NIS2 Directive

NIS2 Directive: EU Member States Transposition

The transposition of Directive (EU) 2022/2555 (“NIS2 Directive”) marks a fundamental step in strengthening the cybersecurity posture of the European Union. Each Member State has adopted its own regulatory approach, reflecting different legal traditions, supervisory models and national security priorities.

This section provides an overview of the countries that have formally implemented NIS2. For each State, a short descriptive sentence highlights the distinctive feature of its national transposition, followed by the official legislative source(s).

ICTLC NIS2 map

(Alphabetical order; only countries with confirmed formal transposition)

 

Belgium

Unique feature: Belgium adopted one of the most centralized NIS2 frameworks, strengthening the authority’s supervisory powers and imposing particularly strict technical requirements.

Official links:
https://ccb.belgium.be/regulation/nis2
https://www.ejustice.just.fgov.be/eli/arrete/2024/06/09/2024005260/justel

 

Croatia

Unique feature: Croatia implemented a highly prescriptive legislative system, expanding the scope of regulated entities and introducing detailed cybersecurity obligations.

Official links:
https://narodne-novine.nn.hr/clanci/sluzbeni/2024_02_14_254.html
https://narodne-novine.nn.hr/clanci/sluzbeni/2024_11_135_2217.html

 

Cyprus

Unique feature: Cyprus opted for an incremental update by amending existing NIS legislation rather than restructuring the national framework from scratch.

Official link:
https://www.cylaw.org/nomoi/arith/2025_1_060.pdf

 

Czechia

Unique feature: Czechia carried out a comprehensive reform, redesigning the entire national cybersecurity governance model and going beyond the directive’s minimum requirements.

Official links:
https://www.e-sbirka.cz/sb/2025/264/0000-00-00?zalozka=text
https://portal.nukib.gov.cz/pruvodce-novym-zakonem-o-kyberneticke-bezpecnosti

 

Denmark

Unique feature: Denmark adopted a lean and operational implementation focused on clarity, simplicity and rapid deployment for operators.

Official link:
https://www.retsinformation.dk/eli/lta/2025/434/pdf

 

Finland

Unique feature: Finland integrated NIS2 into a single, streamlined cybersecurity law aligned with its already advanced national risk management framework.

Official link:
https://valtioneuvosto.fi/paatokset/paatos?decisionId=3531

 

Greece

Unique feature: Greece followed a layered approach, combining the main transposition law with several technical implementing acts to ensure consistent enforcement.

Official links:
https://search.et.gr/el/fek/?fekId=774154
https://cyber.gov.gr/wp-content/uploads/2025/04/FEK_KYA_1645_2025_paratasi_ypvolis_stoixeiwn_ontotitwn.pdf
https://cyber.gov.gr/wp-content/uploads/2025/05/20250202186.pdf

 

Hungary

Unique feature: Hungary anticipated several NIS2 requirements early and adopted an exceptionally detailed framework with strict supervisory mechanisms.

Official links:
https://njt.hu/jogszabaly/2024-69-00-00
https://njt.hu/jogszabaly/en/2023-23-00-00

 

Italy

Unique feature: Italy implemented NIS2 through a comprehensive decree combining cybersecurity, business continuity, and supply-chain governance into a unified framework.

Official link:
https://www.gazzettaufficiale.it/eli/id/2024/10/01/24G00155/SG

 

Latvia

Unique feature: Latvia adopted a model based on mandatory minimum technical requirements and uniform standards for all regulated entities.

Official links:
https://likumi.lv/ta/id/361481-minimalas-kiberdrosibas-prasibas
https://www.vestnesis.lv/op/2024/128A.1

 

Lithuania

Unique feature: Lithuania implemented NIS2 through a dual-layer structure combining a main cybersecurity law with a highly detailed governmental decree.

Official link:
https://e-seimas.lrs.lt/portal/legalAct/lt/TAD/22f960219fff11ef9db2c9aaf9c67042?jfwid=l7s3186g7

 

Malta

Unique feature: Malta adopted a concise and straightforward legislative act designed for immediate and practical applicability by local operators.

Official link:
https://legislation.mt/eli/ln/2025/71/eng

 

Romania

Unique feature: Romania introduced a highly operational implementation with strong emphasis on incident reporting and an empowered national authority.

Official links:
https://www.dnsc.ro/vezi/document/oug-privind-transpunerea-directivei-nis-2
https://www.dnsc.ro/pagini/transparenta-decizionala

 

Slovakia

Unique feature: Slovakia adopted an extremely detailed and technically rigorous framework with precise criteria for classification and obligations of regulated entities.

Official link:
https://static.slov-lex.sk/pdf/SK/ZZ/2024/366/ZZ_2024_366_20250101.pdf

 

Slovenia

Unique feature: Slovenia followed a highly harmonised approach, mirroring the EU text almost verbatim and ensuring strong alignment with NIS2’s structure.

Official link:
https://www.uradni-list.si/glasilo-uradni-list-rs/vsebina/2025-01-1571

 

Disclaimer:
The information contained in this page is provided for general informational purposes only and should not be relied upon for legal or compliance decisions. For official guidance, always consult primary sources and the applicable national legislation.

All content has been prepared in good faith and to the best of our knowledge. References to third parties should not be interpreted as official statements made by the contributors. We assume no responsibility for any errors, omissions, or inaccuracies contained herein. Certain legal extracts have been simplified for ease of reading. Any actions taken based on the information in this document are undertaken strictly at your own risk.