{"id":2972,"date":"2026-01-20T16:54:14","date_gmt":"2026-01-20T16:54:14","guid":{"rendered":"https:\/\/beyondlegal.pt\/?p=2972"},"modified":"2026-01-20T17:00:37","modified_gmt":"2026-01-20T17:00:37","slug":"plano-acao-estrategia-digital-nacional-agenda-inteligencia-artificial","status":"publish","type":"post","link":"https:\/\/beyondlegal.pt\/en\/plano-acao-estrategia-digital-nacional-agenda-inteligencia-artificial\/","title":{"rendered":"National Digital Strategy Action Plan for 2026\u20132027 and National Artificial Intelligence Agenda for 2026\u20132030"},"content":{"rendered":"<h3>National Digital Strategy Action Plan for 2026\u20132027 and National Artificial Intelligence Agenda for 2026\u20132030<\/h3>\n<p><strong>Concrete legal impacts for directors and investors<\/strong><\/p>\n<p><strong>I. Object and scope<\/strong><\/p>\n<p>This information aims to identify, from a strictly legal and operational perspective, the concrete impacts arising from the approval of the National Digital Strategy Action Plan 2026\u20132027 and the National Artificial Intelligence Agenda 2026\u20132030, with particular focus on directors\u2019 duties and risk assessment by institutional investors, private equity, venture capital and lenders.<\/p>\n<p><strong>II. Legal nature of the instruments and their practical normative value<\/strong><\/p>\n<p>Both instruments constitute public policy acts approved by Resolution of the Council of Ministers and do not create direct legal obligations for private parties. However, they generate relevant indirect legal effects, namely because they:<br \/>\n(i) bind the conduct of Public Administration;<br \/>\n(ii) ncreasingly form part of eligibility criteria for public and EU funding programs;<br \/>\n(iii) influence technical standards required in public procurement;<br \/>\n(iv) contribute to the densification of the concept of the duty of care required from directors under Article 64 of the Portuguese Companies Code.<\/p>\n<p><strong>III. Impact on directors\u2019 duty of care (Article 64 Portuguese Companies Code)<\/strong><\/p>\n<p>The duty of care of directors is assessed by reference to the standard of a diligent and orderly manager, considering the circumstances and technical context. Once the State formally designates data governance, cybersecurity and responsible use of artificial intelligence as strategic and structural priorities, the objective standard of diligence evolves. In practical terms, the complete absence of internal structure in these areas (policies, responsible officers, minimum documentation) may, in certain contexts, be legally regarded as negligent management.<\/p>\n<p><strong>IV. Data governance and legal exposure (Articles 5, 24, 25 and 32 GDPR)<\/strong><\/p>\n<p>The national focus on data reuse, interoperability and digitalisation of public services intensifies scrutiny regarding organisations\u2019 compliance with the GDPR. The accountability principle (Articles 5 and 24 GDPR) requires controllers to be able to always demonstrate compliance. In practice, organisations lacking documented internal policies, decision records, risk assessments and adequate organisational measures are structurally vulnerable in the event of audits, inspections or disputes.<br \/>\nIn practice, organizations lacking documented internal policies, decision records, risk assessments, and adequate organizational measures are structurally vulnerable in the event of an audit, inspection, or litigation.<\/p>\n<p><strong>V. Artificial Intelligence and applicable legal framework (Regulation (EU) 2024\/1689)<\/strong><\/p>\n<p>The use of AI systems must be assessed considering Regulation (EU) 2024\/1689 (AI Act). Systems used in recruitment, credit assessment, behavioral scoring or automated decision-making are likely to qualify as high-risk systems, triggering specific obligations regarding risk management, technical documentation, human oversight and transparency. The absence of any inventory of AI systems used or internal policy governing their use may generate significant legal risk.<\/p>\n<p><strong>VI. Direct impact on investment and financing transactions<\/strong><\/p>\n<p>In investment, financing and M&amp;A transactions, these matters are increasingly incorporated into due diligence processes, through requests for:<br \/>\n\u2022 Data protection and cybersecurity policies;<br \/>\n\u2022 Description of the technological architecture;<br \/>\n\u2022 Identification of AI systems in use;<br \/>\n\u2022 Record of past security incidents.<\/p>\n<p>The lack of minimum internal structure typically results in valuation adjustments, additional conditions precedent or strengthened representations and warranties.<\/p>\n<p><strong>VII. Identifiable concrete legal consequences<\/strong><\/p>\n<p>From the combined analysis of these instruments and the binding legal framework, the following concrete legal risks are already observable in practice:<br \/>\n(i) increased exposure to civil liability for organisational failure;<br \/>\n(ii) heightened risk of directors\u2019 liability in the event of foreseeable incidents;<br \/>\n(iii) greater regulatory and contractual scrutiny in matters of data and technology;<br \/>\n(iv) direct impact on the company\u2019s negotiating position in structured transactions.<\/p>\n<h3>Conclusion<\/h3>\n<p>The impact of these instruments does not lie in the creation of immediate formal obligations, but in the substantial shift in the legal standard of diligence expected from organisations. For directors and investors, the absence of minimum organisational structure in digital governance is no longer merely an operational weakness, but a material legal risk.<\/p>","protected":false},"excerpt":{"rendered":"<p>Plano de A\u00e7\u00e3o da Estrat\u00e9gia Digital Nacional 2026\u20132027 e Agenda Nacional de Intelig\u00eancia Artificial 2026\u20132030 Impactos jur\u00eddicos concretos para \u00f3rg\u00e3os de administra\u00e7\u00e3o e investidores I. Objecto e \u00e2mbito A presente informa\u00e7\u00e3o visa identificar, de forma estritamente jur\u00eddica e operacional, os impactos concretos que decorrem da aprova\u00e7\u00e3o do Plano de A\u00e7\u00e3o da Estrat\u00e9gia Digital Nacional 2026\u20132027 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2974,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_joinchat":[],"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2972","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sem-categoria"],"acf":[],"_links":{"self":[{"href":"https:\/\/beyondlegal.pt\/en\/wp-json\/wp\/v2\/posts\/2972","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/beyondlegal.pt\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/beyondlegal.pt\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/beyondlegal.pt\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/beyondlegal.pt\/en\/wp-json\/wp\/v2\/comments?post=2972"}],"version-history":[{"count":0,"href":"https:\/\/beyondlegal.pt\/en\/wp-json\/wp\/v2\/posts\/2972\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/beyondlegal.pt\/en\/wp-json\/wp\/v2\/media\/2974"}],"wp:attachment":[{"href":"https:\/\/beyondlegal.pt\/en\/wp-json\/wp\/v2\/media?parent=2972"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/beyondlegal.pt\/en\/wp-json\/wp\/v2\/categories?post=2972"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/beyondlegal.pt\/en\/wp-json\/wp\/v2\/tags?post=2972"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}