Our Expert in Spain
No results available
Last reviewed: 14 July 2026
Knowing what to do in a dawn raid is the single most consequential compliance skill a company operating in Spain can develop. The Comisión Nacional de los Mercados y la Competencia (CNMC) reinforced that reality in February 2026 when it carried out unannounced on-site inspections across Spain’s insurance sector, as confirmed by its own press release of 6 March 2026. A competition dawn raid in Spain typically unfolds without prior notice, and the first sixty minutes dictate whether a company protects its rights or exposes itself to obstruction penalties.
This playbook sets out the legal framework, immediate actions, IT and forensic handling procedures, privilege segregation protocols, and post-raid remediation steps that every in-house counsel, compliance officer, and IT manager should have at hand before inspectors arrive.
Five-point quick checklist, commit to memory:
The CNMC’s inspection powers derive from three interlocking instruments. Ley 15/2007, de 3 de julio, de Defensa de la Competencia (the LDC) is the primary statute. It grants the CNMC authority to enter business premises, examine books and records, take copies of documents in any format, seal premises for the duration of an inspection, and request oral explanations on site. Real Decreto 261/2008 (the Competition Defence Regulation) supplements the LDC with detailed procedural rules, including requirements for inspection authorisation, the form of the mandate, and rules on data retention. Ley 3/2013 created the CNMC itself and defines its institutional competence, confirming that the Competition Directorate within the CNMC is the body that initiates and conducts dawn raid procedures.
Spanish dawn raid procedures do not operate in isolation. Where anticompetitive conduct may affect trade between EU Member States, Articles 101 and 102 TFEU apply in parallel. The CNMC may inspect on behalf of the European Commission or in coordination with it. Directive (EU) 2019/1, the ECN+ Directive, was transposed into Spanish law to ensure that national competition authorities possess minimum effective inspection powers, including the ability to access digital data and impose deterrent fines for obstruction. Industry observers expect this EU-level harmonisation to make cross-border dawn raids, where the CNMC assists another authority or vice-versa, increasingly routine.
Before cooperating, verify the inspection mandate. According to the CNMC’s published inspection procedure, a valid mandate should contain:
| Date / instrument | Statutory reference | Relevance to competition authority inspections in Spain |
|---|---|---|
| 3 July 2007 | Ley 15/2007 (LDC) | Primary statute granting CNMC inspection, seizure and sanctioning powers |
| 22 February 2008 | Real Decreto 261/2008 | Procedural regulation governing mandate form, authorisation and data retention |
| 4 June 2013 | Ley 3/2013 | Creates the CNMC; defines institutional competence of the Competition Directorate |
| 11 December 2018 (transposed) | Directive (EU) 2019/1 (ECN+) | Harmonises minimum inspection powers across EU, including digital access and deterrent fines |
The first minutes set the tone for the entire competition authority inspection in Spain. Follow these steps in sequence:
Send a brief, factual, non-privileged email to all employees on the affected premises. The email should be reviewed by counsel before sending wherever possible. A sample template:
“Subject: Regulatory inspection in progress, please read immediately.
The CNMC is conducting a regulatory inspection at [location]. Please cooperate fully with any requests from the inspection team. Do not delete, move, or alter any documents, electronic or paper. Do not discuss the inspection on messaging platforms. Direct any questions to [name of coordinator / compliance officer]. Further instructions will follow.”
Digital evidence is now the centrepiece of most CNMC dawn raids. The moment an inspection begins, the CISO or IT lead must:
Under Law 15/2007, CNMC inspectors may examine and copy documents “in any format” found on the inspected premises. This includes data stored on local hard drives, USB devices, laptops, and on-premise servers. Where data resides on cloud infrastructure or remote servers not physically present at the premises, the scope becomes more nuanced. Inspectors may ask the company to produce accessible data from cloud platforms, but the authority’s power to compel a third-party cloud provider to hand over data directly is limited to formal information requests under the LDC. Companies should be prepared to facilitate access, but should also ensure counsel supervises which data sets are produced and whether any contain privileged material.
If the CNMC requests forensic images (bit-for-bit copies) of drives or servers, insist on the following safeguards:
Whether CNMC inspectors can search employee personal mobile phones remains one of the most sensitive practical issues during IT searches in a dawn raid. The CNMC’s published inspection procedure permits examination of data accessible from the business premises, and this has been interpreted to extend to content on personal devices used for work purposes. However, the exercise of this power engages fundamental-rights considerations, particularly the right to privacy under the Spanish Constitution. The likely practical effect is that inspectors will request voluntary access to phones containing work-related messaging apps (WhatsApp, Teams, Telegram). Refusing outright carries obstruction risk, but counsel can negotiate scope limits: for example, agreeing to produce business-related chat threads while excluding personal content.
| Data source | CNMC likely action | Company immediate response |
|---|---|---|
| On-premise servers | Request full access; may image drives | Facilitate access under counsel supervision; witness imaging; hash and log |
| Employee laptops | Review folders, email client, browser history | Escort inspector; flag privileged files before access; note every file opened |
| Cloud platforms (O365, Google) | Ask company to produce accessible data | Produce after counsel review; preserve ESI; suspend syncs |
| Employee personal phones (BYOD) | Request voluntary access to work apps | Negotiate scope with counsel; produce work threads only; exclude personal content |
| Paper records | Review, copy, and potentially seal rooms | Escort; segregate privileged files; photograph everything copied |
Spanish law protects legal professional privilege, specifically, communications between a client and an external abogado made for the purpose of obtaining or giving legal advice. In-house counsel communications enjoy a less settled status: while they may attract a degree of protection, they are generally not treated as equivalent to external-lawyer privilege. Internal business notes, strategy memos, and compliance audit reports that were not prepared under the direction of external counsel are typically not privileged.
