Search
Search
Ministerio del Interior CNPIC

The CNPIC, formerly known as CNPREC, will be the central focus for the protection and resilience of critical entities.

IMG_4179
IMG_4179

The National Center for Critical Infrastructure Protection (CNPIC) plays a leading role in the implementation of the new Law on Protection and Resilience of Critical Entities (CER), approved by the Council of Ministers at the proposal of the Ministry of the Interior.

This regulation will incorporate the most recent European directive into Spanish law, strengthening the protection of entities that are essential to the social and economic functioning of the country.

New powers and framework for action

The CNPIC, under the authority of the Secretary of State for Security, becomes the National Center for the Protection and Resilience of Critical Entities (CNPREC). This new name reflects its expanded mission as a national reference point and single point of contact for cross-border cooperation in the European Union.

The law aims to ensure the continuity of essential services provided by critical entities in strategic sectors such as energy, transport, health, water, public administration, food production and distribution, the nuclear industry, research facilities, and private security, among others.

 

Measures and responsibilities

The draft bill establishes a planning system structured around the National Strategy for the Protection and Resilience of Critical Entities and the National Threat and Risk Assessment, both developed and approved by the Secretary of State for Security.

Critical entities must develop resilience plans, appoint a security and resilience officer as a point of contact with the CNPREC, and report any incidents that may affect the provision of essential services. Likewise, the National Commission for the Protection and Resilience of Critical Entities and the Interdepartmental Working Group are created, collegiate bodies attached to the Secretariat of State for Security, responsible for approving sectoral strategic plans and collaborating in the identification of critical entities.

Scope of application

As stated in the draft bill, the regulation will apply to all critical entities located in the national territory, except those belonging to the banking sector, financial markets, and digital infrastructures, which are expressly excluded in those aspects already regulated by specific sectoral regulations, such as the DORA Regulation or the NIS2 Directive.

The exact scope of this exclusion and its compatibility with current regulations is currently under review and regulatory development. Therefore, studies are underway to determine how the exclusion will ultimately apply to specific entities in the digital sector and whether it will affect all their activities or only those already covered by other specific regulations.

Urgent processing

The Council of Ministers has agreed to fast-track the draft bill, which means cutting the deadlines for the departments involved to issue reports in half.

CNPIC commitment

The CNPIC reinforces its commitment to the protection and resilience of critical entities, guaranteeing the security and continuity of essential services for Spanish society. The center will closely monitor regulatory developments and actively collaborate in the clarification and practical articulation of the regulation, ensuring the most appropriate legal framework for the protection of the country's essential infrastructure.