{"id":2158,"date":"2025-02-06T11:20:41","date_gmt":"2025-02-06T11:20:41","guid":{"rendered":"https:\/\/inprotech.es\/?p=2158"},"modified":"2025-02-17T12:52:55","modified_gmt":"2025-02-17T12:52:55","slug":"how-does-the-nis2-regulation-affect-spain-2","status":"publish","type":"post","link":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/","title":{"rendered":"How Does the NIS2 Regulation Affect Spain?"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">On January 14, the Spanish government announced the approval of the preliminary draft of the new Spanish cybersecurity law, whose name was chosen as the <\/span><b>\u201cCybersecurity Coordination and Governance Law\u201d<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This law arises as a transposition of the <\/span><b><a href=\"https:\/\/inprotech.es\/en\/nis2-the-new-european-directive-on-cibersecurity\/\">Network and Information Security 2 Directive (NIS2)<\/a>, <\/b><span style=\"font-weight: 400;\">approved by the EU in 2022, and with the aim of \u201creinforcing the protection of networks and information systems, which are subject to serious cyber threats and risks that require adapted, coordinated and innovative responses\u201d. With this, the intention is to position this new law as the most important cybersecurity regulation in Spain.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The following are the most important points contained in the preliminary draft of the law.<\/span><\/p>\n<h2><b>Creation of the National Center for Cybersecurity<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">In order to constitute a single competent national authority for cybersecurity, it is proposed to create the <\/span><b>National Cybersecurity Center<\/b><span style=\"font-weight: 400;\">, which will carry out functions of direction, coordination and supervision, as well as the promotion of the activities provided for by the law.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">On the other hand, it will also act as a single point of contact for cross-border and cross-sector cooperation, in addition to acting as a national authority for cybersecurity crisis management and as a national cybersecurity incident response team, coordinating the network of national reference <\/span><b>CSIRT<\/b><span style=\"font-weight: 400;\"> (Cybersecurity Incident Response Teams): <\/span><b>CCN-CERT<\/b><span style=\"font-weight: 400;\">; <\/span><b>INCIBE-CERT<\/b><span style=\"font-weight: 400;\"> and <\/span><b>ESPDEF-CERT<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<h2><b>Entities classification<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The new law classifies entities into two types based on their level of criticality in relation to national security, market and other key aspects of cybersecurity:<\/span><\/p>\n<h3><b>Essential Entities<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">These are organizations whose service interruption or failure could have a significant impact on public safety, public order, public health, or cause critical systemic risks. Given their relevance, they are subject to a series of measures:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Risk management measures:<\/b><span style=\"font-weight: 400;\"> Implement individualized risk assessments and take measures to ensure the security of your systems.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Incident Notification:<\/b><span style=\"font-weight: 400;\"> Report any significant incidents through the National Cyber Incident Notification and Tracking Platform.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Designation of information security officers:<\/b><span style=\"font-weight: 400;\"> Each entity should have a point of contact in charge of coordinating with the competent authorities.<\/span><\/li>\n<\/ul>\n<p><b>Essential entities<\/b><span style=\"font-weight: 400;\"> are classified as those that meet the established size and criticality criteria:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Large companies<\/b><span style=\"font-weight: 400;\"> (\u2265250 employees and annual turnover &gt; \u20ac50 million or annual balance sheet total &gt; \u20ac43 million).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Providers of public electronic communications networks or electronic communications services<\/b><span style=\"font-weight: 400;\"> if they are <\/span><b>medium-sized companies<\/b><span style=\"font-weight: 400;\"> (50-249 employees and annual turnover or annual balance sheet total between \u20ac10 and \u20ac50 million).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Qualified trust service providers and top-level domain name registries, as well as DNS<\/b><span style=\"font-weight: 400;\"> service providers, regardless of size.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Entities of the General State Administration and Administrations of Autonomous Communities<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Entities identified by the control authorities<\/b><span style=\"font-weight: 400;\"> as essential due to the critical impact of their services.