Portugal
(a) What is the NIS2 implementation status?
The NIS 2 is not yet implemented, the aim was to have an impact study on the implementation of the NIS by October.
However, up until now there has been no public consultation to discuss the application of NIS 2, being Portugal one of the EU countries that is still behind on the Directive’s transposition.
(b) What is the envisaged NIS2 implementation timeline?
The transposition is expected to be completed before the deadline, however there is no definite date.
(c) What does the NIS2 mean for other national cybersecurity legislation?
The other national cybersecurity legislation must be revised, in order to comply with the new requirements imposed by NIS2, namely law 46/2018 of August 13 (regarding the Legal Framework for Cyberspace Security) and decree-law 65/2021 of July 30 (which regulates the legal framework for cyberspace security).
(d) Who will be the supervisory authority and how are they preparing the market?
The supervisory authority is Centro Nacional de Cibersegurança Portugal (CNCS). CNCS adopted in the past a pedagogical approach, however, it has recently assumed a more proactive attitude and have warned that it will become stricter in applying the legal regime. Currently, it is preparing an implementation impact study regarding the NIS2 transposition, that should be presented in October of this year.
(e) What should you be doing/on the lookout for?
Clients operating in the various sectors now covered by NIS2 should begin to ensure compliance with the new rules, particularly in terms of risk management measures and stricter and more detailed information obligations, especially regarding providers of public communications networks or publicly available electronic communications services.
Furthermore, additional care must be taken with the rules that have already been laid down, as regulators are expected to take a closer look at the application of cybersecurity law.
Contact
Margarida Roda Santos E: mrodasantos@eversheds-sutherland.net
Paulo Sampaio Neves E: psampaioneves@eversheds-sutherland.net
© Eversheds Sutherland. All rights reserved. Eversheds Sutherland is a global provider of legal and other services operating through various separate and distinct legal entities. Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed and affiliated firms and the members of Eversheds Sutherland (Europe) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements and operate in accordance with their locally registered names. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global LLP. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client.
Share this page