Introduction
For MSPs and their clients Spain is entering a new era of cybersecurity. The strict directive NIS2 from the EU formalises in law work that has previously been done in the background. MSPs with the right platforms and processes can now secure client environments, meet compliance, and grow their businesses.
A framework ready to use
Spanish organizations are in a strong position thanks to the Esquema Nacional de Seguridad (ENS) — the national cybersecurity framework that already aligns with NIS2. This sets out the core requirements for cyber security and quickly provides a path to NIS2 compliance.
Businesses need support on the basics while compliance regulations increase
- Cyber security challenges
- Many Spanish companies are still stuck in beginner or formative stages of cybersecurity readiness (only 18% are progressive or mature, per Cisco 2025)
- The number of Spanish businesses with networks that are ready is down to 24% of Spanish businesses are network ready in 2025 vs 26% in 2024).
- Compliance requirements from MSPs and IT teams
- ENS, NIS2, and ISO27001
To support clients effectively, MSPs must understand where the standards overlap and how to address them collectively.
Solving Spain’s cyber compliance standards – how to meet them all
Each standard has slightly different requirements, yet there is much commonality.
- ENS (Esquema Nacional de Seguridad) is Spain’s mandatory framework, covering public sector entities and key private operators.
- The EU’s NIS2 Directive raises the bar on cybersecurity risk management, incident reporting, and governance across critical sectors. This aligns to Spain’s national cyber security strategy.
- ISO/IEC 27001 offers the internationally recognized information security management framework that many Spanish companies already adopt.
- Spain’s Centro Criptológico Nacional (CCN) has published the PCE-NIS2 profile (CCN-STIC 892), mapping NIS2’s 10 security measures to ENS’s 73 controls — providing a clear path to NIS2 compliance.
The challenge for MSPs and IT Teams
How to deliver value and security as well as regulatory compliance
- Support multiple risk assessments
- Report for multiple policies and controls
- Manage compliance tracking and reporting for each and all
- Compliance resource is scarce and costly
For MSPs and IT teams this is more paperwork than technology work.
How Lupasafe can help MSPs and clients improve security and compliance
Lupasafe automates both the data gathering and the reporting, for people and technology.
- Unified data governance model — one approach for ENS, NIS2, and ISO27001
- Automated risk analysis and reporting — no more manual crosswalks
- Continuous monitoring — real-time insights across people, technology, and processes
“2–3 weeks saved per client” — MSPs tells us Lupasafe provides much faster compliance, lower costs, and scalable delivery
With Lupasafe, MSPs is leading clients through compliance challenges and stand out as trusted advisors.
Conclusion: For MSPs, automation speeds up value for clients in terms of security, reporting, and compliance.
Spanish organizations have a unique compliance opportunity: leverage ENS + ISO27001 to meet NIS2 obligations efficiently. Using automation and a holistic cyber monitoring approach provides clarity, saves time, and deliver continuous security and compliance.
