The NIS2 Directive, which aims to establish a high common level of cybersecurity across the EU, is being transposed at varying speeds and approaches by member states.
So far, 14 of the 27 EU countries have adopted national legislation to implement NIS2.
Cullen International’s assessment of 18 member states also reveals differences in how key aspects of the directive are being applied. For example, some countries (e.g. the Czech Republic and Spain) have expanded the scope of sectors covered by NIS2.
Additionally, the research identifies national authorities responsible for oversight, cybersecurity incident response, and coordination within the digital sectors.
For more information on the benchmark and Cullen International's complete NIS2 coverage, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.
more news
10 July 25
WhatsApp and other communication apps must allow legal interception in less than half of the EU countries
Our new pan-European benchmark examines national rules of lawful interception obligations for number-independent interpersonal communications service providers, such as WhatsApp.
09 July 25
Countries tighten IoT rules with new security, numbering and device measures
Our Quarterly Regulatory Update on IoT and M2M Services (Q2 2025) highlights how national regulators are shaping the future of IoT and M2M services in areas such as cross-border connectivity, device regulation, and security.
08 July 25
Copper decommissioning emerges as critical challenge in global transition to gigabit networks
Our latest Global Trends report examines how 15 major markets are approaching the transition from legacy copper infrastructure to future-proof gigabit networks.