Start of main content

The current process of accelerated digitalization of our societies has brought with it a growing and extensive regulation aimed at meeting the new security challenges that arise as we adapt to the new digital environment. In this context, cybersecurity has become a global risk that entails the progressive establishment of a regulatory framework at both European and national level.

Many companies are subject to regulatory compliance as operators of essential services and as digital service providers. In addition, there is also the importance of regulating aspects such as digital identity or the prosecution of online fraud. Regarding these matters and many other more disruptive ones, such as Artificial Intelligence, specific legal advice is necessary to avoid unfavorable legal consequences or liabilities of all kinds.

Therefore, at Andersen we provide a comprehensive service of legal advice on cybersecurity, with a fully specialized team that offers rigorous, cross-cutting and updated advice. We advise on digital security in order to protect companies, support their digital transformation processes and avoid or mitigate possible unfavorable legal consequences or liabilities of all kinds.


  • Legal advice on compliance with the regulatory framework for cybersecurity (NIS SCOPE)

  • Legal advice on the regulatory framework for critical infrastructures.

  • Legal advice on digital identity and digital trust, in accordance with the eIDAS Regulation.

  • Expertise in criminal proceedings for online fraud requiring procedural expertise

  • Legal advice on disruptive matters such as AI, and others that do not yet have a complete regulatory framework in place

  • Cybersecurity Governance: legal risk analysis, self-assessment and constant improvement of cybersecurity protocols implemented by the Client, as well as drafting of internal policies on digital security.

  • Incident management.  Legal design and implementation of Security Incident Response Plans (IRP) and incident management during its different phases (Identification and classification, Governance, Containment, Mitigation and Notification), as well as post-incident actions.

  • Cyber Crisis Management: legal support in crisis management, training of response teams in coordination with the CISO and permanent communication with the competent authorities in accordance with NIS.

  • Coordination with suppliers: Collaboration and coordination with the different suppliers contracted by the Client for incident management (i.e. IT forensic suppliers).


No results were found.


End of main content