Lisbon, Jan. 2 ,2025 (Lusa) - A public consultation in Portugal on planned new cybersecurity rules to transpose a key European Union's directive into national law, which closed on 31 December, received 149 contributions, an official source working under the cabinet office minister told Lusa on Thursday.
"The public consultation on the new legal framework for cybersecurity closed on 31 December with 149 contributions from dozens of citizens, associations, companies and other entities, which reflects the high level of interest in participating from various sectors of Portuguese society," the official said.
According to this cabinet office source, "as soon as the analysis of the contributions submitted through the public consultation is completed, the government will submit to Parliament the proposal for a legislative authorisation law at the beginning of the year, so that Portugal can be one of the first member states of the European Union to implement the transposition of the directive on Network and Information Security 2 (NIS2), aimed at guaranteeing a high common level of cybersecurity throughout the EU."
On 10 December, 20 contributions had been received, and the public consultation was extended until the end of last year.
The new cybersecurity legal framework, which transposes the NIS2 directive, broadens the range of entities covered, prioritising on the one hand the widespread prevention of cybersecurity risks, while at the same time graduating the regulatory requirement according to the size of the entity and the importance of its activity, as well as prioritising the proportionality of the applicable measures.
According to Article 18, "the member of the Government responsible for cybersecurity may determine the application of provisional restrictions on the use, cessation of use or exclusion of information and communication technology equipment, components or services used in public or private information networks and systems, considered to be of high risk to the security of cyberspace of national interest, upon proposal by the Cyberspace Security Assessment Commission."
The security assessment "must take into account the technical risks of the equipment, components or services, their context of use and the exposure of their manufacturers or suppliers to undue influence from third countries, including relevant information issued by the competent national and European Union bodies or contained in national or European risk assessments for the security of networks and information systems, as well as other relevant security risks," the document reads.
Among other measures, the new rules differentiate between the treatment of essential entities and important entities, according to risk, and provides for fines of up to €10 million in the case of very serious offences for the former.
ALU/ARO // ARO.
Lusa
