Ministerio de Defensa de España

The Ministerio de Defensa de España isthe government department responsible for the formulation and execution of Spain's defense policy. It oversees the organization, training, and equipping of the Spanish Armed Forces, which comprise the Army, the Navy, and the Air and Space Force. The ministry also manages defense-related infrastructure, logistics, and procurement programs. Through its various directorates, it coordinates joint operations and contributes to national security planning.

As a civilian-led institution, the ministry operates under the principle of democratic control of the military, ensuring that defense decisions are made by elected officials. It represents Spain in NATO and European Union defense initiatives, contributing to collective security frameworks and multinational missions. The ministry regulates defense industry contracts and oversees compliance with national and international arms control agreements. Its strategic priorities include modernization of capabilities, cyber defense, and participation in peacekeeping operations.

Structurally, the Ministerio de Defensa is a department of the Spanish Government, headed by the Minister of Defense who is appointed by the President of the Government. It reports to the Council of Ministers and receives its authority from the Spanish Constitution and subsequent defense laws. The ministry's internal structure includes secretariats for policy, finance, personnel, and equipment, each responsible for specific functional areas. While it is a central government body, it works closely with regional authorities and allied nations on defense matters.

In January 2025, the ministry disclosed a significant data breach that exposed personal information of approximately 160,000 individuals, including Guardia Civil officers, military personnel, and civilian staff of the Defense Ministry. The leaked data, which consisted of names and email addresses, was published on cybercrime forums and was traced to a compromised third‑party medical services provider. Although the breach did not reveal passwords or detailed medical records, it raised concerns about potential phishing attacks and identity impersonation against the affected individuals and their families. Investigations into the incident were ongoing at the time of the report, with authorities seeking to confirm the exact source and mitigate further risks.