Consejo General del Poder Judicial (CGPJ) / Punto Neutro Judicial (PNJ)

The Consejo General del Poder Judicial (CGPJ), operating through its Punto Neutro Judicial (PNJ) platform, serves as the central telecommunications and data exchange infrastructure for Spain's judiciary. Its core function is to provide a secure, standardized network that enables the interconnection of judicial bodies with other key Spanish public institutions, including the Treasury and the General Police Directorate. This platform facilitates the electronic transmission of procedural documents, legal data, and administrative information, forming a critical backbone for the daily operations of the Spanish judicial system. By acting as a neutral interchange point, the PNJ ensures that courts, prosecutors, and other authorized entities can reliably share information with ministries and law enforcement agencies, thereby supporting the administration of justice across the national territory. The service is intrinsically linked to the constitutional mandate of the CGPJ as the governing body of the judiciary, underpinning the technological independence and efficiency of the courts. Its scope is exclusively national, serving the entire framework of Spain's public administration where judicial interactions are required. The platform's design emphasizes interoperability and security, positioning it as a foundational component of the country's digital government ecosystem, specifically tailored to the sensitive requirements of the justice sector.

The PNJ's role as a high-value target was evidenced by two significant cyber incidents in 2022, which underscore its critical national infrastructure status and its sophisticated security posture. In September 2022, a cyberattack on Spanish public administration networks specifically compromised the PNJ, though this breach was contained to institutional access pathways without affecting the confidentiality or integrity of judicial records or data held by courts. This incident demonstrated the platform's robust internal segmentation and the immediate effectiveness of its security protocols, which prevented the lateral movement of attackers into core judicial systems. A subsequent, more severe attack in October 2022 exploited the PNJ's connections to exfiltrate personal data from linked external entities, compromising information belonging to approximately 500,000 taxpayers and 50,000 police officers. This event highlighted the inherent risk in a platform that bridges multiple state sectors, where a vulnerability in one connected system can lead to widespread data exposure. Despite these breaches, the judicial data itself remained unaffected, a testament to the architectural safeguards maintained by the CGPJ. Both incidents involved coordinated responses with national cybersecurity and data protection authorities, reflecting the PNJ's established integration within Spain's national incident response framework. Structurally, the PNJ is an integral service managed by the CGPJ, the constitutional body responsible for the governance and oversight of Spain's judiciary, and does not exist as a separate commercial or subsidiary entity. Its operational history is defined by its dual identity: an indispensable, secure conduit for judicial administration and a high-profile target due to its unique position connecting the judiciary with the broader state apparatus.