Explore How NIS2 Applies Across Europe by Country
Each EU Member State has its own approach to implementing the NIS2 Directive. Whether you operate in one or multiple EU markets, NIS Solutions helps you stay informed and compliant wherever you do business. Get a country-by-country view of NIS2 implementation. Learn which sectors are in scope, what deadlines apply, and who regulates compliance in each EU Member State. The NIS2 Directive impacts thousands of organizations across the EU. Our country-specific guides help you navigate local laws, identify competent authorities, and understand key differences between national implementations. Stay ahead of compliance requirements and ensure your operations meet NIS2 standards across Europe.
CALL US
COUNTRIES DIRECTORY
NIS2 Compliance Overview by Country
Browse our country-specific guides and resources to better understand how NIS2 is being implemented across the EU.
Bulgaria
See how Bulgaria is in the final stage of transposing NIS2, with a draft law adopted — learn which sectors will be covered, what changes to expect, and how to prepare now before the new rules become law.
Croatia
See how Croatia implemented NIS2 through its Cybersecurity Act and detailed Cybersecurity Regulation, which sectors are covered, and what essential and important entities must do to meet the country’s strict cybersecurity obligations.
Cyprus
See how Cyprus transposed NIS2 through Law 60(I)/2025, what role the Digital Security Authority (DSA) plays, which sectors are in scope, and how essential and important entities must adapt their cybersecurity and incident-reporting practices.
Czechia
Czechia has implemented NIS2 through the Cybersecurity Act No. 264/2025 Coll., expanding the scope of regulated entities and strengthening security, reporting, and governance requirements under NÚKIB supervision.
Estonia
Estonia has aligned its Cybersecurity Act with NIS2 in 2025, expanding the scope of regulated entities and strengthening security, reporting, and governance requirements under the Estonian Information System Authority (RIA).
France
France is transposing NIS2 through a new resilience and cybersecurity law led by ANSSI; the bill has been adopted by the National Assembly but final adoption and entry into force are still pending, so organisations should already start mapping their scope and preparing for upcoming NIS2 obligations.
Greece
Greece has fully implemented NIS2 through Law 5160/2024, bringing thousands of essential and important entities under the supervision of the National Cyber Security Authority (NCSA) and imposing strengthened security, registration and incident-reporting obligations.
Ireland
Ireland has not yet transposed NIS2 into national law; the National Cyber Security Bill 2024 will implement the Directive and establish a federated regime with the NCSC as lead competent authority, so organisations should already prepare based on NIS2 and draft NCSC guidance.
Latvia
Latvia has fully implemented NIS2 through the National Cybersecurity Law, in force since 1 September 2024, bringing thousands of essential and important entities under the supervision of the National Cyber Security Centre and CERT-LV with detailed minimum cybersecurity requirements.
Lithuania
Lithuania has fully implemented NIS2 through an amended Law on Cyber Security in force since 18 October 2024, with the National Cyber Security Centre (NCSC) supervising 8–10,000 essential and important “cybersecurity entities”.
Poland
Poland is still transposing NIS2 via an amendment to the Act on the National Cybersecurity System, with multiple drafts published and no law in force yet, so organisations should already prepare based on the Directive and the planned strict Polish sanctions and governance rules.
Portugal
Portugal has finally transposed NIS2 through Decree-Law 125/2025, creating the Regime Jurídico da Cibersegurança (RJC) with CNCS as the lead authority and a strict framework that will apply from 3 April 2026 to thousands of essential, important and relevant public entities.
