ANACOM will become the National Sectoral Authority for Cybersecurity

Following the publication in the Official Gazette of Decree-Law No. 125/2025https://diariodarepublica.pt/dr/detalhe/decreto-lei/125-2025-962603401 https://diariodarepublica.pt/dr/detalhe/decreto-lei/125-2025-962603401on 4 December, ANACOM will assume the duties and powers of the National Sectoral Authority for Cybersecurity. In this new capacity and within the scope of this law, ANACOM will become part of the institutional framework for cybersecurity with regard to electronic communications and postal services.

In this capacity, it plays an important role in managing and handling cybersecurity incidents in its sector, working in close coordination with Centro Nacional de Cibersegurança (CNCS - the National Cybersecurity Centre), to define incident notification, response and recovery procedures, and to share operational information necessary for preventing, detecting and mitigating cyber threats to electronic and postal communications services. This contributes to the sector's overall resilience and the protection of users.

ANACOM also participates in national cybersecurity governance at a strategic level, as part of the Higher Council for Cyberspace Security, a strategic coordination body that supports the Prime Minister on cybersecurity matters. In this context, ANACOM contributes to institutional coordination and the definition of national strategic guidelines in this area, thereby strengthening the coherence of the national response to risks and threats in cyberspace.

Decree-Law No. 125/2025, of 4 December, transposing the so-called NIS2 Directive, Directive (EU) 2022/2555 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022L2555 of the European Parliament and of the Council of 14 December, aimed at ensuring a high common level of cybersecurity across the Union, will enter into force within 120 days.

In addition to its new cybersecurity powers, it should be noted that ANACOM acts as the competent authority and coordinator of digital services in Portugal under the Digital Services Act. ANACOM has also been designated as one of the competent authorities for data intermediation services under the Data Governance Act. It is also one of the bodies responsible for supervising compliance with the obligations set out in European Union legislation protecting fundamental rights with regard to the use of high-risk artificial intelligence systems under the Artificial Intelligence Act. ANACOM also assumes the duties and powers of the Space Authority.