05 Sep 2024

The NIS2 Directive’s transposition: How do Member States make their critical infrastructure cybersecure?

Executive summary 

Europe’s critical infrastructure faces ever-increasing cyber threats. Examples of serious consequences are the Danish railways coming to a standstill in 2022, or the millions of Ukrainians being cut off from the internet in 2023.

To combat these threats, the revised Network and Information Security (NIS2) Directive was adopted in November 2022, and entered into force on 16 January 2023. This first horizontal cybersecurity legislation aims to increase the common level of cybersecurity of critical infrastructure in the EU.

Member States are required to transpose the NIS2 Directive into national law by 17 October 2024. This overview seeks to map the state of transposition across the EU27. Spoiler: The (draft) transposition laws that have been made available show that there is a risk of fragmentation across the EU, creating uncertainty and unnecessary burden for the industry on multiple fronts.

For more information, please contact:
Rita Jonušaitė
Senior Manager for Cybersecurity & Cloud
Sid Hollman
Policy Officer for Cybersecurity & Digital Infrastructure
Back to Cybersecurity & Digital Resilience
View the complete Response to Public Consultation
PDF
Our resources on Cybersecurity & Digital Resilience
13 Dec 2024 Policy Paper
Strengthening healthcare cybersecurity: Focus on implementation, not new legislation
11 Dec 2024 Position Paper
Recommendations on updated draft CRA standardisation request
14 Nov 2024 The Download
The Download - Taming the cyber storm whilst empowering European businesses to thrive
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.
Decline
Accept