Spain ENS
Cloudflare is an ENS-certified provider for certain products at the “High” security level. Cloudflare’s ENS Certificate of Conformity is available to download from the Cloudflare dashboard.
ENS is regulated by the 2022 Royal Decree which aims to establish and maintain the security of sensitive and critical information systems and data within Spain’s Public Administration organizations and their service providers with mandatory requirements.
ENS establishes the minimum security requirements for public sector information systems. Its primary goal is to ensure the protection of confidentiality, integrity, access, traceability, authenticity, and availability for the preservation of data, information and services. ENS aligns with both domestic and European regulations in response to the expanding use of digital technology in public services. Certification is obtained through accredited third party auditors.
The ENS framework is defined by the Royal Decree, which outlines security measures. These security measures are applied based on the system’s security level with specific requirements at each level to mitigate risks and protect systems against cyber threats.
ENS compliance is applicable in Spain for:
Public sector organizations.
Private companies working with the public sector or managing government data.
ENS has three security levels:
Basic: for low-sensitivity systems.
Medium: for systems with moderate sensitivity or impact.
High: for highly sensitive or critical systems.
Certificate of conformity is issued by an accredited third party auditor after a formal audit which is required for “Medium” and “High” security levels.
Declaration of conformity is a self-assessment by the organization; suitable for Basic-level systems only.
Yes, Cloudflare maintains a Certificate of Conformity at the “High” security level.
Yes, the ENS certification does expire and must be renewed to remain valid. Cloudflare ensures compliance by undergoing re-certification every two years conducted by an accredited third party auditor.
Cloudflare as an ENS-certified provider meets the high standard of cybersecurity required by Spain’s regulations for private companies working with the public sector.
Cloudflare is subject to regular ENS audits by an independent and accredited auditor, ensuring continuous compliance and improvement to maintain certification at a “high” level.
ENS establishes minimum requirements for the assurance of access, confidentiality, integrity, traceability, authenticity, availability, and preservation of data.
ENS aligns with additional EU regulations such as the NIS Directive for critical infrastructure protection.
Application Security:
API Shield, Bot Management, DDoS Protection, DNS, Page Shield, Rate Limiting, Security Center, SSL/TLS, SSL/TLS for SaaS, Turnstile, WAF, Waiting Room, ZarazApplication Performance:
Argo Smart Routing, Content Delivery Network (Cache/CDN), Load BalancingZero Trust Services:
Cloudflare Access, Browser Isolation, Cloudflare Tunnel, Cloudflare Zero Trust, Cloudflare Email Security, Gateway, WARP ClientNetwork Services:
Magic WAN, Magic Firewall, Magic Transit, Cloudflare Network Interconnect, Cloudflare Spectrum, Cloudflare Time ServicesDeveloper Platform:
Cloudflare for SaaS, Cloudflare Images, Cloudflare One, Cloudflare Durable Objects, Cloudflare Workers KV, Cloudflare Pages, R2 Object Storage, Cloudflare Stream, Cloudflare WorkersAnalytics and Insights:
Analytics, Web Analytics, Cloudflare Logs, Speed, RadarPrivacy and Compliance:
Data Localization Suite
Cloudflare continuously introduces new features/functions across our platform throughout the year, some of which may have not been included in the prior ENS audit. Cloudflare may add these to our ENS certification scope depending on the annual assessment cycle.
For detailed instructions, visit Cloudflare’s guide.
Learn more about how Cloudflare can help your org address compliance requirements.
Visit Cloudflare’s Trust Hub to learn about additional compliance resources.
Learn more about how Cloudflare’s connectivity cloud capabilities help enterprises streamline and map to compliance requirements across multiple standards by visiting our data compliance and protection page.