Governance - Spain

The Spanish Ministry of Economic Affairs and Digital Transformation (MAETD) is the current ministerial department entitled to conduct the proposal and execution of national government policy regarding economic affairs and reforms to improve competitiveness, telecommunications and information society. The ministry also proposes the government policy for digital transformation and the development and promotion of AI following Royal Decree No. 2/2020 of 12 January 2020, which restructured the ministerial departments.  

The detailed structure and functions of this ministry were set out in Royal Decree No. 403/2020. 

Nadia María Calviño Santamaría First Vice President of the Government and Minister of Economic Affairs and Digital Transformation   Source: http://www.mineco.gob.es/

Carme Artigas Brugal Secretary of State for Digitisation and Artificial Intelligence   Source: http://www.mineco.gob.es/

Roberto Sanchez Secretary of State for Telecommunications and Digital Infrastructures   Source: http://www.mineco.gob.es/

Juan Jesús Torres Carbonell General Secretary of Digital Administration   Source: http://www.mineco.gob.es/

The Commission for ICT Strategy approved by Royal Decree No 806/2014 of 19 September 2014, on the organisation and operational instruments for ICT at the State General Administration, is an inter-ministerial body comprised of senior officials, mainly undersecretaries, representing all ministries and the central administration. Its main goal is to ensure the appropriate use of ICT resources based on strategic lines in order to improve the delivery of public services to citizens. It is tasked with the preparation, design and development of the eGovernment strategy and ICT policy.  

The Ministerial Committees for Digital Government are responsible for promoting digital governance in public administration. Royal Decree No. 806/2014 of 19 September establishes that each ministerial department features a Ministerial Commission for Digital Administration (CMAD) with the purpose of developing the action plan for the digital transformation of the ministry.  

The National Cybersecurity Council helps the National Security Council with its tasks and duties, particularly by helping the Spanish Prime Minister manage and coordinate the National Security Policy in the field of cybersecurity. The main functions and activities are stated in Decree PRA/33/2018, which sets out the Agreement of the National Security Council regulating the National Cybersecurity Council.  

Its main functions are the following: 

• Proposing to the National Security Council the guidelines on planning and coordinating the National Security Policy related to cybersecurity; 

• Contributing to strengthening the proper functioning of the National Security System in the field of cybersecurity, whose supervision and coordination falls under the scope of the National Security Council; and 

• Strengthening the relations with the concerned public administration bodies in the field of cybersecurity, as well as the coordination, collaboration and cooperation between the public and private sectors.  

Law No. 40/2015 of 1 October 2015 on the Legal Regime of the Public Sector (BOE-A-2015-10566), established the Sectorial Commission of eGovernment as a technical cooperation body of the General State Administration, the Administration Bodies of the Regional Governments and Local Entities in matters of electronic administration. Universities also take part in this Commission through the CRUE-TIC representatives. 

Its main functions are to:  

• Ensure the compatibility and interoperability of systems and applications used by public administrations; 

• Promote the development of electronic administration in Spain; and 

• Ensure cooperation between public administrations to provide clear, updated and unequivocal administrative information.  

The National Centre for Infrastructure Protection and Cybersecurity (CNPIC) is the responsible body for the promotion, coordination and supervision of all policies and activities related to the protection of critical infrastructures and cybersecurity under the authority of the Ministry of the Interior. The CNPIC is accountable before the Secretary of State of Security.  

The CNPIC was created in 2007 under the Agreement of the Council of Ministers of 2 November 2007. Its competences are regulated by Law No. 8/2011 of 28 April 2011, by which the measures for Critical Infrastructure Protection (CIP) are established, and by Royal Decree No. 704/2011 of 20 May 2011, by which the Regulation on critical infrastructure protection was adopted.  

In addition, the Council of Ministers’ Agreement of 15 February 2019 established the Cybersecurity Operations Centre for the general State administration. This Centre aims to improve the prevention, detection and response to cyberattacks and incidents.  

The Committee for Social Security Digital Strategy has been created with the objective of coordinating the digital transformation initiatives within the State Secretariat of Social Security. As part of its responsibilities, the Committee developed an action plan for the digital transformation of the State Secretariat, in order to comply with Laws No. 39/2015 and No. 40/2015. The plan provided for initiatives in specific areas such as: digital notifications; authorisation of representatives; public servant registry; normalisation of administrative procedures; electronic registry and organisational change management.  

The Secretary of State for Digitisation and Artificial Intelligence aims to promote the digital transformation of society, in order to achieve a prosperous, safe, reliable, inclusive growth respecting the rights of citizens, as well as the digital transformation of public administration bodies through the Secretariat-General for Digital Administration.  

Article 8 of Royal Decree No. 403/2020 includes the detailed functions and organisation of the Secretary of State. The Secretariat of State fulfils the functions of promoting and regulating digital services and the digital economy and society, engaging in dialogue with the professional, industrial and academic sectors, encouraging the digitisation of the public sector, as well as coordinating and cooperating with ministries and other public administrations on these matters. In also fulfils the functions of Chief Data Officer. 

The Secretary of State for Telecommunications and Digital Infrastructure is responsible for the promotion and the regulation of the telecommunications and audio-visual services sectors and the Information Society. Moreover, it deals with the professional, industrial and academic sectors, and inter-ministerial coordination and cooperation with other public administrations on these matters. It includes regulation and coordination with European and international programmes to promote the regulation, standardisation and certification of digital and telecommunications infrastructures.  

