[codicts-css-switcher id=”346″]

Global Law Experts Logo
what to do in a dawn raid

What to Do in a Dawn Raid, Spain (CNMC): Immediate Steps, IT Handling & Risks

By Global Law Experts
– posted 2 hours ago

Last reviewed: 14 July 2026

Knowing what to do in a dawn raid is the single most consequential compliance skill a company operating in Spain can develop. The Comisión Nacional de los Mercados y la Competencia (CNMC) reinforced that reality in February 2026 when it carried out unannounced on-site inspections across Spain’s insurance sector, as confirmed by its own press release of 6 March 2026. A competition dawn raid in Spain typically unfolds without prior notice, and the first sixty minutes dictate whether a company protects its rights or exposes itself to obstruction penalties.

This playbook sets out the legal framework, immediate actions, IT and forensic handling procedures, privilege segregation protocols, and post-raid remediation steps that every in-house counsel, compliance officer, and IT manager should have at hand before inspectors arrive.

Five-point quick checklist, commit to memory:

  1. Call external competition counsel immediately.
  2. Verify inspector identities and photograph the inspection mandate.
  3. Preserve all digital data, suspend auto-deletions and syncs.
  4. Assign escort teams for every inspector.
  5. Segregate and flag potentially privileged materials.

How CNMC Dawn Raids Work, Legal Powers and Limits

Legal basis: Law 15/2007, RD 261/2008 and Law 3/2013

The CNMC’s inspection powers derive from three interlocking instruments. Ley 15/2007, de 3 de julio, de Defensa de la Competencia (the LDC) is the primary statute. It grants the CNMC authority to enter business premises, examine books and records, take copies of documents in any format, seal premises for the duration of an inspection, and request oral explanations on site. Real Decreto 261/2008 (the Competition Defence Regulation) supplements the LDC with detailed procedural rules, including requirements for inspection authorisation, the form of the mandate, and rules on data retention. Ley 3/2013 created the CNMC itself and defines its institutional competence, confirming that the Competition Directorate within the CNMC is the body that initiates and conducts dawn raid procedures.

Interaction with EU law, TFEU Articles 101/102 and ECN+ Directive

Spanish dawn raid procedures do not operate in isolation. Where anticompetitive conduct may affect trade between EU Member States, Articles 101 and 102 TFEU apply in parallel. The CNMC may inspect on behalf of the European Commission or in coordination with it. Directive (EU) 2019/1, the ECN+ Directive, was transposed into Spanish law to ensure that national competition authorities possess minimum effective inspection powers, including the ability to access digital data and impose deterrent fines for obstruction. Industry observers expect this EU-level harmonisation to make cross-border dawn raids, where the CNMC assists another authority or vice-versa, increasingly routine.

What a lawful inspection mandate must include

Before cooperating, verify the inspection mandate. According to the CNMC’s published inspection procedure, a valid mandate should contain:

  • Subject matter and purpose. A description of the conduct under investigation and the market(s) concerned.
  • Legal basis. Express reference to the LDC provisions granting the inspection power.
  • Scope. Identification of the undertaking(s) to be inspected and the premises covered.
  • Consequences of obstruction. A statement of the penalties that apply if the undertaking refuses cooperation or obstructs the inspection.
Date / instrument Statutory reference Relevance to competition authority inspections in Spain
3 July 2007 Ley 15/2007 (LDC) Primary statute granting CNMC inspection, seizure and sanctioning powers
22 February 2008 Real Decreto 261/2008 Procedural regulation governing mandate form, authorisation and data retention
4 June 2013 Ley 3/2013 Creates the CNMC; defines institutional competence of the Competition Directorate
11 December 2018 (transposed) Directive (EU) 2019/1 (ECN+) Harmonises minimum inspection powers across EU, including digital access and deterrent fines

First Hour: What to Do in a Dawn Raid, Reception, Verification and Communications

Reception checklist

The first minutes set the tone for the entire competition authority inspection in Spain. Follow these steps in sequence:

