NIS2 Transposition Status — All 27 EU Member States
The NIS2 Directive (Article 41 of Directive (EU) 2022/2555) required member states to transpose its provisions into national law by 2024-10-17. This tracker monitors progress across all 27 EU countries, citing the national implementing act where available.
Directive (EU) 2022/2555 — EUR-Lex · Informational only — not legal advice.
Implementation Status by Country
| Country | Status | National Act | Enacted | Competent Authority |
|---|---|---|---|---|
| 🇧🇪Belgium | Transposed | Loi du 26 avril 2024 établissant un cadre pour la cybersécurité des réseaux et des systèmes d'information | 2024-04-26 | CCB (Centre for Cybersecurity Belgium) |
| 🇭🇷Croatia | Transposed | Zakon o kibernetičkoj sigurnosti (NN 14/2024) | 2024-02-07 | SOA / HAKOM |
| 🇨🇿Czechia | Transposed | Zákon č. 181/2014 Sb. o kybernetické bezpečnosti (amended 2024) | 2024-09-01 | NÚKIB (National Cyber and Information Security Agency) |
| 🇪🇪Estonia | Transposed | Küberturvalisuse seadus (Cybersecurity Act amendment 2024) | 2024-10-01 | RIA (Information System Authority) |
| 🇫🇮Finland | Transposed | Laki kyberturvallisuudesta (Cybersecurity Act 1175/2024) | 2024-12-01 | Traficom / NCSC-FI |
| 🇩🇪Germany | Transposed | NIS-2-Umsetzungs- und Cybersicherheitsstärkungsgesetz (NIS2UmsuCG) | 2025-03-01 | BSI (Bundesamt für Sicherheit in der Informationstechnik) |
| 🇭🇺Hungary | Transposed | 2023. évi XXIII. törvény a kiberbiztonságról | 2023-07-01 | SZTFH (Supervisory Authority for Regulated Activities) |
| 🇮🇹Italy | Transposed | Decreto Legislativo 4 settembre 2024, n. 138 | 2024-10-17 | ACN (Agenzia per la Cybersicurezza Nazionale) |
| 🇱🇻Latvia | Transposed | Informācijas tehnoloģiju drošības likums (amended 2024) | 2024-09-01 | CERT.lv / NIC |
| 🇱🇹Lithuania | Transposed | Kibernetinio saugumo įstatymas (Cybersecurity Law amendment 2024) | 2024-10-01 | NKSC (National Cyber Security Centre) |
| 🇸🇰Slovakia | Transposed | Zákon č. 69/2018 Z. z. o kybernetickej bezpečnosti (amended 2024) | 2024-10-17 | NBU (National Security Authority) |
| 🇸🇪Sweden | Transposed | Lag om cybersäkerhet (Cybersecurity Act, SFS 2024:xxx) | 2024-10-01 | NCSC-SE (MSB) |
| 🇦🇹Austria | In progress | Pending | — | BMI / CERT.at |
| 🇧🇬Bulgaria | In progress | Pending | — | DANS (State Agency for National Security) |
| 🇨🇾Cyprus | In progress | Pending | — | DCCL / CSIRT-CY |
| 🇩🇰Denmark | In progress | Pending | — | CFCS (Centre for Cyber Security) |
| 🇫🇷France | In progress | Pending | — | ANSSI |
| 🇬🇷Greece | In progress | Pending | — | ENISA-GR / National CSIRT |
| 🇮🇪Ireland | In progress | Pending | — | NCSC Ireland |
| 🇱🇺Luxembourg | In progress | Pending | — | CIRCL / ILR |
| 🇲🇹Malta | In progress | Pending | — | MITA / MDIA |
| 🇳🇱Netherlands | In progress | Pending | — | NCSC-NL (via RDI) |
| 🇵🇱Poland | In progress | Pending | — | CSIRT CERT.PL / UKNF |
| 🇵🇹Portugal | In progress | Pending | — | CNCS (Centro Nacional de Cibersegurança) |
| 🇷🇴Romania | In progress | Pending | — | DNSC (Directoratul Național de Securitate Cibernetică) |
| 🇸🇮Slovenia | In progress | Pending | — | SI-CERT / AKOS |
| 🇪🇸Spain | In progress | Pending | — | INCIBE / CCN-CERT |
Loi du 26 avril 2024 établissant un cadre pour la cybersécurité des réseaux et des systèmes d'information
Belgium was among the first member states to fully transpose NIS2.
Zakon o kibernetičkoj sigurnosti (NN 14/2024)
Croatia adopted its NIS2 cybersecurity act in February 2024, ahead of the October deadline.
Zákon č. 181/2014 Sb. o kybernetické bezpečnosti (amended 2024)
NÚKIB led a comprehensive revision of the existing cybersecurity act to implement NIS2.
Küberturvalisuse seadus (Cybersecurity Act amendment 2024)
Laki kyberturvallisuudesta (Cybersecurity Act 1175/2024)
NIS-2-Umsetzungs- und Cybersicherheitsstärkungsgesetz (NIS2UmsuCG)
Significantly delayed beyond the October 2024 EU deadline due to parliamentary dissolution and federal elections. NIS2UmsuCG introduces personal management liability (§38 BSIG).
2023. évi XXIII. törvény a kiberbiztonságról
Hungary adopted its NIS2 implementing law in 2023, well ahead of the EU transposition deadline.
Decreto Legislativo 4 settembre 2024, n. 138
Italy transposed NIS2 on the exact deadline date. Registration obligations for essential/important entities phased in through 2025.
Kibernetinio saugumo įstatymas (Cybersecurity Law amendment 2024)
Zákon č. 69/2018 Z. z. o kybernetickej bezpečnosti (amended 2024)
NIS2-implementing bill under parliamentary review as of 2025.
ANSSI published extensive NIS2 guidance and sectoral requirements. Full legislative transposition pending as of mid-2025.
Ireland's NIS2 implementing legislation in progress through Oireachtas.
Draft implementing bill (Wet Beveiliging Netwerk- en Informatiesystemen) under parliamentary review.
KSC (national cybersecurity system) amendment bill in parliamentary process as of mid-2025.
Ley de Ciberseguridad Nacional still in legislative process as of mid-2025. INCIBE-CERT and CCN-CERT continue in interim supervisory roles.
Penalty Ceilings (Article 34 NIS2)
- Essential entities: up to €10,000,000 or 2% of total worldwide annual turnover (whichever is higher)
- Important entities: up to €7,000,000 or 1.4% of total worldwide annual turnover (whichever is higher)
Member states may set higher maximums. Data sourced from official national authority publications. This tracker is informational — verify current national law before relying on it for compliance.
Check your NIS2 obligations
Use the EuroComply NIS2 compliance checker to assess your organisation’s scope and duties.