ImplementedNIS2
NIS2 in Portugal
Portugal transposed NIS2 through Decreto-Lei n.º 65/2024. GNS coordinates standards, with CNCS coordinating incident response.
Transposition law
Decreto-Lei n.º 65/2024
In force
17 October 2024
Competent authority
Gabinete Nacional de Segurança (GNS) / CNCS
Max fine (Essential)
€10 million or 2% of global annual turnover
Max fine (Important)
€7 million or 1.4% of global annual turnover
Full enforcement
October 2024
Key Deadlines
Law in force
17 October 2024
Competent Authority
Gabinete Nacional de Segurança (GNS) / CNCS
Lead authority for cybersecurity certification and oversight
https://www.cncs.gov.pt ↗Portugal promotes national compliance campaigns, setting detailed guidelines for business continuity and disaster recovery plans.
Registration Process
Register via the secure portal at cncs.gov.pt using valid institutional credentials.
📊 Quick Test
Check NIS2 Scope →Find out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Self-registration via the CNCS cybersecurity portal
- 2Maintain robust business continuity designs
- 324-hour preliminary incident warning to CNCS
National Additions
★Portugal implements strong certification protocols for public sector cloud hosting procurement
FAQ: NIS2 in Portugal
What role does CNCS play?
CNCS acts as the operational national CSIRT, managing the reporting portal and coordinating response.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.