EU-27: Cybersecurity measures in Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive)

Progress

Current status
in grace period
18 Oct 2024 in force
16 Jan 2023 in grace period
28 Nov 2022 adopted
10 Nov 2022 under deliberation
13 May 2022 under deliberation
16 Dec 2020 under deliberation

Scope

Implementers
Austria
Belgium
Bulgaria
Croatia
Cyprus
Czechia
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Malta
Netherlands
Poland
Portugal
Romania
Slovakia
Slovenia
Spain
Sweden
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Government Branch
legislature
executive
Government Body
parliament
central government
Implementation Level
supranational

Timeline of events

18 Oct 2024
in force

Implemented Network and Information Security Directive (NIS2) ensuring a higher level of cybersecurity

On 18 October 2024, the Network and Information Security Directive (NIS2) was implemented. The NIS2 aims to ensure a higher level of cybersecurity at the EU level by coordinating national approaches to and Governance of cybersecurity. The Member Sta…

Source
Event type law
Action type implementation
Government branch legislature
Government body parliament
16 Jan 2023
in grace period

Entry into force with grace period of Network and Information Security Directive (NIS2) to ensure a higher level of cybersecurity

On 16 January 2023, the Network and Information Security Directive (NIS2) enters into force with a grace period. The Member States are required to transpose the NIS 2 by 17 October 2024 and enforce the requirements from 18 October 2024. The NIS2 imp…

Source
Event type law
Action type in force with grace period
Government branch legislature
Government body parliament
28 Nov 2022
adopted

Adopted Network and Information Security Directive (NIS2) to ensure a higher level of cybersecurity by Council of European Union

On 28 November 2022, the Council of European Union adopted the Network and Information Security Directive (NIS2), which imposes cybersecurity obligations across sectors, including energy, transport, banking and finance, health, and providers of publ…

Source
Event type law
Action type adoption
Government branch legislature
Government body parliament
10 Nov 2022
under deliberation

Passed Network and Information Security Directive (NIS2) to ensure a higher level of cybersecurity by European Parliament

On 10 November 2022, the European Parliament passed the Network and Information Security Directive (NIS2). The sectors regulated include energy, transport, banking and finance, health, providers of public electronic communications networks and digit…

Source
Event type law
Action type passage
Government branch legislature
Government body parliament
13 May 2022
under deliberation

Reached provisional agreement on Network and Information Security Directive (NIS2) to ensure a higher level of cybersecurity between Council and the European Parliament

On 13 May 2022, the European Parliament and the Council of the European Union reached a political agreement on the Network and Information Security Directive (NIS2). The sectors regulated include energy, transport, banking and finance, health, provi…

Source
Event type law
Action type passage
Government branch legislature
Government body parliament
16 Dec 2020
under deliberation

Introduced Network and Information Security Directive (NIS2) including cybersecurity requirements

On 16 December 2020, the European Commission submitted the Proposal for a Directive of the European Parliament and the Council on measures for a high common level of cybersecurity in the Union, repealing EU Directive 2016/1148 (NIS1). The Proposal a…

Source
Event type law
Action type introduction
Government branch executive
Government body central government