  • Verify identities. Ask each inspector for official CNMC identification. Record full names and badge numbers.
  • Request and photograph the mandate. Obtain a physical or digital copy. Photograph every page, including annexes.
  • Call your external competition counsel. Do not wait. In Spain, you may politely ask inspectors for a brief, reasonable delay (typically 30–60 minutes) to allow counsel to arrive, although inspectors are not legally obliged to wait.
  • Notify your internal response team. Alert the compliance officer, general counsel, CISO, and a senior executive. Designate an on-site coordinator.
  • Assign escort pairs. Each inspector should be accompanied by at least one company representative at all times. Escorts observe, take notes, and log every document reviewed or copied.

Staff communications, sample email and do/don’t list

Send a brief, factual, non-privileged email to all employees on the affected premises. The email should be reviewed by counsel before sending wherever possible. A sample template:

“Subject: Regulatory inspection in progress, please read immediately.
The CNMC is conducting a regulatory inspection at [location]. Please cooperate fully with any requests from the inspection team. Do not delete, move, or alter any documents, electronic or paper. Do not discuss the inspection on messaging platforms. Direct any questions to [name of coordinator / compliance officer]. Further instructions will follow.”

  • Do: Cooperate politely, answer factual questions truthfully, and refer inspectors to the escort team.
  • Do not: Destroy, conceal, or alter any document; discuss the inspection on WhatsApp, Slack or similar platforms; provide speculative answers; or give oral statements without counsel present.

IT Searches in a Dawn Raid, Preserve, Segregate, Image

Immediate IT playbook

Digital evidence is now the centrepiece of most CNMC dawn raids. The moment an inspection begins, the CISO or IT lead must:

  • Suspend all automated deletion schedules (email retention policies, log purges, recycle-bin empties).
  • Disable cloud-sync overwrite features on OneDrive, SharePoint, Google Workspace, or similar platforms to prevent metadata changes.
  • Preserve server and firewall logs in their current state, do not restart servers or flush caches.
  • Lock backup tapes and snapshots so no scheduled rotation overwrites potentially relevant data.

On-site device handling versus remote and cloud data

Under Law 15/2007, CNMC inspectors may examine and copy documents “in any format” found on the inspected premises. This includes data stored on local hard drives, USB devices, laptops, and on-premise servers. Where data resides on cloud infrastructure or remote servers not physically present at the premises, the scope becomes more nuanced. Inspectors may ask the company to produce accessible data from cloud platforms, but the authority’s power to compel a third-party cloud provider to hand over data directly is limited to formal information requests under the LDC. Companies should be prepared to facilitate access, but should also ensure counsel supervises which data sets are produced and whether any contain privileged material.

Forensic imaging, chain of custody and hashing

If the CNMC requests forensic images (bit-for-bit copies) of drives or servers, insist on the following safeguards:

  1. Witness the imaging process. A company IT representative must be present throughout.
  2. Demand hash verification. Both the original and the copy should be hashed (SHA-256 or equivalent) so that integrity can later be proven.
  3. Maintain a chain-of-custody log. Record the device serial number, time of imaging, tool used, hash value, and identity of the technician.
  4. Request a copy of every image taken. The company is entitled to know exactly what data the CNMC has obtained.

BYOD and employee phones

Whether CNMC inspectors can search employee personal mobile phones remains one of the most sensitive practical issues during IT searches in a dawn raid. The CNMC’s published inspection procedure permits examination of data accessible from the business premises, and this has been interpreted to extend to content on personal devices used for work purposes. However, the exercise of this power engages fundamental-rights considerations, particularly the right to privacy under the Spanish Constitution. The likely practical effect is that inspectors will request voluntary access to phones containing work-related messaging apps (WhatsApp, Teams, Telegram). Refusing outright carries obstruction risk, but counsel can negotiate scope limits: for example, agreeing to produce business-related chat threads while excluding personal content.

