The NIS Directive was transposed in 2018 by Royal Decree-Law 12/2018 and updated in 2021 with Royal Decree 43/2021. This had no changes from requirements outlined in the NIS Directive. There have been no public announcements on NIS2 implementation made as of yet.
On 2 February 2023, the National Cybersecurity Council, a body that supports the National Security Council and chaired by Esperanza Casteleiro, Secretary of State-Director of the National Intelligence Centre, met and discussed the transposition of the NIS2 Directive.
On 15 March 2023, the National Cybersecurity Forum held its seventh plenary meeting. The Forum is part of Spain’s cybersecurity governance structure within the framework of the National Security System, together with the National Security Council and the National Cybersecurity Council, the Permanent Cybersecurity Commission, as well as the competent public authorities and the CSIRTs. Discussions with respect to upcoming work included an analysis of the NIS2 Directive and its transposition in Spain.