The Comisión Nacional de los Mercados y la Competencia (CNMC) has analyzed a draft Royal Decree focused on the security and resilience of electronic communications networks and certain digital infrastructures. This initiative, submitted by the Secretary of State for Telecommunications and Digital Infrastructures, aims to strengthen the security of telecommunications networks to ensure their functionality during severe situations such as natural disasters, cyberattacks, or power outages.

The proposed regulations impose obligations on telecommunications operators and the digital infrastructures that support them, including data centers and internet exchange points. These operators are required to manage risks effectively, plan preventive measures, prepare contingency plans, and promptly report incidents affecting their services.

To enhance preparedness for incidents, the proposal mandates that operators develop specific plans to prevent and respond to service interruptions. It also introduces requirements to ensure the continuity of emergency communications, such as calls to emergency services. Key measures include ensuring certain infrastructures have a minimum energy autonomy to function for several hours during power outages and establishing protocols to prioritize specific types of traffic in crisis situations.

This initiative follows recent incidents that tested the resilience of communication networks, including a severe weather event in October 2024 and a power outage in April 2025, which caused significant disruptions in telecommunications services.

The CNMC positively assesses the draft's reinforcement of the security framework for the sector and acknowledges the essential nature of telecommunications networks and services during emergencies. However, it recommends improving the coherence of the new framework with national and European regulations, particularly concerning the upcoming transposition of the NIS2 Directive and the CER Directive, to avoid regulatory overlaps.

Additionally, the CNMC suggests reviewing certain aspects of the regulation's design, such as the thresholds for obligated operators and the scope of obligations for specific digital infrastructures, which could duplicate existing requirements. It also proposes a phased implementation of technical measures, especially regarding energy autonomy for mobile networks, prioritizing more cost-effective technological solutions in certain areas.

Finally, the CNMC emphasizes the importance of reinforcing the security and resilience of communication networks to ensure the continuity of essential services for citizens, businesses, and public administrations, particularly in emergency situations. It also highlights the need to designate a specific authority in Spain to handle cybersecurity functions related to cross-border electricity flows, as the CNMC is currently performing these duties temporarily.