EU-27: Data protection authority governance in Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive)

Progress

Current status
in grace period
18 Oct 2024 in force
16 Jan 2023 in grace period
28 Nov 2022 adopted
10 Nov 2022 under deliberation
13 May 2022 under deliberation
16 Dec 2020 under deliberation

Scope

Implementers
Austria
Belgium
Bulgaria
Croatia
Cyprus
Czechia
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Malta
Netherlands
Poland
Portugal
Romania
Slovakia
Slovenia
Spain
Sweden
Policy Area
Data governance
Policy Instrument
Data protection authority governance
Regulated Economic Activity
cross-cutting
Government Branch
legislature
executive
Government Body
parliament
central government
Implementation Level
supranational

Timeline of events

18 Oct 2024
in force

Implemented Network and Information Security Directive (NIS2) including data protection authority governance

On 18 October 2024, the Network and Information Security Directive (NIS2) was implemented. The NIS2 aims to ensure a higher level of cybersecurity at the EU level by coordinating national approaches to and Governance of cybersecurity. The Member Sta…

Source
Event type law
Action type implementation
Government branch legislature
Government body parliament
16 Jan 2023
in grace period

Entry into force with grace period of Network and Information Security Directive (NIS2) including data protection authority governance

On 16 January 2023, the Network and Information Security Directive (NIS2) enters into force with grace period. The member states are required to transpose and apply the requirements from 18 October 2024. The NIS2 aims to ensure a higher level of cyb…

Source
Event type law
Action type in force with grace period
Government branch legislature
Government body parliament
28 Nov 2022
adopted

Adopted Network and Information Security Directive (NIS2) including data protection authority governance by Council of the European Union

On 28 November 2022, the Council of the European Union adopted the Network and Information Security Directive (NIS2). The NIS2 aims to ensure a higher level of cybersecurity at the EU level by coordinating national approaches to and governance of cy…

Source
Event type law
Action type adoption
Government branch legislature
Government body parliament
10 Nov 2022
under deliberation

Passed Network and Information Security Directive (NIS2) including data protection authority governance by European Parliament

On 10 November 2022, the European Parliament passed the Network and Information Security Directive (NIS2). The NIS2 aims to ensure a higher level of cybersecurity at the EU level. It requires each member state to adopt a national security strategy a…

Source
Event type law
Action type passage
Government branch legislature
Government body parliament
13 May 2022
under deliberation

Reached provisional agreement on Network and Information Security Directive (NIS2) including data protection authority governance between Council and the European Parliament

On 13 May 2022, the European Parliament and the Council of the European Union reached a political agreement on the Network and Information Security Directive (NIS2). The NIS2 aims to ensure a higher level of cybersecurity at the EU level. It require…

Source
Event type law
Action type passage
Government branch legislature
Government body parliament
16 Dec 2020
under deliberation

Introduced Network and Information Security Directive (NIS2) including data protection authority governance

On 16 December 2020, the European Commission presented the Proposal for a Directive of the European Parliament and the Council on measures for a high common level of cybersecurity in the Union (NIS2), repealing EU Directive 2016/1148 (NIS1). The Pro…

Source
Event type law
Action type introduction
Government branch executive
Government body central government