On May 7, EC opened infringement cases against 19 EU states.
EC called on 19 Member States to fully transpose NIS2 Directive within 2 months.
Sent reasoned opinion to Bulgaria, Czechia, Denmark, Germany, Estonia, Ireland, Spain, France, Cyprus, Latvia, Luxembourg, Hungary, Netherlands, Austria, Poland.
Also Portugal, Slovenia, Finland and Sweden for failing to notify NIS2 full transposition.
Context and Next Steps
NIS2 aims to ensure a high level of cybersecurity in the EU, covers entities operating in critical sectors such as public electronic communications services, digital services.
Also ICT service management, wastewater and waste management, space, health, energy, transport, manufacturing of critical products, postal and courier services.
Plus public administration; transposition into national law was due on Oct. 17, 2024.
Full implementation is key to further improving resilience, incident response capacities of public and private entities operating in these critical sectors and EU as a whole.
EC issued reasoned opinion to 19 Member States, have 2 months to respond and act.
Otherwise, the EC may refer the cases to the Court of Justice of the European Union.
Effectiveness
Non-conforming Member States must notify implementing measures by Jul. 7, 2025.
Regulators
EU CMSN
Entity Types
Corp
Reference
PR 5/7/2025; NIS Dir 2016/1148; NIS2 Dir 2022/2555
