The Directive (EU) 2022/2555, commonly known as NIS2 is a directive of the European Union aimed at protecting digital infrastructure, in particular critical infrastructure.
| European Union directive | |
 | |
| Title | DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 |
|---|---|
| Other legislation | |
| Replaces | NIS1 |
| Current legislation | |
It broadened the sectors covered by EU network and information security rules and updated incident reporting and oversight compared to the NIS1. Member States were required to transpose NIS2 by 17 October 2024, and the earlier NIS Directive was repealed on 18 October 2024.[1]
Only 23 Member States have fully implemented the measures contained with the NIS Directive. Infringement proceedings against them to enforce the Directive have not taken place, and they are not expected to take place in the near future.[2] This failed implementation has led to the fragmentation of cybersecurity capabilities across the EU, with differing standards, incident reporting requirements and enforcement requirements being implemented in different Member States.
From the EFTA countries (to April 2026) only Liechtenstein has fully transposed the NIS2 Directive. While the EFTA commission is conducting preparations to transpose the directive into its legislation.[3]
National implementations
editCzech Republic
editGermany
editIt is implemented through the Gesetz zur Umsetzung der NIS-2-Richtlinie und zur Regelung wesentlicher Grundzüge des Informationssicherheitsmanagements in der Bundesverwaltung.
Ireland
editIt is implemented through the National Cyber Security Bill.
The Netherlands
editIt is implemented through the Cyberbeveiligingswet (Cbw).
Slovakia
editSpain
editIts not implemented in Spain yet.
Sweden
editIt is implemented through Cybersäkerhetslag (2025:1506).
Further reading
edit- Kianpour, Mazaher; Earls Davis, Peter Alexander; Windekilde, Iwona Maria (2025-06-30). "Digital sovereignty in practice: analyzing the EU's NIS2 directive". International Journal of Information Security. 24 (4): 167. doi:10.1007/s10207-025-01090-4. ISSN 1615-5270.
- "NIS2 Directive in Sweden: A Report on the Readiness of Swedish Critical Infrastructure | springerprofessional.de". link.springer.com. Retrieved 2026-04-15.
References
edit- ↑ "NIS2 Directive: securing network and information systems". European Commission. 2025. Retrieved 25 October 2025.
- ↑ "NIS Implementation Tracker".
- ↑ "Factsheet - 32022L2555 | European Free Trade Association". www.efta.int. Retrieved 2026-04-27.
- ↑ Sedlák, Jan. "Regulace podle NIS2: Vyhlášky ke kyberzákonu byly zveřejněny. Trash talk pokračuje, nařízení vlády se zaseklo". Lupa.cz (in Czech). Retrieved 2026-04-26.
- ↑ "e-Sbírka". e-sbirka.gov.cz (in Czech). Retrieved 2026-04-26.
- ↑ Drtina, Martin. "Regulace podle NIS2: Slováci k zákazům dodavatele novelu kyberzákona nepotřebují". Lupa.cz (in Czech). Retrieved 2026-04-26.
- ↑ s.r.o, Tamatus. "NIS2 smernica – koho sa týka a ako sa pripraviť". www.predvolby.cz (in Slovak). Retrieved 2026-04-26.
External links
edit  | This article relating to European Union law is a stub. You can help Wikipedia by adding missing information. |