Data source CNMC likely action Company immediate response
On-premise servers Request full access; may image drives Facilitate access under counsel supervision; witness imaging; hash and log
Employee laptops Review folders, email client, browser history Escort inspector; flag privileged files before access; note every file opened
Cloud platforms (O365, Google) Ask company to produce accessible data Produce after counsel review; preserve ESI; suspend syncs
Employee personal phones (BYOD) Request voluntary access to work apps Negotiate scope with counsel; produce work threads only; exclude personal content
Paper records Review, copy, and potentially seal rooms Escort; segregate privileged files; photograph everything copied

Privilege, Confidentiality and Segregation During a CNMC Dawn Raid

What counts as privileged under Spanish practice

Spanish law protects legal professional privilege, specifically, communications between a client and an external abogado made for the purpose of obtaining or giving legal advice. In-house counsel communications enjoy a less settled status: while they may attract a degree of protection, they are generally not treated as equivalent to external-lawyer privilege. Internal business notes, strategy memos, and compliance audit reports that were not prepared under the direction of external counsel are typically not privileged.

How to assert privilege on site

If an inspector seeks access to a document you believe is privileged, follow this sequence:

  • Immediately flag the document. State clearly, and record in writing, that you claim privilege.
  • Physically segregate the document (or, for digital files, mark the folder) and set it aside.
  • Provide a reasoned justification. Explain briefly why the document is privileged (e.g., “this is advice from our external counsel regarding the interpretation of Article X”).
  • Request the document be sealed, placed in a sealed envelope or container, pending resolution of the dispute. The CNMC’s procedural framework allows for this mechanism.
  • Prepare a privilege log. After the inspection, compile a full log listing every document for which privilege was claimed: date, author, recipient, description, and basis of privilege.

When the CNMC may press for access

The CNMC may challenge a privilege claim and ultimately refer the dispute to judicial review. Companies should not concede privilege claims prematurely, but neither should they use privilege assertions as a blanket obstruction tactic, doing so risks sanctions and weakens legitimate claims.

Cloud Providers and Cross-Border Data Handling

Practical limits on cloud and remote seizure

The CNMC’s inspection powers under Law 15/2007 extend to data that is accessible from the inspected premises, even if physically stored on servers located elsewhere. However, where data resides with a third-party provider outside Spain, the authority must generally use formal cooperation mechanisms (including requests under the ECN+ Directive for intra-EU matters) rather than compelling a foreign provider directly. Companies should clarify with inspectors exactly which data sets are being requested, and record every instruction.

Vendor engagement steps

If your data is hosted by a cloud provider (AWS, Azure, Google Cloud, or a sector-specific SaaS), take the following steps immediately upon learning of a CNMC dawn raid:

  • Notify the provider’s legal and compliance team of a regulatory preservation obligation.
  • Request that automated deletions and retention-policy expirations be suspended for the relevant data.
  • Confirm in writing that no data covered by the inspection scope will be overwritten or purged.
  • Obtain a copy of any data the CNMC asks you to produce, so your own forensic and privilege review can proceed in parallel.

How to Behave Legally on Site, Escorting, Cooperating, Not Obstructing

Understanding your rights during a dawn raid does not mean resisting the inspection. Spanish law requires active cooperation. Under the LDC, companies must grant inspectors access to premises, produce requested documents, and permit copying. Failure to do so constitutes obstruction. At the same time, cooperation has boundaries:

  • Do cooperate promptly, politely, and fully with lawful requests.
  • Do ask inspectors to identify the specific documents or data they wish to review, the mandate defines the scope.
  • Do take detailed notes of every interaction, request, and document copied.
  • Do not provide oral explanations without counsel present, beyond simple factual directions (e.g., “the server room is on floor 3”).
  • Do not destroy, conceal, or tamper with any material, even if you believe it falls outside the scope of the mandate.
  • Do not tip off employees at other locations or attempt to coordinate responses via messaging apps.

If inspectors refuse to wait for counsel, log the refusal in writing and cooperate. You can challenge procedural irregularities afterwards, but obstructing the inspection creates immediate liability.

