The NIS2 Directive, which aims to establish a high common level of cybersecurity across the EU, is being transposed at varying speeds and approaches by EU member states.
Thus far, 15 of the 27 EU countries have adopted national legislation to implement NIS2.
Cullen International’s assessment of 18 member states also reveals differences in how key aspects of the directive are being transposed. For example, some countries (e.g. the Czech Republic and Spain) could expand the scope of sectors covered by NIS2.
In nine of the surveyed countries, the telecoms sector remains under the supervision of the national regulatory authority (NRA).
Additionally, the research identifies national authorities responsible for oversight, cybersecurity incident response, and coordination within the digital sectors.
For more information on the benchmark and Cullen International's complete NIS2 coverage, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.
more news
23 October 25
Update on 5G security measures across Europe
Our latest research provides a summary of key developments since June 2025 on national 5G security initiatives in the 27 EU member states, Norway, Switzerland, and the UK.
22 October 25
To Space and beyond – part II: Regulating and licensing the terrestrial part of satellite systems in the Americas
Our new satellite benchmark on requirements for fixed earth stations licensing in the Americas summarises the key regulatory procedures and identifies the relevant government authorities.
22 October 25
To Space and beyond – part I: satellite service regulation in the Americas
Our latest benchmark covers initiatives and general regulation on satellite services in 11 countries in the Americas. The research specifies the spectrum bands allocated to satellite services and whether operators must obtain a licence or register with authorities. Also including spectrum fees, when it applies.