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Critical entities according to applicable regulations.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Entities that before January 16, 2023 were already identified as operators of essential services according to<\/span><b> Royal Decree-Law 12\/2018.<\/b><\/li>\n<\/ol>\n<h3><b>Important Entities<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">They are considered less critical than the essential ones, but equally relevant to ensure an adequate level of cybersecurity in specific sectors:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Any entity of the sectors listed in Annexes I and II of the law <\/span><b>that does not meet the requirements to be an essential entity<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Municipalities with <\/span><b>more than 20,000 inhabitants<\/b><span style=\"font-weight: 400;\"> and their institutional public sector entities.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Entities identified by the control authorities as <\/span><b>importants<\/b><span style=\"font-weight: 400;\">, based on the criticality of the service provided.<\/span><\/li>\n<\/ol>\n<h2><b>Creation of a catalog of measures necessary for cybersecurity risk management.<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The draft bill specifies a list of security requirements that entities must implement to ensure the security of their systems and networks:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Incident Response and Crisis Management:<\/b><span style=\"font-weight: 400;\"> Implement clear and effective procedures for detecting, responding to and recovering from cybersecurity incidents. These procedures should include periodic drills and cybersecurity audits.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Vulnerability Management and Disclosure:<\/b><span style=\"font-weight: 400;\"> Establish protocols to identify, manage and report vulnerabilities in systems, and share the information obtained with other relevant entities and authorities.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Cybersecurity Testing:<\/b><span style=\"font-weight: 400;\"> Conduct regular tests, such as penetration exercises, to identify potential weaknesses in systems.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Effective Use of Encryption:<\/b><span style=\"font-weight: 400;\"> Adopt advanced encryption solutions to protect sensitive data in transit and at rest.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Supply Chain Protection<\/b><span style=\"font-weight: 400;\">: Assessing and ensuring the security of suppliers and external partners, especially in critical sectors such as digital infrastructure, energy and healthcare.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>National Platform for Notification and Monitoring of Cyberincidents:<\/b><span style=\"font-weight: 400;\"> It will be created for the purpose of facilitating the exchange of technical information and coordination among stakeholders. All regulated entities are required to use this platform to report significant incidents.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">With regard to cybersecurity risk management measures and notification obligations, the following are contemplated:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Each entity shall designate an <\/span><b>information security officer<\/b><span style=\"font-weight: 400;\"> responsible for <\/span><b>coordinating and supervising the implementation of the above measures<\/b><span style=\"font-weight: 400;\">, who shall also act as a liaison between the organization and the national authorities.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Entities must notify any significant incident that affects the continuity of their services or information security. These notifications must be made within the deadlines established by law, prioritizing speed in order to contain possible impacts.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Control authorities (such as the National Cybersecurity Department and CSIRTs) will oversee the correct implementation of these measures.