Cybersecurity is no longer a “desirable” option in the productive ecosystem; it is a legal and operational requirement. With the publication of the Industrial Cybersecurity Regulatory Guide (April 2026), AMTEGA establishes a clear roadmap for Galician industrial companies.
At InprOTech, responsible for the technical management of the Industrial Cybersecurity Laboratory and Demonstration Centre, we analyse below the key pillars of this document and its real impact on the industry.
An evolving regulatory framework
The guide focuses on the imminent impact of the NIS2 Directive, which significantly broadens its scope of application, incorporating sectors that until now were off the regulatory radar.
Industrial organisations therefore face the need to implement more robust risk management models, as well as to comply with much more demanding incident notification deadlines.
The objective is no longer limited to data confidentiality: it is about guaranteeing the continuity of essential services and critical industrial processes.
IEC 62443: a common language for industrial cybersecurity
One of the pillars of the guide is the adoption of the IEC 62443 standard as a reference framework. Unlike exclusively IT standards, this standard focuses on the availability, integrity and functional safety of industrial control systems (ICS).
The guide facilitates the interpretation of these Security Levels (SL), enabling controls to be scaled progressively and in alignment with each company’s operational reality.
Strategic axes for Industry 4.0:
- IT/OT convergence: the regulations no longer contemplate isolated compartments. Security must be comprehensive, protecting everything from the ERP to the PLC on the production line.
- Supply chain responsibility: following the spirit of the Cyber Resilience Act, companies must audit not only their own systems, but also their technology providers.
- The Laboratory as a strategic ally: the Demonstration Centre positions itself as the ideal environment for Galician companies to carry out proofs of concept and attack/defence simulations in controlled scenarios before deploying them in production.
Conclusion
The guide should not be read as a manual of restrictions, but as a business enabler. A cyber-secure industry is a reliable industry, capable of competing in international markets that increasingly demand greater digital trust credentials.
At InprOTech we are proud to collaborate with AMTEGA to translate these technical concepts into the day-to-day reality of our companies, transforming regulation into a true competitive advantage for Galicia.