Portugal (PT)

National Cyber Security Strategy

The National Cybersecurity Center was established by Decree-Law Nº 69/2014 (May 9th), since October 2014, with de following mains objectives:

“Define a clear prevention strategy, based on the awareness and education of organizations and individuals for cybersecurity issues, thus contributing for the establishment of a common knowledge community on such issues.”

“Implement policies and processes leading to the anticipation, detection, response and recovering from incidents or cyber-attacks threatening the normal operation of state institutions, critical infrastructures or other national interests, in general.”

These are the objectives states in the Cyberspace Security Strategy by the Portugal Government:

a) To promote awareness, free, safe and efficient use of cyberspace; 

b) To protect fundamental rights, freedom of expression, personal data and the privacy of citizens; 

c) To strengthen and guarantee the security of cyberspace, of critical infrastructures and of vital national services; 

d) To affirm cyberspace as a place for economic growth and innovation.


Current status: National Cyber Security Strategy



Year of adoption 2014
Updates and revisions


Implementation and monitoring

Portugal has not developed a comprehensive legal and policy framework for cybersecurity, and its cybersecurity strategy has not been elaborated. 

Legal conditions

Decree-Law Nº 69/2014 (May 9th)

The Act for National Security and the Safeguarding and Defence of Classified Material (SEGNAC 1) 1988 requires all information that is that is subject to national or civil security considerations be classified. The four-tiered classification system used is outlined in Chapter 2 of the act, SEGNAC 2 1989. Two other laws, SEGNAC 3 1994 and SEGNAC 4 1990, provide further classification requirements for information regarding industrial security, telecommunications, and computer security

Operational capabilities The country does have a national computer emergency response team, CERT-PT, and the National Centre for Cybersecurity. The latter was established by the National Security Authority and is tasked with liaising with the private sector on cybersecurity incidents.
Public private partnerships

There is no defined public-private partnership for cybersecurity in Portugal, however, the National Centre for Cybersecurity is tasked with liaising with the private sector in the course of its duties.

Sector specific cyber security plans


Risk assessment plan The collection of Acts of National Security and the Safeguarding and Defence of Classified Material (SEGNACs) map security requires to assigned classification levels. These levels are set out in SEGNAC 1 and are assigned according to the level of risk involved in disclosing the classified information.
Progress measures

No information currently available.

Date of last analysis May 2015




Current status: NIS Directive and national CERTs/CSIRTs

Computer security incident response teams (CSIRTs)

National Cybersecurity Center: https://www.gns.gov.pt/new-ciberseguranca.aspx

Centro National De Ciberseguranca (CERT-PT) http://www.cncs.gov.pt

Best practices:


Monitoring system

No information currently available.

Report an incident

The National Security Office (GNS) operates within a clear organisational structure — however, there is no discrete incident management structure for responding to cybersecurity incidents


CNCS/CERT.PT: http://www.cncs.gov.pt/cert-pt-2/incident-handling-coordination/index.html



Date inserted July 2016


Contact us for more info