New Spanish guide on the notification and management of cyber-incidents

Spain goes one step further in network and information systems security by publishing a national guide on the notification and management of cyber-incidents - the first of its kind in Europe.

The document, which was recently approved by the National Cybersecurity Council, responds to Spanish companies' growing need for information regarding cybersecurity.

It should be noted that not only Public Administrations, but also organisations considered critical infrastructures or strategic operators within their field and / or operators of essential services or digital service providers under the terms of the Royal Decree 12/2018 on security in networks and information systems (transposing NIS Directive) and the Law 8/2011 on Critical Infrastructures ("Ley PIC") are obliged to inform the competent authorities about any cyber-incidents they suffer.

As well as the entities required to report cyber-incidents, this document is designed to be an essential reference guide in which every entity, public or private, citizen or agency can find a scheme and precise guidance about how and where to report a cybersecurity incident which has occurred within its sphere of influence.

The document also establishes a one-stop notification system and includes a classification of incidents by type (abusive content, harmful content, intrusive, fraudulent content, etc.) and catalogues them by hazard levels (critical, very high, high, medium or low), helping the analysis, containment and eradication of cyber-incidents.

In addition, this guide establishes how the incident opening process will be carried out and the interaction with the relevant CSIRTs (security incident response teams), detailing the minimum information which must be given to the competent authority and describing the different phases concerning the management of cyber-incidents (preparation, identification, containment, mitigation, recovery and post-incident actions).

In our opinion, this document - together with all existing cybersecurity regulations - will help Spain to have an increasingly effective framework for preventing and managing the threats and risks currently facing our systems and will provide our society with the security required by our institutions and economy.

You can consult the cyber incidents guide here (in Spanish).

Latest insights

More Insights
featured image

Germany: The insured event in the automotive product recall cost insurance

5 minutes Jul 03 2025

Read More
Security camera on blue background

NATO Summit 2025: What It Means for Defence Procurement and Tech Stakeholders

Jun 30 2025

Read More
Curiosity line teal background

Fragrance Trend Tracker: What the 2025 Fragrance Foundation Awards Tell Us About the Future of Scent

4 minutes Jun 26 2025

Read More