If an inspector seeks access to a document you believe is privileged, follow this sequence:
The CNMC may challenge a privilege claim and ultimately refer the dispute to judicial review. Companies should not concede privilege claims prematurely, but neither should they use privilege assertions as a blanket obstruction tactic, doing so risks sanctions and weakens legitimate claims.
The CNMC’s inspection powers under Law 15/2007 extend to data that is accessible from the inspected premises, even if physically stored on servers located elsewhere. However, where data resides with a third-party provider outside Spain, the authority must generally use formal cooperation mechanisms (including requests under the ECN+ Directive for intra-EU matters) rather than compelling a foreign provider directly. Companies should clarify with inspectors exactly which data sets are being requested, and record every instruction.
If your data is hosted by a cloud provider (AWS, Azure, Google Cloud, or a sector-specific SaaS), take the following steps immediately upon learning of a CNMC dawn raid:
Understanding your rights during a dawn raid does not mean resisting the inspection. Spanish law requires active cooperation. Under the LDC, companies must grant inspectors access to premises, produce requested documents, and permit copying. Failure to do so constitutes obstruction. At the same time, cooperation has boundaries:
If inspectors refuse to wait for counsel, log the refusal in writing and cooperate. You can challenge procedural irregularities afterwards, but obstructing the inspection creates immediate liability.
Once inspectors depart, the work intensifies. Knowing what to do after a dawn raid is as important as the initial response:
After a CNMC dawn raid, the authority may issue formal information requests (RFIs) requiring the company to produce additional data. These carry strict response deadlines. In parallel, the company must evaluate its strategic options. If internal investigation reveals participation in anticompetitive conduct, early engagement with the CNMC’s leniency programme may significantly reduce fines. Filing a leniency marker promptly, before competitors do so, can be critical. Additionally, companies should assess whether to file a voluntary submission or cooperate proactively to secure fine reductions under the LDC and the CNMC’s leniency guidelines. Early indications from 2026 enforcement activity suggest the CNMC is prioritising cases where companies failed to cooperate fully, making post-raid conduct a genuine factor in final penalty calculations.
Law 15/2007 classifies obstruction of an inspection as a separate infringement carrying its own penalties. Penalties for obstruction of the CNMC include substantial administrative fines. The LDC empowers the CNMC to sanction undertakings that refuse to cooperate, provide misleading information, break seals, or destroy evidence. These fines are independent of, and additional to, any fines for the underlying anticompetitive conduct.
Beyond financial penalties, obstruction damages a company’s credibility in subsequent proceedings, eliminates eligibility for leniency reductions, and may trigger judicial referral where conduct amounts to a criminal offence under Spain’s Penal Code.
| Action by the company | Possible CNMC response | Practical company exposure |
|---|---|---|
| Refusing access to premises or data | Obstruction fine; judicial authorisation to force entry | Separate penalty; adverse inference in main proceedings |
| Destroying or concealing documents | Aggravated obstruction fine; potential criminal referral | Maximum fines; criminal liability for individuals; loss of leniency eligibility |
| Breaking CNMC seals on rooms/devices | Specific seal-breaking sanction under LDC | Additional fine; evidential presumption against the company |
| Providing false or misleading information | Fine for misleading submission | Fine plus reputational damage; weakened defence in subsequent proceedings |
Preparedness determines outcomes. Every company operating in sectors exposed to CNMC enforcement should maintain the following ready-to-deploy assets:
For a tailored dawn raid response plan, find a Spain compliance lawyer through the Global Law Experts directory.
The consequences of a poorly managed CNMC dawn raid, obstruction fines, loss of privilege, destroyed leniency prospects, are entirely avoidable. Understanding what to do in a dawn raid comes down to three priorities: prepare before it happens (checklists, training, counsel retainer), execute disciplined protocols in the first hour (verify, preserve, escort, segregate), and manage the aftermath strategically (inventory, privilege review, leniency assessment). Spain’s active enforcement climate in 2026 makes this preparation not optional but essential. For further guidance on regulatory compliance in Spain, explore the Spain practice resources on Global Law Experts, or consult the related guides on serving process in Spain and Spain’s Pillar Two compliance deadlines.
This article was produced by Global Law Experts. For specialist advice on this topic, contact Jordi Sot Ball-Llosera at Toda & Nel-lo, a member of the Global Law Experts network.
posted 33 seconds ago
posted 6 minutes ago
posted 6 minutes ago
posted 6 minutes ago
posted 6 minutes ago
posted 6 minutes ago
posted 25 minutes ago
posted 28 minutes ago
posted 1 hour ago
posted 2 hours ago
posted 2 hours ago
posted 3 hours ago
No results available
Find the right Legal Expert for your business
Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Send welcome message