National Security Law: regulates (i) the basic principles, the higher Public Administration bodies, authorities and main components of National Security; (ii) the National Security System and the management, organisation and coordination thereof; (iii) crisis management; and (iv) the contribution of resources to National Security. It includes cybersecurity among the areas of particular concern to National Security. This Law applies to public administrations and, on the terms set out therein, to natural persons and legal entities.
National Security Scheme: regulates the security policy to be applied in the use of electronic means in the context of the public sector, laying down the basic principles and minimum requirements for a proper protection of information to be applied by Public Administrations. It does not cover information systems governed by official secrets regulations.
National Interoperability Scheme: regulates the criteria and recommendations in terms of security, preservation and standardisation of information, formats and applications to be considered by the Public Administrations to ensure an adequate level of interoperability of the data, information and services they manage, and to avoid citizens’ discrimination on grounds of their technological choices.
CIP Law: sets out the framework for the protection of critical infrastructure, introducing measures and obligations for the public and the private sectors. It promotes the coordination and involvement of public administrations and managing bodies or owners of the infrastructure providing essential services. The strategic sectors covered by the Law are administration, space, nuclear, chemicals, research facilities, water, energy, health, ICT, transport, food, and financial services & tax.
Network and Information System Security: the Royal Decree-Law 12/2018 and its regulation transposed the NIS Directive into the Spanish legal system and set up the legal framework for cybersecurity for operators of essential services and digital service providers. The Royal Decree-Law 12/2018 applies to the provision of: a) essential services dependent on networks and information services included in the strategic sectors defined in the annex of the CIP Law, and b) digital services (online marketplace, online search engine and cloud computing service). Operators of electronic communications networks and services are subject to this legal framework when established in Spain. Operators of electronic communications networks and services and trusted electronic service providers that are not designated as critical operators under CIP Law and digital service providers in the case of micro or small enterprises are out of the scope of the Royal Decree-Law 12/2018.
Telecoms Act: the main piece of legislation governing the provision of electronic communications networks and services. Among other regulatory obligations, electronic communications operators are subject to a number of security requirements aimed at ensuring the secrecy of communications, the protection of personal data, and the integrity and security of networks and services.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.