On 14 January, the Spanish Cabinet approved the draft of the Cybersecurity Coordination and Governance Act, a collaborative initiative from the Ministries of the Interior, Defence, and Digital Transformation and the Civil Service.
This draft bill, which transposes Directive (EU) 2022/2555 of the European Parliament and of the Council (commonly known as NIS2), seeks to enhance the protection of networks and information systems against cyber threats that could significantly impact the operation of critical infrastructures and essential services.
The regulations will apply to both public and private organisations operating in sectors such as energy, transport, banking, healthcare, water management, digital infrastructure, and technology services, among others.
The draft bill is currently in the urgent processing phase, during which mandatory reports from various organisations, including the opinion of the Cabinet Office of the Spanish State, will be gathered. Once this process is completed, the text will be submitted to the bicameral Spanish Parliament for debate and final approval.
For domain name registrars, such as Red.es through Dominios.es, this law is particularly significant as it establishes obligations for entities that manage digital infrastructures. These organisations must conduct individualised risk assessments, implement measures to ensure the security of their information systems, and report any significant incidents that impact their operations or services.
The enactment of this law marks a significant step towards building a more secure and resilient digital environment in Spain, enhancing trust in digital services and safeguarding both organisations and end users.
With the inclusion of national registries within the scope of NIS2, Dominios.es takes on new responsibilities in the realm of cybersecurity, given its strategic importance in ensuring the stability of the digital ecosystem.
At the same time, the new European directive requires service providers, such as Red.es, which has a network of 105 companies accredited as Domain.es Registrar Agents, to implement advanced risk management measures, monitoring systems, and cyber incident notification protocols. These actions are crucial to protect both end users and the companies whose operations rely on this digital infrastructure.
The implementation of NIS2 in Spain will strengthen the security of critical strategic services, positioning Dominios.es as a key player in protecting the country’s digital identity and building trust in the technology sector.
For more information, please refer to the references from the Cabinet.