NIS2 Directive
European Union directive
From Wikipedia, the free encyclopedia
The Directive (EU) 2022/2555, commonly known as NIS2 is a directive of the European Union aimed at protecting digital infrastructure, in particular critical infrastructure.
| European Union directive | |
 | |
| Other legislation | |
|---|---|
| Replaces | NIS1 |
| Current legislation | |
It broadened the sectors covered by EU network and information security rules and updated incident reporting and oversight compared to the NIS1. Member States were required to transpose NIS2 by 17 October 2024, and the earlier NIS Directive was repealed on 18 October 2024.[1]
Only 23 Member States have fully implemented the measures contained with the NIS Directive. Infringement proceedings against them to enforce the Directive have not taken place, and they are not expected to take place in the near future.[2] This failed implementation has led to the fragmentation of cybersecurity capabilities across the EU, with differing standards, incident reporting requirements and enforcement requirements being implemented in different Member States.
National implementations
Germany
It is implemented through the Gesetz zur Umsetzung der NIS-2-Richtlinie und zur Regelung wesentlicher Grundzüge des Informationssicherheitsmanagements in der Bundesverwaltung.
Ireland
It is implemented through the National Cyber Security Bill.
The Netherlands
It is implemented through the Cyberbeveiligingswet (Cbw).
Further reading
- Kianpour, Mazaher; Earls Davis, Peter Alexander; Windekilde, Iwona Maria (2025-06-30). "Digital sovereignty in practice: analyzing the EU's NIS2 directive". International Journal of Information Security. 24 (4): 167. doi:10.1007/s10207-025-01090-4. ISSN 1615-5270.
- "NIS2 Directive in Sweden: A Report on the Readiness of Swedish Critical Infrastructure | springerprofessional.de". link.springer.com. Retrieved 2026-04-15.
