I. ANACOM approves Regulation no 303/2019 on the safety and integrity of electronic communications networks and services

On April 2nd , 2019, the regulation on the safety and integrity of networks and services, made by the National Communications Authority ("ANACOM") enters into force, following two public consultation procedures ("Regulation").

The Regulation dedicates particular attention to the integrity and security of networks, especially in emergencies cases, since communications infrastructures are essential to ensure the proper functioning of the most varied structures in exceptional situations.

Per the Regulation "the costs incurred by undertakings in fulfilling their obligations", as well as the emerging benefits, namely the "defense of the interests of citizens and, in particular, of users of networks and services, the support for the continuity of the provision of services relevant to society and citizens, the guaranteed access to emergency services and, in general, the promotion of development of the internal market by improving the reliability of networks and services, as well as those resulting from the prevention of security incidents and the disablement or minimization of their impact. "

The purpose of the Regulation is to establish:

i. the technical measures and the additional requirements to be fulfilled by undertakings providing public communications networks or publicly available electronic communications services in the field of security and integrity;

ii. the circumstances, format and procedures applicable to the reporting requirements of security breaches or loss of integrity of networks with significant impact on the functioning of networks and services by undertakings providing communications networks publicly available electronic communications services;

iii. the conditions under which undertakings offering public communications networks or publicly available electronic communications services should disclose to the public the security breaches or loss of integrity with a significant impact on the functioning of networks and services;

iv. the obligations to carry out audits on the safety of networks and services and to send their report by undertakings offering public communications networks or publicly available electronic communications services, as well as the requirements to which shall comply with the audits and requirements applicable to the auditing entities.

The Regulation also contemplates the appointment of a security officer and the adoption of a security policy in undertakings offering public communications networks or publicly available electronic communications services and the establishment of a Monitoring Committee of the implementation of the new rules, coordinated by ANACOM, integrating representatives of companies offering electronic communications services. 

This Regulation follows the latest legislative initiatives at European level, notably with the new European Communications Code and with the guidelines of ENISA (European Network and Information Security Agency).