Five member states have not yet transposed the NIS2 directive, which aims to establish a high common level of cybersecurity across the EU.
The deadline for member states to adopt national legislation transposing the directive was 17 October 2024.
Of the five EU countries, four (France, Ireland, Luxembourg and Netherlands) have already submitted legislation to parliament. Spain is the only country which has not yet submitted a draft transposition law to parliament.
Scope
Region: Europe
Countries covered: 27 EU member states
Policy area: Cybersecurity, digital economy
Last updated: March 2026
For more information on the benchmark and Cullen International's complete NIS2 coverage, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.
more news
03 April 26
Spectrum policy and new consumer protection rules in the LATAM telecoms market
Cullen International’s latest LATAM Telecoms Update highlights policy developments over the past three months affecting the regulation of radio spectrum, wholesale networks and consumer protection in six markets in the region: Argentina, Brazil, Chile, Colombia, Mexico and Peru.
30 March 26
Transposition status of key EU environmental directives
Our latest benchmark contains summary information on the transposition status of six key EU environmental directives.
26 March 26
What are New Competition Tools and who wields them?
Our new benchmark surveys which European countries have introduced so-called new competition tools (NCTs), also known as market investigation powers. NCTs enable competition authorities to intervene in markets without establishing an infringement of antitrust rules.