the proposal to transpose the NIS2 Directive (SRI2) on measures to ensure a high common level of cybersecurity across the European Union.

We would like to draw your attention to a few points in this proposal for an authorised Decree-Law, which aims to approve the Cybersecurity Legal Framework:

  • It specifies the sectors to which the Cyberspace Security Legal Regime applies, including entities in the industrial and food sectors;
  • Changes competences in the regulation and notification of cybersecurity incidents in the communications sectors;
  • Provides, within the scope of criminal legislation, for the well-known institute of ‘responsible vulnerability disclosure’ for identifying system vulnerabilities;
  • Transforms the Security Officer defined in Decree-Law 65/2021 into the Cybersecurity Officer;
  • Assigns qualifications of essential entities, important entities and relevant entities to assess the proportionality of the application of certain measures.


With a broad scope of application, cybersecurity can be a challenge. GPA's Cybersecurity & AI team will keep a close eye on all developments in this area, anticipating regulatory risks and gathering best cybersecurity practices.

Please note, your browser is out of date.
For a good browsing experience we recommend using the latest version of Chrome, Firefox, Safari, Opera or Internet Explorer.