PORTUGAL Law and Practice Contributed by: Ricardo Henriques and Diogo Pereira Duarte, Abreu Advogados
Abreu Advogados Av. Infante Dom Henrique 26 1149-09 Lisbon Portugal
Tel: (+351) 217 231 800 Fax: (+351) 217 231 899 Email: lisboa@abreuadvogados.com Web: abreuadvogados.com/en/
1. General Overview of Laws and Regulators 1.1 Cybersecurity Regulation Strategy Portugal has demonstrated a strong commit - ment to enhancing the country’s cybersecurity by defining a National Cybersecurity Strategy for 2019 to 2023. This government initiative outlines three strategic objectives to ensure a high national level of cybersecurity: i) maxim - ising digital resilience; ii) promoting innovation in cyberspace; and iii) generating and securing resources. To achieve these objectives, the gov - ernment has set six priorities: • cyberspace security structure; • prevention, education, and awareness; • protection of cyberspace and infrastructures; • response to threats and combating cyber - crime; • research, development, and innovation; and • national and international co-operation. The National Cybersecurity Centre (CNCS), as the national cybersecurity authority, has under - taken various actions to implement the Action Plan of the National Cybersecurity Strategy. The CNCS has particularly focused on preventing cyber-risks and raising awareness among citi - zens and companies.
However, the CNCS highlights in its 2024 Socie - ty report that the increasing number and sophis - tication of cyber-attacks, driven by the growing online presence of Portuguese citizens, reveal a lack of resources in the Portuguese public administration to address these new challeng - es. Currently, there is no national cybersecurity strategy for the upcoming years, although the CNCS has indicated that an updated strategy will be developed to address the sector’s most pressing needs. On another note, the EU has taken on the role of legislator in cybersecurity matters, delegat - ing the transposition and implementation of these laws to member states, considering their national contexts. Given that cybersecurity is a fundamental challenge for the Union, it is essen - tial for member states to maintain a consistent and robust legal framework. This ensures that countries like Portugal can benefit from shared resources and guidelines, promoting a high level of cybersecurity in the borderless cyberspace. 1.2 Cybersecurity Laws The primary laws and regulations governing cybersecurity in Portugal are the following: • Regulation (EU) 2016/679, of 27 April 2016 on the protection of natural persons with regard
199 CHAMBERS.COM
Powered by FlippingBook