In early November, the Portuguese Government approved a new cybersecurity law that will come into effect in April. This law implements the NIS2 Directive (EU) 2022/2555, aiming to enhance digital resilience in the country and ensure compliance with European standards. It introduces significant penalties for non-compliance, including million-euro fines, and imposes stricter responsibilities on organizations to protect their digital infrastructure, thereby addressing reputational risks associated with cybersecurity breaches.