Cullen International is tracking the progress made by the 27 EU member states in transposing the directive on measures for a high common level of cybersecurity across the EU (NIS2). EU member states have until 17 October 2024 to transpose the NIS2, which replaces the existing NIS Directive.
After Croatia and Hungary, Belgium is the third country that transposed the NIS2 Directive into national law.
Moreover, draft transposition laws were published in most EU member states (17 in total), for example Germany, the Netherlands, Sweden. In Finland and Luxemburg, the draft laws were submitted to parliament.
The NIS2 sets out cybersecurity risk-management and reporting obligations for large and medium-sized entities operating in critical sectors in the EU (e.g. telecoms, cloud).
For more information on the benchmark and Cullen's complete NIS2 coverage, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.
more news
16 July 25
Over 50 cases and counting: a snapshot of European antitrust enforcement against big tech
Our latest Antitrust & Mergers report gives a snapshot of the 50+ antitrust cases that have been brought against big tech companies at the EU and national level.
16 July 25
CSRD: stop-the-clock directive transposition
Our latest benchmark tracks the progress of the Corporate Sustainability Reporting Directive transposition in the 27 EU member states.
14 July 25
How are EU member states transposing NIS2?
Our benchmark tracks the transposition status of the directive on measures for a high common level of cybersecurity across the EU (NIS2) in the 27 member states. 14 countries adopted national legislation to transpose NIS2.