The Portuguese "National Reference Framework for Cybersecurity" has just been released. Abreu Advogados is a well-regarded cybersecurity and technology law firm in Portugal and have just performed an analysis into the practical applications of the new framework.
Regulation in cybersecurity
We are currently facing an increasingly pressing tendency towards regulation and concern about the state of cybersecurity, which is why the "National Reference Framework for Cybersecurity" has recently been published by the National Center for Cybersecurity. This center is a public organization that operates before the National Office of Security with the aim of contributing to Portugal's free, reliable and safe use of cyberspace through the continuous improvement of national cybersecurity and international cooperation.
The National Reference Framework for Cybersecurity was created as a consequence of the increasing regulation of cybersecurity at national and international levels, aiming to offer a practical approach that allows users to comply with the norms related to Cybersecurity, as well as the National Cyberspace Security Strategy defined in May 2019 for Portugal.
As a technology law firm in Portugal clients turn to us to manage legal risk in relation to the threat of cyber-attacks.
The practices and recommendations in the framework are intended for the safe and reliable maintenance of cyberspace, but also for the protection and safety of its users.
The omission of such suggested good practices can lead to possible risks, not only to the reputation and image of the company, through the loss of confidence of its partners, but also in legal and financial terms, since users may be subject to compensation payments or to incur misconduct if they fail to comply with the obligations arising from Law No. 46/2018, of 13 August or the General Regulation on Data Protection, especially the obligations of notification regarding the breach of security or personal data.
Following the publication of this document, the Portuguese government National Cybersecurity Center and the Association DNS.PT, manager of the top level domain .pt, provides the webcheck.pt online platform.
The webcheck.pt platform allows users to verify, in real time, the level of compliance of an Internet and e-mail domain regarding the latest standards for secure communication between systems.
As part of the growing regulation of cybersecurity in Europe, and also in Portugal, the EU Cybersecurity Act [Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification] came into force on 27 June.
The aforementioned EU Cybersecurity Act arises in the aftermath of Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July, regarding security measures for networks and information systems in the European Union, as well as Portugal Cybersecurity Law no. 46/2018 of 13 August, which transposed this Directive into the Portuguese legal system.
Abreu Advogados is a specialized technology law firm in Portugal, our intellectual property and information technology practice area advises national and international clients in relevant business sectors for the economy such as the healthcare, pharmaceutical and life sciences sectors, the automotive sector, fashion and luxury retail, agro food, innovation and technology and the entertainment sector.