<\/span><\/p>\n<h2><b>Penalty regime<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The sanctioning regime proposed for this law classifies infractions as <\/span><b>very serious<\/b><span style=\"font-weight: 400;\">, <\/span><b>serious and minor<\/b><span style=\"font-weight: 400;\">, <\/span><b>with their respective sanctions<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<ul>\n<li aria-level=\"1\"><b>Very serious infractions:<\/b><span style=\"font-weight: 400;\"> Failure to implement critical cybersecurity risk management measures; failure to report a significant incident affecting the continuity of essential services; gross negligence resulting in significant risks to national security or the economy; failure to comply with authorities&#8217; requirements in relation to incidents or audits&#8230;<\/span><\/li>\n<li aria-level=\"1\"><b>Serious infractions:<\/b><span style=\"font-weight: 400;\"> Partial non-compliance with cybersecurity risk management measures; incomplete, erroneous or late notifications; resistance to cooperate with the competent authorities during investigations&#8230;<\/span><\/li>\n<li aria-level=\"1\"><b>Minor infractions:<\/b><span style=\"font-weight: 400;\"> minor deficiencies in the implementation of technical or organizational measures; delays in the designation of the Information Security Officer or its communication to the authorities&#8230;<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The applicable sanctions range from administrative fines to corrective measures or non-economic sanctions.<\/span><\/p>\n<ul>\n<li aria-level=\"1\"><b>Administrative fines:<\/b><\/li>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Very serious infractions:<\/b><span style=\"font-weight: 400;\"> Up to \u20ac10,000,000 or 2% of annual worldwide turnover (whichever is greater) for essential entities and up to \u20ac7,000,000 or 1.4% of annual worldwide turnover (whichever is greater) for major entities. *<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Serious infractions:<\/b><span style=\"font-weight: 400;\"> will be sanctioned with fines from 100,001 \u20ac to 500,000 \u20ac. *<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Minor infractions:<\/b><span style=\"font-weight: 400;\"> will be sanctioned with fines from 10,000 \u20ac to 100,000 \u20ac.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><i><span style=\"font-weight: 400;\">*<\/span><\/i> <i><span style=\"font-weight: 400;\">Very serious and serious infringements may be accompanied by an accessory sanction of a public warning in the \u201cOfficial State Gazette\u201d.<\/span><\/i><\/p>\n<ul>\n<li aria-level=\"1\"><b>Non-financial penalties:<\/b><span style=\"font-weight: 400;\"> From temporary suspension of the provision of services to exclusion from aid programs or public contracts.<\/span><\/li>\n<li aria-level=\"1\"><b>Corrective actions:<\/b><span style=\"font-weight: 400;\"> Continuous monitoring by authorities, mandatory safety audits or imposition of action plans to address specific deficiencies.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Violations committed by Public Sector entities will not be subject to administrative fines or non-financial sanctions, but they may be warned with corrective measures.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In addition, it should be noted that no personal financial penalties are established.<\/span><\/p>\n<h2><b>Conclusions<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The <\/span><b>Cybersecurity Coordination and Governance Law<\/b><span style=\"font-weight: 400;\">, derived from the standards established in the <\/span><b>European NIS2 Directive<\/b><span style=\"font-weight: 400;\">, represents an evolution with respect to the <\/span><b>NIS1 Directive<\/b><span style=\"font-weight: 400;\">, which, although it marked a milestone in the regulation of cybersecurity, left areas for improvement that are now addressed with an approach that is more adapted to the <\/span><b>constantly changing digital environment<\/b><span style=\"font-weight: 400;\">. In economic and practical application terms, it is estimated that this law <\/span><b>will cost approximately 2,250 million \u20ac<\/b><span style=\"font-weight: 400;\"> for the Spanish business fabric, <\/span><b>directly affecting almost 4,000 major entities and 1,819 essential entities<\/b><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Furthermore, with the creation of the <\/span><b>National Cybersecurity Center<\/b><span style=\"font-weight: 400;\"> as a single authority, the aim is to strengthen coordination and supervision, improving the response to cyberthreats both at national level and in the field of <\/span><b>international cooperation<\/b><span style=\"font-weight: 400;\">. In short, this law marks a crucial step forward in the governance of cybersecurity, strengthening the protection of strategic infrastructures and fostering a culture of digital security in a context of growing technological interdependence.<\/span><\/p>\n<h2><strong>Cybersecurity and compliance with InprOTech<\/strong><\/h2>\n<p>With the introduction of this new draft bill, <strong>it is crucial to be prepared<\/strong> for the changes that will directly impact the protection of systems and data. At <strong>InprOTech<\/strong>, we offer industrial cybersecurity consulting services to help your company comply with the new <strong>Cybersecurity Coordination and Governance Law<\/strong> and <strong>NIS2<\/strong> regulations. If you are interested, you can contact us by clicking <a href=\"https:\/\/inprotech.es\/en\/contact\/\">here<\/a>.