Skip to main content
European Commission logo
Shaping Europe’s digital future

NIS2 Directive transposition in EU countries

The Commission, together with European Union Agency for Network and Information Security, works closely with the Member States to ensure the transposition of the NIS2 Directive into national legislation.

The content represents a state-of-play based on information provided by Member States, and is without prejudice to the formal assessment of the compliance of transposition measures with the requirements of the NIS2 Directive.

On 7 May 2025 the European Commission sent a reasoned opinion to 19 Member States (Bulgaria, Czechia, Denmark, Germany, Estonia, Ireland, Spain, France, Cyprus, Latvia, Luxembourg, Hungary, the Netherlands, