{"id":18476,"date":"2025-09-25T08:30:38","date_gmt":"2025-09-25T07:30:38","guid":{"rendered":"https:\/\/adcecija.pt\/?p=18476"},"modified":"2025-09-25T10:17:54","modified_gmt":"2025-09-25T09:17:54","slug":"portugal-passes-nis2-transposition","status":"publish","type":"post","link":"https:\/\/adcecija.pt\/en\/portugal-passes-nis2-transposition\/","title":{"rendered":"Portugal Passes NIS2 Transposition"},"content":{"rendered":"

\"\"<\/p>\n

 <\/p>\n

The Portuguese Parliament has approved the transposition of the European NIS2 Directive, marking a turning point in national digital security.<\/p>\n

The bill still awaits presidential promulgation and publication in the Official Gazette, after which the new cybersecurity rules will become mandatory.<\/p>\n

What changes in practice:<\/strong><\/p>\n

Broader scope<\/strong>
The bill now covers sectors such as energy, transport, banking, financial infrastructures, healthcare, water supply, public administration, the space sector, and digital infrastructures.<\/p>\n

Digital service providers<\/strong>
Also included are providers of cloud services, data centers, content delivery networks (CDNs), DNS services, online marketplaces, search engines, and social media platforms.<\/p>\n

Personal liability<\/strong> \u2013 Executives and directors may now be held personally liable for non-compliance \u2014 a clear sign that cybersecurity has moved up to the C-level agenda.<\/p>\n

Mandatory CISO role<\/strong> \u2013 Appointment of a Chief Information Security Officer (or equivalent) as the compliance guarantor and responsible for implementing security measures.<\/p>\n

Strict incident reporting deadlines<\/strong><\/p>\n