Legal impact on cybersecurity in 2025: new developments and challenges in the EU

eIDAS2 introduces more stringent requirements for user identification and authentication, with the aim of reducing the risks of fraud or identity theft when using electronic means. To this end, new trust services are incorporated, such as digital identity wallets (eWallets), and certain aspects related to the use of electronic time stamps are refined. Entities affected by eIDAS2 must assess their risks, analyze the compliance of the services they provide with the regulation’s requirements, and dedicate the necessary financial and human resources to its proper implementation.

National 5G network and service security scheme: a new paradigm

Royal Decree 443/2024 establishes the National 5G Network and Services Security Scheme (ENS5G) for Spain. Undeniably, 5G is a technology that has the potential to digitally transform key sectors such as medicine, transportation, logistics, and energy. However, the technical complexity of its architecture and the massive interconnection of devices and services in which a considerable number of companies and public institutions interact present significant cybersecurity risks.

Among the most notable new features, ENS5G requires operators, suppliers, and corporate users with their own 5G networks to identify and protect critical network elements, diversify their suppliers, and also submit periodic security reports to the Ministry for Digital Transformation. Actions to be implemented in the medium and long term include the continuous updating of risk analyses, the possible requirement for third-party certifications, and the conduct of periodic audits.