<\/p>\n<p>In addition, our team of experts at <strong>Inprosec<\/strong> offers NIS2 audit services for companies in <strong>any sector<\/strong>. Click <a href=\"https:\/\/www.inprosec.com\/en\/contact\/\">here<\/a> and we will help you ensure compliance and protection of your critical assets.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On January 14, the Spanish government announced the approval of the preliminary draft of the new Spanish cybersecurity law, whose name was chosen as the \u201cCybersecurity Coordination and Governance Law\u201d. This law arises as a transposition of the Network and Information Security 2 Directive (NIS2), approved by the EU in 2022, and with the aim&#8230;<\/p>\n","protected":false},"author":1,"featured_media":2162,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[50,17],"tags":[],"class_list":["post-2158","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-strategic-consulting","category-techpapers-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How Does the NIS2 Regulation Affect Spain? - InprOTech<\/title>\n<meta name=\"description\" content=\"Find out how the NIS2 directive impacts Spain with the new Cybersecurity Law, strengthening digital protection and establishing the National Cybersecurity Center.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Does the NIS2 Regulation Affect Spain? - InprOTech\" \/>\n<meta property=\"og:description\" content=\"Find out how the NIS2 directive impacts Spain with the new Cybersecurity Law, strengthening digital protection and establishing the National Cybersecurity Center.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/\" \/>\n<meta property=\"og:site_name\" content=\"InprOTech\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-06T11:20:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-17T12:52:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/inprotech.es\/wp-content\/uploads\/2025\/02\/How-Does-the-NIS2-Regulation-Affect-Spain.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/inprotech.es\\\/#\\\/schema\\\/person\\\/cb0ae1292b18b48c1e89b0e4e7ef15d9\"},\"headline\":\"How Does the NIS2 Regulation Affect Spain?\",\"datePublished\":\"2025-02-06T11:20:41+00:00\",\"dateModified\":\"2025-02-17T12:52:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/\"},\"wordCount\":1353,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/inprotech.es\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/How-Does-the-NIS2-Regulation-Affect-Spain.png\",\"articleSection\":[\"Strategic Consulting\",\"Techpapers\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/\",\"url\":\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/\",\"name\":\"How Does the NIS2 Regulation Affect Spain? - InprOTech\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/inprotech.es\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/inprotech.es\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/How-Does-the-NIS2-Regulation-Affect-Spain.png\",\"datePublished\":\"2025-02-06T11:20:41+00:00\",\"dateModified\":\"2025-02-17T12:52:55+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/inprotech.es\\\/#\\\/schema\\\/person\\\/cb0ae1292b18b48c1e89b0e4e7ef15d9\"},\"description\":\"Find out how the NIS2 directive impacts Spain with the new Cybersecurity Law, strengthening digital protection and establishing the National Cybersecurity Center.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/inprotech.es\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/How-Does-the-NIS2-Regulation-Affect-Spain.png\",\"contentUrl\":\"https:\\\/\\\/inprotech.es\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/How-Does-the-NIS2-Regulation-Affect-Spain.png\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/inprotech.es\\\/en\\\/how-does-the-nis2-regulation-affect-spain-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/inprotech.es\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Does the NIS2 Regulation Affect Spain?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/inprotech.es\\\/#website\",\"url\":\"https:\\\/\\\/inprotech.es\\\/\",\"name\":\"InprOTech\",\"description\":\"The Cybersecurity Solution for the Industrial Environment\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/inprotech.es\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/inprotech.es\\\/#\\\/schema\\\/person\\\/cb0ae1292b18b48c1e89b0e4e7ef15d9\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d903daf71b546605502fd9841b9dc598cc8d3a04ee26680ca18eb3633e5209be?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d903daf71b546605502fd9841b9dc598cc8d3a04ee26680ca18eb3633e5209be?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d903daf71b546605502fd9841b9dc598cc8d3a04ee26680ca18eb3633e5209be?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/inprotech.es\"],\"url\":\"https:\\\/\\\/inprotech.es\\\/en\\\/author\\\/moon\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Does the NIS2 Regulation Affect Spain? - InprOTech","description":"Find out how the NIS2 directive impacts Spain with the new Cybersecurity Law, strengthening digital protection and establishing the National Cybersecurity Center.