Cybersecurity compliance

NIS2 and MyCiber support for companies

Regulation no. 756/2026, the Portuguese Cybersecurity Legal Framework, and the MyCiber platform raise a practical question for many companies: what should we do now? eluis.pt helps organise information, prepare registration, map assets, and turn cybersecurity obligations into clear technical next steps.

First step: understand whether registration applies

The first task is not to install random tools. It is to understand whether the company's activity, size, sector, and context place it within the scope of the Portuguese cybersecurity regime, and to prepare the information needed for MyCiber registration.

  • Review the company's concrete situation
  • Organise data needed for registration
  • Support the legal representative or authorised person
  • Prepare questions before contacting the competent authority

Deadlines that should not be ignored

According to information published by CNCS, MyCiber availability activates relevant deadlines: 30 or 60 business days for identification and registration depending on when the entity started activity, 20 business days to communicate the cybersecurity responsible person and permanent contact point after final qualification, and 24 hours for initial notification of significant incidents.

From registration to technical preparation

After the response and qualification that applies to the concrete case, the company can prepare asset inventories, publicly accessible asset lists, incident notification processes, evidence, technical measures, and a realistic improvement plan.

  • Inventory and list of Internet-exposed assets
  • Cybersecurity responsible person and contact point
  • Incident notification and logging workflow
  • Measures, evidence, and follow-up plan

What eluis.pt can do

This is technical and organisational support. It does not replace legal advice, a decision by the competent authority, or official interpretation. It helps the company approach the process with data, better questions, identified assets, and a clearer execution path.

Frequently asked questions

Is MyCiber registration the first thing to do?

For covered entities, registration is the operational starting point. After the response and qualification that applies to the concrete case, it becomes clearer which technical and organisational obligations should be prepared.

Does eluis.pt provide legal advice?

No. eluis.pt can help organise technical information, assets, processes, and evidence. Legal questions should be validated with a lawyer or the competent authority.

Is this only for large companies?

Not necessarily. The regime covers specific sectors and entities, including essential, important, and relevant public entities. The review should start with sector, size, activity, and the qualification received.

What data should we prepare?

It usually makes sense to gather entity details, the legal representative or authorised person, permanent contacts, services provided, critical systems, suppliers, Internet-facing assets, and any existing incident or security processes.

Tell us about your project.

Need a homepage, web application, online store, automation, integration, or AI solution? Talk to eluis.pt and explain what you want to create.

The data submitted will only be used to respond to your contact request.