Search for:

Jump straight to:

An unexpected error has occurred

Please enter a search term

Please select

What sectors are you interested in?

We can use your selection to show you more of the content that you’re interested in.

Want to speak to an advisor from your closest office?

Find other offices

Search for:

An unexpected error has occurred

Please enter a search term

Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

NIS2: EU chases 23 countries on cyber law implementation

10 Dec 2024, 4:46 pm

The European Commission has threatened 23 EU countries with potential fines over their failure to implement the Network and Information Security (NIS2) Directive into national laws.

Cyber law expert Stuart Davey of Pinsent Masons said the lack of national implementing legislation for NIS2 is hampering business efforts to comply with the new regime.

NIS2 builds on the original NIS directive which took effect in the EU in 2018 and imposes cybersecurity risk management and incident reporting obligations on in-scope organisations under a tiered system of regulation. EU member states had until 17 October 2024 to implement the directive into their national legislation, but only four met the deadline.

The Commission said it had opened “infringement procedures” against 23 states – including Germany, France, Spain, Ireland, the Netherlands and Luxembourg – “for failing to fully transpose the NIS2 Directive”.

“Full implementation of the legislation is key to further improving the resilience and incident response capacities of public and private entities operating in these critical sectors and the EU as a whole,” the Commission said. “The Commission is therefore sending letters of formal notice to the other 23 member states concerned that now have two months to respond and to complete their transposition and notify their measures to the Commission. In the absence of a satisfactory response, the Commission may decide to issue a reasoned opinion.”

The issuing of a reasoned opinion would represent the second stage in the Commission’s infringement procedure. A failure of a member state to act in accordance with a reasoned opinion can result in matters being escalated to the EU’s highest court. Continued non-compliance thereafter can result in fines being imposed.

“Because NIS2 is a directive, EU member states have latitude to determine how they wish to implement the directive’s requirements into their respective laws,” Davey said. “The lack of finalised legislation is currently creating uncertainty for organisations that consider themselves to be in scope of NIS2, in particular those multinational companies operating across various EU countries. It is hoped that this announcement from the Commission may prompt more member states to fully transpose NIS2.”

Contact an adviser

Andre Walter

Andre Walter

Legal Director

+31 20 7977 712
View Profile
Davey Stuart

Stuart Davey

Partner

+44 7585 996 312
View Profile

Latest News

Irish businesses urged to familiarise themselves with new Companies Act provisions now commenced

PODCAST: The dangers of forgetting the S in ESG; and Australia’s new cyber security law

Taking steps towards CS3D compliance: learning from the German Supply Chain Act

Corporate sustainability due diligence: penalties and enforcement under the CS3D

EU sustainability due diligence and reporting: how CS3D and CSRD inter-relate

Editor's Pick

Out-Law Analysis

EU cyber risk metaphor Card

NIS2 compliance hampered across EU as October deadline approaches

17 Sep 2024

You might also like

Out-Law News

King’s Speech: New laws will strengthen employee protections

New legislation will give employees greater protections, but the government must consider the implications of any new rights to ensure they do not cut across employers’ regulatory or other obligations, experts have said.

Employment & Reward

Out-Law News

FCA listing rules overhaul reduces regulatory burden on companies

New listing rules from UK regulator the Financial Conduct Authority (FCA) provide a much-needed boost to the UK capital markets, reducing the regulatory burden on listed companies with a new permissive disclosure-based approach, an expert has said.

Capital Markets

Out-Law Analysis

King’s Speech: changes afoot for UK’s financial services sector, further details awaited

The UK financial services sector awaits further detail on how the new Labour government is proposing to implement its manifesto and the extent to which their plans may drive change in the sector.

Financial Services Regulation

Trending topics across the site:

Out-Law Analysis

Pensions disputes: managing member expectations paramount

Show me more

Out-Law News

'Steps of court' settlement was not negligent, court rules

Show me more

Out-Law News

'World first' industrial decarbonisation strategy developed in the UK

Show me more

Out-Law Analysis

3D printing: UK product safety issues

Show me more

Out-Law News

5G potential for business highlighted in UK funding programme

Show me more

Out-Law Analysis

A global view of the law applicable to an arbitration agreement

Show me more

Out-Law News

Abu Dhabi Global Market opens consultation to update English law regulations

Show me more

Out-Law News

Advocate general: German credit agency scoring breaches GDPR

Show me more
We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.