0:00
0:00
EU Fails to Effectively Implement Essential Cybersecurity Directives
Only seven of the twenty-seven EU nations have completely implemented the NIS2 directive, leading to infringement procedures and urgent demands for adherence.
The European Commission has disclosed that just seven out of the twenty-seven EU member states have completely implemented the Network and Information Security Directive Two (NIS2), aimed at safeguarding critical entities, by the October deadline.
A representative from the Commission confirmed that Belgium, Italy, Croatia, Romania, Slovakia, Lithuania, and Greece have fully enacted the national regulations, whereas six other nations, including Latvia, Germany, Czechia, Austria, Denmark, and Poland, have only partially adopted the provisions.
In October, only Belgium and Croatia were prepared to enforce NIS2, which was ratified in 2022 to protect critical sectors like energy, transport, banking, water, and digital infrastructure from significant cyber threats.
During a discussion in the European Parliament in Strasbourg on Thursday, European Commissioner Glenn Micallef, who oversees intergenerational fairness, youth, culture, and sport, urged member states to accelerate the transposition of NIS2, along with the Critical Entities Resilience Directive, intended to maintain essential services during hybrid crises, including the recent cyberattacks on undersea cables in the Baltic Sea.
Commissioner Micallef remarked that progress has been "still slow" and stressed the necessity for immediate action.
In November, the Commission began infringement procedures by issuing formal notice letters to member states that failed to meet the deadline, allowing countries until late January to respond.
The Commission is currently evaluating these responses and may pursue further actions.
The Dutch government, which did not meet the deadline, indicated in a letter to parliament that the regulations are anticipated to come into effect in the third quarter of 2025.
The NIS2 directive, an update to the previous NIS1, is designed to tackle the evolving cybersecurity threats due to increased digitization.
Under NIS2, companies must issue a warning within twenty-four hours and file an incident report within seventy-two hours for any incidents causing significant operational disruptions.
Failure to comply can lead to fines of up to ten million euros or two percent of global revenue, whichever amount is greater.
A representative from the Commission confirmed that Belgium, Italy, Croatia, Romania, Slovakia, Lithuania, and Greece have fully enacted the national regulations, whereas six other nations, including Latvia, Germany, Czechia, Austria, Denmark, and Poland, have only partially adopted the provisions.
In October, only Belgium and Croatia were prepared to enforce NIS2, which was ratified in 2022 to protect critical sectors like energy, transport, banking, water, and digital infrastructure from significant cyber threats.
During a discussion in the European Parliament in Strasbourg on Thursday, European Commissioner Glenn Micallef, who oversees intergenerational fairness, youth, culture, and sport, urged member states to accelerate the transposition of NIS2, along with the Critical Entities Resilience Directive, intended to maintain essential services during hybrid crises, including the recent cyberattacks on undersea cables in the Baltic Sea.
Commissioner Micallef remarked that progress has been "still slow" and stressed the necessity for immediate action.
In November, the Commission began infringement procedures by issuing formal notice letters to member states that failed to meet the deadline, allowing countries until late January to respond.
The Commission is currently evaluating these responses and may pursue further actions.
The Dutch government, which did not meet the deadline, indicated in a letter to parliament that the regulations are anticipated to come into effect in the third quarter of 2025.
The NIS2 directive, an update to the previous NIS1, is designed to tackle the evolving cybersecurity threats due to increased digitization.
Under NIS2, companies must issue a warning within twenty-four hours and file an incident report within seventy-two hours for any incidents causing significant operational disruptions.
Failure to comply can lead to fines of up to ten million euros or two percent of global revenue, whichever amount is greater.