After the Raid, Preservation, Evidence Review, Remediation and Leniency

Immediate post-raid steps

Once inspectors depart, the work intensifies. Knowing what to do after a dawn raid is as important as the initial response:

  • Collect and verify the inventory. Obtain the CNMC’s formal list of every document, copy, and digital image taken. Cross-reference this against your escorts’ logs.
  • Secure your copy of the mandate. File it with legal, compliance, and the board.
  • Conduct a privilege review. With external counsel, review every document that was copied or imaged to identify any privileged material that may have been inadvertently produced. If privileged documents were taken, notify the CNMC promptly and request return or destruction.
  • Preserve all evidence. Maintain litigation holds across all systems. Do not resume normal deletion schedules until counsel confirms it is safe.

Regulatory follow-up and leniency considerations

After a CNMC dawn raid, the authority may issue formal information requests (RFIs) requiring the company to produce additional data. These carry strict response deadlines. In parallel, the company must evaluate its strategic options. If internal investigation reveals participation in anticompetitive conduct, early engagement with the CNMC’s leniency programme may significantly reduce fines. Filing a leniency marker promptly, before competitors do so, can be critical. Additionally, companies should assess whether to file a voluntary submission or cooperate proactively to secure fine reductions under the LDC and the CNMC’s leniency guidelines. Early indications from 2026 enforcement activity suggest the CNMC is prioritising cases where companies failed to cooperate fully, making post-raid conduct a genuine factor in final penalty calculations.

Penalties for Obstruction and Non-Cooperation With the CNMC

Statutory sanctions under Law 15/2007

Law 15/2007 classifies obstruction of an inspection as a separate infringement carrying its own penalties. Penalties for obstruction of the CNMC include substantial administrative fines. The LDC empowers the CNMC to sanction undertakings that refuse to cooperate, provide misleading information, break seals, or destroy evidence. These fines are independent of, and additional to, any fines for the underlying anticompetitive conduct.

Practical consequences

Beyond financial penalties, obstruction damages a company’s credibility in subsequent proceedings, eliminates eligibility for leniency reductions, and may trigger judicial referral where conduct amounts to a criminal offence under Spain’s Penal Code.

Action by the company Possible CNMC response Practical company exposure
Refusing access to premises or data Obstruction fine; judicial authorisation to force entry Separate penalty; adverse inference in main proceedings
Destroying or concealing documents Aggravated obstruction fine; potential criminal referral Maximum fines; criminal liability for individuals; loss of leniency eligibility
Breaking CNMC seals on rooms/devices Specific seal-breaking sanction under LDC Additional fine; evidential presumption against the company
Providing false or misleading information Fine for misleading submission Fine plus reputational damage; weakened defence in subsequent proceedings

Templates, Checklists and Downloadable Assets

Preparedness determines outcomes. Every company operating in sectors exposed to CNMC enforcement should maintain the following ready-to-deploy assets:

  • Immediate-actions checklist. A laminated, one-page flowchart for reception staff and the compliance officer covering the first 30 minutes.
  • Staff notification script. A pre-drafted email (see the template above) that can be sent within minutes, approved by counsel in advance.
  • IT preservation checklist. Step-by-step instructions for the CISO covering sync suspension, log preservation, backup locks, and forensic-imaging protocols.
  • Privilege log template. A standardised spreadsheet with columns for document date, author, recipient, description, and privilege basis.
  • Counsel contact card. Wallet-sized cards for key personnel listing external competition counsel’s name, direct phone number, and an agreed codeword confirming authority to instruct.

For a tailored dawn raid response plan, find a Spain compliance lawyer through the Global Law Experts directory.

Conclusion

The consequences of a poorly managed CNMC dawn raid, obstruction fines, loss of privilege, destroyed leniency prospects, are entirely avoidable. Understanding what to do in a dawn raid comes down to three priorities: prepare before it happens (checklists, training, counsel retainer), execute disciplined protocols in the first hour (verify, preserve, escort, segregate), and manage the aftermath strategically (inventory, privilege review, leniency assessment). Spain’s active enforcement climate in 2026 makes this preparation not optional but essential. For further guidance on regulatory compliance in Spain, explore the Spain practice resources on Global Law Experts, or consult the related guides on serving process in Spain and Spain’s Pillar Two compliance deadlines.