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/","og_locale":"en_US","og_type":"article","og_title":"How Does the NIS2 Regulation Affect Spain? - InprOTech","og_description":"Find out how the NIS2 directive impacts Spain with the new Cybersecurity Law, strengthening digital protection and establishing the National Cybersecurity Center.","og_url":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/","og_site_name":"InprOTech","article_published_time":"2025-02-06T11:20:41+00:00","article_modified_time":"2025-02-17T12:52:55+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/inprotech.es\/wp-content\/uploads\/2025\/02\/How-Does-the-NIS2-Regulation-Affect-Spain.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/#article","isPartOf":{"@id":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/"},"author":{"name":"admin","@id":"https:\/\/inprotech.es\/#\/schema\/person\/cb0ae1292b18b48c1e89b0e4e7ef15d9"},"headline":"How Does the NIS2 Regulation Affect Spain?","datePublished":"2025-02-06T11:20:41+00:00","dateModified":"2025-02-17T12:52:55+00:00","mainEntityOfPage":{"@id":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/"},"wordCount":1353,"commentCount":0,"image":{"@id":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/#primaryimage"},"thumbnailUrl":"https:\/\/inprotech.es\/wp-content\/uploads\/2025\/02\/How-Does-the-NIS2-Regulation-Affect-Spain.png","articleSection":["Strategic Consulting","Techpapers"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/","url":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/","name":"How Does the NIS2 Regulation Affect Spain? - InprOTech","isPartOf":{"@id":"https:\/\/inprotech.es\/#website"},"primaryImageOfPage":{"@id":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/#primaryimage"},"image":{"@id":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/#primaryimage"},"thumbnailUrl":"https:\/\/inprotech.es\/wp-content\/uploads\/2025\/02\/How-Does-the-NIS2-Regulation-Affect-Spain.png","datePublished":"2025-02-06T11:20:41+00:00","dateModified":"2025-02-17T12:52:55+00:00","author":{"@id":"https:\/\/inprotech.es\/#\/schema\/person\/cb0ae1292b18b48c1e89b0e4e7ef15d9"},"description":"Find out how the NIS2 directive impacts Spain with the new Cybersecurity Law, strengthening digital protection and establishing the National Cybersecurity Center.","breadcrumb":{"@id":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/#primaryimage","url":"https:\/\/inprotech.es\/wp-content\/uploads\/2025\/02\/How-Does-the-NIS2-Regulation-Affect-Spain.png","contentUrl":"https:\/\/inprotech.es\/wp-content\/uploads\/2025\/02\/How-Does-the-NIS2-Regulation-Affect-Spain.png","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/inprotech.es\/en\/how-does-the-nis2-regulation-affect-spain-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/inprotech.es\/en\/"},{"@type":"ListItem","position":2,"name":"How Does the NIS2 Regulation Affect Spain?"}]},{"@type":"WebSite","@id":"https:\/\/inprotech.es\/#website","url":"https:\/\/inprotech.es\/","name":"InprOTech","description":"The Cybersecurity Solution for the Industrial Environment","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/inprotech.es\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/inprotech.es\/#\/schema\/person\/cb0ae1292b18b48c1e89b0e4e7ef15d9","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d903daf71b546605502fd9841b9dc598cc8d3a04ee26680ca18eb3633e5209be?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d903daf71b546605502fd9841b9dc598cc8d3a04ee26680ca18eb3633e5209be?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d903daf71b546605502fd9841b9dc598cc8d3a04ee26680ca18eb3633e5209be?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/inprotech.es"],"url":"https:\/\/inprotech.es\/en\/author\/moon\/"}]}},"_links":{"self":[{"href":"https:\/\/inprotech.es\/en\/wp-json\/wp\/v2\/posts\/2158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/inprotech.es\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/inprotech.es\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/inprotech.es\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/inprotech.es\/en\/wp-json\/wp\/v2\/comments?post=2158"}],"version-history":[{"count":5,"href":"https:\/\/inprotech.es\/en\/wp-json\/wp\/v2\/posts\/2158\/revisions"}],"predecessor-version":[{"id":2213,"href":"https:\/\/inprotech.es\/en\/wp-json\/wp\/v2\/posts\/2158\/revisions\/2213"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/inprotech.es\/en\/wp-json\/wp\/v2\/media\/2162"}],"wp:attachment":[{"href":"https:\/\/inprotech.es\/en\/wp-json\/wp\/v2\/media?parent=2158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/inprotech.es\/en\/wp-json\/wp\/v2\/categories?post=2158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/inprotech.es\/en\/wp-json\/wp\/v2\/tags?post=2158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}