Article 10 of Royal Decree No. 403/2020 includes the detailed functions and organisation of the Secretary of State. 

The Secretariat-General for Digital Administration (SGAD), having the rank of Undersecretary, is a governing body under the authority of the Secretary of State for Digitisation and Artificial Intelligence. It is responsible for the management, coordination and performance of the powers attributed to the department in the field of digital transformation of administration, including the technical development and application of Law No. 39/2015 of 1 October 2015 on the Common Administrative Procedure of Public Administrations and Law No. 40/2015 of 1 October 2013 and its regulatory rules regarding the electronic operation and functioning of the public sector.  

It also has the competence for national security and interoperability schemes, the rationalisation of information and communication technologies within the General State Administration and its public bodies, the management of the Cybersecurity Operations Centre and the definition of common digital means and services, including those declared as shared and, where appropriate, their provision, operation and management for the general government as a whole. 

Moreover, in coordination with the other ministerial departments, it is responsible for the implementation of all actions arising from the action plans for the implementation of national and international strategies in the area of digital transformation.  

In July 2020, the Ministry of Economic Affairs and Digital Transformation established the Artificial Intelligence Advisory Council whose objectives are:

• To advise and inform the Secretary of State for AI and Digital in the proposal and execution of the Governments policy on Artificial Intelligence;
• To evaluate observations and comments, as well as to formulate proposals on the National Artificial Intelligence Strategy, in order to draw conclusions that will allow the approval of new versions of the Strategy;
• To advise on the evaluation of the impact of Artificial Intelligence on the industry, administration and society.

In line with the National Security Strategy and the Cybersecurity Strategy, on 15 February 2019, the Council of Ministers adopted an agreement to create the Cybersecurity Operations Centre for the General State Administration with the objective of providing cybersecurity services and improving response capacity in case of any attack.  

Furthermore, the agreement signed by the Secretariat-General for Digital Administration (SGAD) and the National Cryptologic Centre contributed to the creation of the Cybersecurity Operations Centre (Official Gazette, 1 January 2019).  

The National Cryptologic Centre (CCN) is part of the National Intelligence Centre (CNI). It was set up in 2002 to guarantee ICT security in different public administration entities and security for systems that process, store or send out classified information. 

The CCN-CERT is the Information Security Incident Response Capacity of the National Cryptologic Centre, CCN, attached to the National Intelligence Centre, CNI. This service was created in 2006. The Spanish National Government CERT and its functions are set out in Law No. 11/2002 regulating the CNI; Royal Decree No. 421/2004 regulating the CCN, and in Royal Decree No. 311/2022 of 3 May 2022 regulating of the National Security Framework (ENS). 

The functions of the CCN-CERT are listed in Chapter IV of Royal Decree No. 311/2022 of 3 May 2022. Its mission is to contribute to the improvement of Spanish cybersecurity, being the national alert and response centre that cooperates and helps to respond quickly and efficiently to cyber-attacks and to actively address cyber threats, including coordination at the State level of the different incident response capabilities or existing cybersecurity operations centres according to Royal Decree-Law No. 12/2018. 

The FNMT–RCM (Fábrica Nacional de Moneda y Timbre) is the public entity which, in the field of eGovernment, develops its activities as a Qualified Trust Service Provider according to Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market.  

In February 2019, the Ministry of Finance formalised an agreement with the FNMT–RCM to provide trust services to the general State administration, and continuing the work first started in the late 1990s. This agreement included the following trust services: 

• Electronic signature (natural persons, legal persons); 

• Electronic seal; 

• Website authentication; and 

• Qualified electronic time stamps.  

Currently, the number of active electronic certificates exceeds eight million. The FNMT-RCM processes more than 166 million validations each month and issues more than 17 million time stamps each month.  

The Court of Auditors is tasked with controlling the collection and use of public funds. In addition, it performs a jurisdictional function which entails auditing the entities tasked with handling public funds and goods. 

The Data Protection Agency (AEPD) is the public law authority overseeing compliance with legal provisions on the protection of personal data. As such, it enjoys absolute autonomy from public administration. It undertakes actions specifically aimed at enhancing citizens' capacity to effectively contribute to such protection.  

Regional eGovernment initiatives are led and coordinated by the respective Autonomous Communities where a specific body, department, or entity is usually in charge of coordination.  

The actor for each regional government can be checked in the list of members in the Sectorial Commission for eGovernment. 

The Spanish Federation of Municipalities and Provinces (FEMP) is a Spanish association of local entities that groups municipalities, provincial councils, and island councils. It promotes the development of digital transformation, among other issues, in local entities and it takes part in the Sectorial Commission of eGovernment.  

Law No. 40/2015 of 1 October 2015 on the Legal Regime of the Public Sector (BOE-A-2015-10566), established the Sectorial Commission of eGovernment as a technical cooperation body of the State administration, the administration bodies of the regional governments and local entities in matters of electronic administration. Universities also take part in this Commission through CRUE-TIC representatives. 

Its main functions are to: 

• Ensure the compatibility and interoperability of systems and applications used by public administrations; 

• Promote the development of electronic administration in Spain; and 

• Ensure cooperation between public administrations to provide clear, updated and unequivocal administrative information.