Lisbon, Dec. 12, 2025 (Lusa) - The Portuguese government on Friday put forward a draft bill in parliament to transpose European directives on digital operational resilience in the financial sector, pointing out that it provides institutions with "more robust" tools to prevent and respond to cyberattacks.

In a debate in parliament, the secretary of state for the Treasury and Finance stated that the draft bill ensuring the implementation of European legal acts in Portuguese law relating to the digital operational resilience of the financial sector is a "decisive step in defending the integrity, continuity and credibility of financial infrastructures".

João Silva Lopes reiterated that these measures are "providing financial entities with more robust instruments to prevent, resist and respond to technological incidents and cyberattacks", as well as "strengthening the supervision of risks associated with information technologies and ensuring increased protection for consumers, investors and the economy itself".

"In a context where the digitisation of the financial system is irreversible and threats are increasingly sophisticated," he stressed, the State "cannot fail to ensure the security and protection of institutions, companies and citizens".

This regulation and European directive are "fundamental instruments of the European Union to strengthen the operational resilience of the financial sector," he argued.

The aim is "to ensure that all entities in the financial sector are prepared to prevent and respond to incidents related to information technology, such as cyber attacks, system failures, technological disruptions and others that could jeopardise financial stability and citizens' confidence in the financial system".

This regulation therefore creates a "harmonised framework at European level, applicable to all financial entities, avoiding fragmented responses between member states" and also ensuring the "strengthening of the functioning of the internal market," he pointed out.

The secretary of state highlighted some measures, namely the identification as supervision of the Bank of Portugal, the Insurance and Pension Funds Supervisory Authority (ASF) and the Securities Market Commission (CMVM), "ensuring the effective, coordinated and secure application of the new rules".

This proposal also has a "national scope of application, extending the regime to insurance and reinsurance companies and pension fund management entities," he added.

When questioned about this extension of the regulation's scope, the secretary of state explained that "it is a matter of consistency".

"We wanted to ensure full alignment so that entities would be covered by this regime and by the directive," he pointed out.

"Anything that can contribute to increasing consumer confidence is positive," he said.

João Silva Lopes also said that the Government had an "arduous task of recovering the legacy of regulations that need to be implemented and directives transposed," noting that a dozen directives have already been transposed.

The draft bill was approved today in a final overall vote in plenary, with the Liberal Party (IL) and Communist Party (PCP) abstaining and the remaining parties voting in favour.

At issue is the DORA [Digital Operational Resilience Act] regulation, which was published on 27 December 2022 and establishes uniform rules in the EU on the ability to manage the risk associated with information technologies, incident reporting, resilience testing and monitoring of the risk associated with service providers.

MES/AYLS // AYLS

Lusa