Inês Antas de Barros is interviewed by Jornal de Negócios in a news article entitled ‘Managers Face Severe Penalties for Cybersecurity Failures’. The article addresses the implementation of the new Cybersecurity Legal Framework in Portugal, which transposes the European Union's NIS 2 Directive. This new regime holds administrators and managers directly responsible for cybersecurity failures, significantly increasing the penalties and expanding the range of organisations covered by the legislation.

Inês Antas de Barros points out that NIS 2 represents a fundamental change by making administrators directly responsible for cybersecurity offences, thus encouraging the rigorous application of the necessary measures. ‘Until now, the sanctioning framework wasn't very heavy, which prevented organisations from putting cybersecurity at the top of their priorities, when what we want is for cybersecurity to be in the DNA of organisations,’ says Inês Antas de Barros.

The VdA lawyer also discusses the impact of these changes on Portuguese companies, with special emphasis on small and medium-sized enterprises (SMEs), many of which are in the early stages of adopting cybersecurity practices. Inês Antas de Barros suggests that the authorities should initially adopt an educational approach to help organisations adapt effectively to the new requirements.

This new legal regime is an opportunity for companies to strengthen their cyber defences, but it will require a significant effort to adapt and invest, especially for those who are starting from scratch.

  • This news item is available here.