ANACOM Reports 87 Security Incidents in 2025, 6% Rise, 28 April Blackout
Summary
ANACOM's annual report on security incidents in Portuguese electronic communications networks recorded 87 incidents in 2025, a 6% increase from 82 in 2024. The April 28 'blackout' was a major contributor to the significant rise in affected subscribers, which reached 14.6 million in 2025 compared to 1.9 million in 2024. The total disruption duration decreased to 2,412 hours from 2,570 hours in 2024, with average impact duration per incident falling from 57 to approximately 37 hours. Fixed telephone and Internet services were most affected at 59% of incidents, followed by subscription TV at 46%.
“A total of 87 incidents were reported, which was an increase of five on the previous year.”
About this source
GovPing monitors Portugal ANACOM News for new telecom & technology regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.
What changed
ANACOM published its 2025 security incident report for electronic communications networks and services in Portugal, covering 87 reported incidents across the year. The report details that 98% of incidents stemmed from power failures, fibre optic cable cuts, system/equipment malfunctions, and scheduled maintenance, with third-party supply failures, accidents, natural phenomena, and malicious attacks as primary root causes. Of 87 incidents, 5 were nationwide in scope and 21 required public notifications per Article 23 of Security Regulation No. 303/2019. Electronic communications companies subject to ANACOM's jurisdiction should note the continued high volume of third-party and infrastructure-related disruptions and assess whether their incident response and public notification procedures align with current reporting obligations under Portuguese security regulations.
Archived snapshot
Apr 25, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
The year 2025 was marked by an incident that occurred on 28 April and became known as the “blackout”. The trend observed in 2024 continued overall, with a slight increase in the total number of security incidents reported to ANACOM by companies. A total of 87 incidents were reported, which was an increase of five on the previous year.
In 2025, the majority of notifications received by the Notification Reporting Centre (CRN) were due to failures in the supply of goods or services by third parties, alongside accidents and natural phenomena. These causes, together with malicious attacks in second place and hardware or software maintenance or failure in third place, account for almost all security incident reports (98%). This is notably due to power failures, fibre optic cable cuts, system/equipment malfunctions, and scheduled service interruptions for maintenance work.
Between 2015 and 2025, incidents caused by factors outside the sector accounted for over 77% of all incidents.
A higher number of incidents were reported to ANACOM in the 1 st and 2 nd quarters, with the 2 nd quarter recording the highest number of reports. However, compared with previous years, security incidents were more evenly distributed throughout the year.
Chart – Volume and annual change of security incidents reports, 2015-2025
Unit: number of security incidents
Source: ANACOM
Most security incidents impacted more than one publicly available electronic communications service simultaneously. Fixed telephone and Internet services were the most affected, accounting for 59% of incidents, followed by subscription TV (46%).
In 2025, the total duration of the disruption was 2,412 hours, representing a slight decrease compared to 2024 (2,570 hours). However, there was a significant increase in the total number of affected subscribers/accesses, rising from 1.9 million to 14.6 million, a figure that is mainly due to the 28 April “blackout”.
As regards the average duration of the impact per incident, 2025 also saw a decrease compared with 2024, falling from 57 to around 37 hours. Of the 87 security incidents, 5 were nationwide in scope, whilst the remainder had a significant impact on the networks and services in the districts of mainland Portugal shown in the figure below.
Figure – Districts in mainland Portugal affected by non-national scale incidents reported in 2025
Unit: Number of incidents
Source: ANACOM
According to paragraph 1 of article 23 of ANACOM Security Regulation No. 303/2019 https://www.anacom.pt/render.jsp?contentId=1474999, published on 1 April 2019, electronic communications companies must inform the public in the event of high-impact incidents. Of the 87 incidents recorded in 2025, information was provided to the public in 21 cases.
Consult:
Related changes
Get daily alerts for Portugal ANACOM News
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from ANACOM.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when Portugal ANACOM News publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.