Need Legal Advice?

This article was produced by Global Law Experts. For specialist advice on this topic, contact Jordi Sot Ball-Llosera at Toda & Nel-lo, a member of the Global Law Experts network.

Sources

  1. CNMC, Press release: inspections in the insurance sector (March 2026)
  2. CNMC, Published inspection procedure for undertakings
  3. BOE, Ley 15/2007, de 3 de julio, de Defensa de la Competencia
  4. BOE, Real Decreto 261/2008 (Reglamento de Defensa de la Competencia)
  5. BOE, Ley 3/2013 (creation and remit of the CNMC)
  6. EUR-Lex, Treaty on the Functioning of the European Union, Article 101
  7. EUR-Lex, Directive (EU) 2019/1 (ECN+)
  8. OECD, ICN dawn raid guidance and best practices

FAQs

What to do in a dawn raid?
Call external competition counsel immediately, verify inspector identities and photograph the mandate, preserve all digital data, assign escort teams, and segregate any potentially privileged materials. Acting within the first 30 minutes is critical.
Cooperate fully with lawful requests; verify IDs and the inspection scope; preserve all evidence; escort every inspector; flag privileged documents; and avoid any communication about the inspection on messaging apps or with employees at other locations.
The CNMC conducts dawn raids under Law 15/2007, supported by RD 261/2008. Inspectors present a mandate specifying the subject matter, legal basis, scope, and obstruction penalties. They may enter premises, review and copy documents in any format, seal rooms, and request on-site oral explanations.
Collect the full inventory of documents taken, secure your mandate copy, conduct a privilege review of all copied materials with external counsel, maintain litigation holds, and evaluate leniency or voluntary-cooperation options with the CNMC.
The CNMC may request access to work-related data on personal devices used on the inspected premises. This power is subject to fundamental-rights constraints. Companies should negotiate scope limits through counsel, producing work-related messaging threads while excluding purely personal content, rather than refusing outright, which risks obstruction sanctions.
Obstruction is a separate infringement under Law 15/2007, punishable by substantial administrative fines independent of any penalty for the underlying anticompetitive conduct. Destroying evidence or breaking seals may also trigger criminal liability for individuals and permanently disqualify the company from leniency reductions.
The Global Law Experts lawyer directory lists vetted compliance and competition lawyers across Spain who can be contacted for immediate dawn-raid assistance.
work permit race 2026 winning place
By Global Law Experts

posted 49 minutes ago

Find the right Legal Expert for your business

The premier guide to leading legal professionals throughout the world

Specialism
Country
Practice Area
LAWYERS RECOGNIZED
0
EVALUATIONS OF LAWYERS BY THEIR PEERS
0 m+
PRACTICE AREAS
0
COUNTRIES AROUND THE WORLD
0
Join
who are already getting the benefits
0

Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.

Naturally you can unsubscribe at any time.

About Us

Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Global Law Experts App

Now Available on the App & Google Play Stores.

Social Posts
[wp_social_ninja id="50714" platform="instagram"]
[codicts-social-feeds platform="instagram" url="https://www.instagram.com/globallawexperts/" template="carousel" results_limit="10" header="false" column_count="1"]

See More:

Contact Us

Stay Informed

Join Mailing List
About Us

Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Social Posts
[wp_social_ninja id="50714" platform="instagram"]
[codicts-social-feeds platform="instagram" url="https://www.instagram.com/globallawexperts/" template="carousel" results_limit="10" header="false" column_count="1"]

See More:

Global Law Experts App

Now Available on the App & Google Play Stores.

Contact Us

Stay Informed

GLE

Lawyer Profile Page - Lead Capture
GLE-Logo-White
Lawyer Profile Page - Lead Capture

What to Do in a Dawn Raid, Spain (CNMC): Immediate Steps, IT Handling & Risks

Send welcome message

Custom Message