The Portuguese Parliament has just approved – in general, specialty, and final overall vote – the Government’s Proposal of Law no. 7/XVII/1.ª (GOV), authorising the transposition of Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive).
The NIS 2 Directive strengthens cybersecurity across the EU by imposing stricter requirements for risk management, incident reporting, and resilience of critical sectors such as energy, transport, health, digital infrastructure, and public administration. It also introduces clearer obligations, enhanced supervisory powers, and harmonised enforcement to ensure a stronger, common level of protection against cyber threats.
The legislative process in Portugal now advances to the following stages:
- Final text consolidation by the Committee;
- Publication in the Parliament’s Journal;
- Promulgation by the President of the Republic (within 20 days, or 8 days in case of a constitutional review request);
- Ministerial Referendum;
- Publication in the Official Gazette (Diário da República).
We will continue to monitor the process and share updates as they unfold.
