NIS2 Directive

From HandWiki
Short description: European Union directive
Directive 2022/2555
European Union directive
TitleDIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148
Other legislation
ReplacesNIS1
Current legislation

The Directive (EU) 2022/2555, commonly known as NIS2 is a directive of the European Union aimed at protecting digital infrastructure, in particular critical infrastructure.

It broadened the sectors covered by EU network and information security rules and updated incident reporting and oversight compared to the NIS1. Member States were required to transpose NIS2 by 17 October 2024, and the earlier NIS Directive was repealed on 18 October 2024.[1]

Only 23 Member States have fully implemented the measures contained with the NIS Directive. Infringement proceedings against them to enforce the Directive have not taken place, and they are not expected to take place in the near future.[2] This failed implementation has led to the fragmentation of cybersecurity capabilities across the EU, with differing standards, incident reporting requirements and enforcement requirements being implemented in different Member States.

From the EFTA countries (to April 2026) only Liechtenstein has fully transposed the NIS2 Directive. While the EFTA commission is conducting preparations to transpose the directive into its legislation.[3]

National implementations

Czech Republic

It is implemented through the Act No. 264/2025 Coll. also called Zákon o kybernetické bezpečnosti (Cybersecurity law) and through another five implementing regulations.[4] The transposing legislation came into force on November 1st, 2025.[5]

Germany

It is implemented through the Gesetz zur Umsetzung der NIS-2-Richtlinie und zur Regelung wesentlicher Grundzüge des Informationssicherheitsmanagements in der Bundesverwaltung.

Ireland

It is implemented through the National Cyber Security Bill.

The Netherlands

It is implemented through the Cyberbeveiligingswet (Cbw).

Slovakia

It is implemented through via an amendment of the Act No. 69/2018 Coll. also called Zákon o kybernetickej bezpečnosti a o zmene a doplnení niektorých zákonov (Law on Cybersecurity and change and amendment of certain laws).[6] It came into force on November 1st, 2025.[7]

Spain

It is implemented through the Esquema Nacional de Seguridad (ENS).

Further reading

References

  1. "NIS2 Directive: securing network and information systems". European Commission. 2025. https://digital-strategy.ec.europa.eu/en/policies/nis2-directive. 
  2. "NIS Implementation Tracker". https://www.digitaleurope.org/resources/nis-implementation-tracker/. 
  3. "Factsheet - 32022L2555 | European Free Trade Association" (in en). https://www.efta.int/eea-lex/32022l2555. 
  4. Sedlák, Jan. "Regulace podle NIS2: Vyhlášky ke kyberzákonu byly zveřejněny. Trash talk pokračuje, nařízení vlády se zaseklo" (in cs). https://www.lupa.cz/clanky/regulace-podle-nis2-vyhlasky-ke-kyberzakonu-byly-zverejneny-trash-talk-pokracuje-narizeni-vlady-se-zaseklo/. 
  5. "e-Sbírka" (in cs). https://e-sbirka.gov.cz/sb/2025/264?zalozka=text. 
  6. Drtina, Martin. "Regulace podle NIS2: Slováci k zákazům dodavatele novelu kyberzákona nepotřebují" (in cs). https://www.lupa.cz/clanky/regulace-podle-nis2-slovaci-k-zakazum-dodavatele-novelu-kyberzakona-nepotrebuji/. 
  7. s.r.o, Tamatus. "NIS2 smernica – koho sa týka a ako sa pripraviť" (in sk). https://www.predvolby.cz/inpage/nis2-povinnosti-2025-sk/. 



Retrieved from "https://handwiki.org/wiki/index.php?title=NIS2_Directive&oldid=4409893"