Highly critical sectors excluding financial sectors will have to adhere to the new drafted Spanish law on Cybersecurity Coordination and Governance. Financial entities are subject to cybersecurity risk measures imposed by the Digital Operational Resilience Act. The NIS2 Directive, which was passed in January 2023, will be passed into Spanish law for public and private entities with tax residence in Spain or operating in the country from an EU member state. 

The law facilitates the National Cybersecurity Center which will represent all cybersecurity activities in Spain and be in contact with the European Union. The centre, which also develops the National Cybersecurity Strategy, will identify a list of essential cybersecurity entities by the deadline on April 17, 2025 however regulation changes may enable companies to register themselves. 

Companies must adopt technical and operational measures to manage cybersecurity.

Also in the news:

Statistics show half of Brazilians use digital credentials on smartphones New year, new law: Louisiana to enforce age verification law to protect children online Privacy and security should be guiding principles of NHS federated data platform, says National Data Guardian