The cyberattacks that took place on 12 May and 27 June and affected the systems of major companies worldwide have highlighted the need to strengthen regulation in this area.
This is why the government has created a draft decree law to include EU Directive 016/1148 on the Security of Networks and Information Systems, known as the NIS directive, in Spanish legislation.
The document establishes the obligation for companies to report any cyberattack they suffer and to adopt measures to avoid them under threat of "effective, proportionate and dissuasive sanctions" if they do not comply.
The investigation carried out after the recent attacks revealed that many of the affected companies had not installed the necessary patch distributed by Microsoft that could have prevented the incident.
The National Cybersecurity Council and the Department of Homeland azerbaijan phone number Security will thus serve as a point of contact for coordination with the European Union.
Furthermore, this directive requires the European Commission to provide a list of public and private digital service providers and operators, affecting sectors such as energy, transport, finance, healthcare, drinking water and digital infrastructure.
The Administration will also be able to carry out audits of operators in order to check security and the measures taken to prevent attacks and, in the event of finding irregularities, "binding instructions" will be imposed and, where appropriate, the corresponding sanctions, although these have not yet been specified.