About
Twenty years advising organisations where technology breaks the law — or should, but doesn't yet.
Alonso works at the intersection of five fields most lawyers treat as separate: cybersecurity, data protection, electronic identity and trust services, blockchain, and AI regulation. In practice, they overlap constantly. That's exactly where he operates.
At ECIJA, he has built compliance frameworks for critical infrastructure, designed GDPR response programmes for multinationals, structured eIDAS 2 and QTSP implementation roadmaps, and advised on EU AI Act obligations from risk classification to conformity assessments. He has also worked on asset tokenisation and the legal architecture of digital financial transactions — before most clients had a clear view of what DLT meant for them.
His regulatory toolkit covers NIS2, DORA, eIDAS 2, the EU AI Act, GDPR/LOPDGDD, ISO/IEC 27001, ISO/IEC 27701, and the NIST Cybersecurity Framework. Registered external expert at SEPBLAC. 2nd Vice-President of ASCOM, Spain's compliance association.
Ranked by Chambers & Partners. Named in Iberian Lawyer's Top 40 Under Forty.
Education
Law · Universidad Carlos III de Madrid
LLM in Telecommunications Law & New Technologies
Master's in Risk Prevention & Management · CEU San Pablo
Specialisation in Biotechnology & EU Law · UNED