The NIS2 Directive, which aims to establish a high common level of cybersecurity across the EU, is being transposed at varying speeds and approaches by EU member states.
Thus far, 15 of the 27 EU countries have adopted national legislation to implement NIS2.
Cullen International’s assessment of 18 member states also reveals differences in how key aspects of the directive are being transposed. For example, some countries (e.g. the Czech Republic and Spain) could expand the scope of sectors covered by NIS2.
In nine of the surveyed countries, the telecoms sector remains under the supervision of the national regulatory authority (NRA).
Additionally, the research identifies national authorities responsible for oversight, cybersecurity incident response, and coordination within the digital sectors.
For more information on the benchmark and Cullen International's complete NIS2 coverage, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.
more news
19 November 25
Latest update on telecoms regulation from the Middle East and North Africa
Our latest MENA Telecoms Update details the most significant regulatory developments taking place in the region between 12 August and 30 October 2025.
18 November 25
Cybersecurity strategies in the Americas focus on policy goals, with most not setting binding obligations
Our latest benchmark surveys main cybersecurity issues, including general policies and specific rules on critical infrastructure across the Americas.
14 November 25
Most European NRAs regulate wholesale access to fibre
Our latest pan-European benchmark provides an overview of the market definition of M1/2020 and the remedies imposed on fibre unbundling and VULA over fibre, the wholesale prices for fibre unbundling at the optical distribution frame and for VULA over fibre.