Romania: National Cyber Security Directorate's order on requirements regarding registration notification process and method of submitting information for essential and important entities enters into force

On 20 August 2025, the National Cyber Security Directorate (DNSC) Order No. 1/2025 for the approval of the requirements regarding the notification process for the registration of essential and important entities and the method of transmitting information entered into force. The order was adopted on the basis of Government Emergency Ordinance No. 155/2024 on establishing a framework for the cybersecurity of networks and information systems in the national civil cyberspace, approved with amendments by Law No. 124/2025, and Government Emergency Ordinance No. 104/2021 on the establishment of the National Cyber Security Directorate, approved with amendments by Law No. 11/2022, with subsequent amendments. The Government Emergency Ordinance transposes into national legislation the European Union Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive). The requirements proceduralise and standardise the notification process for registration in the register of entities identified as essential or important, establish the method of transmitting information, introduce the NIS2 Tool and the NIS2 Platform as mechanisms for evaluation and notification, and provide the structure of the notification form covering general data, specific data, specific situations, attached documents, preliminary assessment, and entity representation.