Royal Decree 43/2021, regulates the security of networks and information systems used for the provision of essential services and digital services. RD 43/2021 was published in the Official State Bulletin on 28 January and came into effect on 29 January.
To date, this area had been regulated by (i) Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union; and (ii) Royal Decree-law 12/2018, of 7 September, concerning the security of networks and information systems, which was responsible for the transposition into Spanish law of the aforementioned NIS Directive.
The entire content of the Legal Briefing can be found in the PDF.