The Cybersecurity Law Code has new updates that will influence the future of cybersecurity in Spain, so today we'll explain what these innovations entail.

What is the Cybersecurity Law Code?

The Cybersecurity Law Code is a compilation of relevant Spanish regulations on cybersecurity, brought together in a single document accessible through the Official State Gazette (BOE). 

This facilitates not only consultation but also the interrelationship between all the regulations, as it includes not only laws but also Decrees and Orders—regulations that often go unnoticed but are equally relevant in shaping Spanish cybersecurity legislation.

✅ Current situation: The code was updated and consolidated with validity until December 30, 2025, meaning it includes all regulations in force up to that date.

Key updates include:
The Code reflects the impact and interaction of other relevant European cybersecurity frameworks, such as the Digital Operational Resilience Act (DORA), which regulates operational resilience requirements for the financial sector, and the Cyber Resilience Act, which establishes security requirements for products with digital elements.

The Code not only compiles laws but also references key national strategies, such as:
The National Security Strategy 2021, which positions cybersecurity as a priority within the National Security System.

Governance plans and projects, such as the planned creation of a National Cybersecurity Center to coordinate efforts between government agencies and the private sector.
While the Cybersecurity Law Code itself does not introduce new regulations, it does reflect the most significant transformations in the Spanish legal environment, including the following key developments:

✅ Increased risk management requirements and active supervision.
✅ Expansion of the group of entities subject to security requirements.
✅ Mandatory incident reporting and stricter regulatory oversight. 
✅ Senior management responsibility for cybersecurity.

These requirements derive primarily from European regulations (NIS2, DORA, etc.), which the Code incorporates and organizes for reference.