Compliance in the Portuguese Legal Order
The main compliance and accountability regimes applicable in Portugal, which frame the set-up and operation of the office.
For domestic and international organisations operating in Portugal, the office must address a set of regimes specific to the Portuguese legal order, articulated with European Union law.
| Area | Instrument | Authority |
|---|---|---|
| Data Protection | GDPR and Law 58/2019 | CNPD |
| Whistleblowing | Law 93/2021 (transposing Directive (EU) 2019/1937); mandatory from 50 employees | — |
| Anti-Corruption | General Regime, Decree-Law 109-E/2021, with a Risk Prevention Plan | MENAC |
| Anti-Money Laundering | Law 83/2017 and the duties of obliged entities | Banco de Portugal · CMVM |
| Cybersecurity | NIS2 — Decree-Law 125/2025 (MyCiber platform) | CNCS |
| Governance and Accountability | Three-lines-of-defence model, internal control and accountability to the management body | — |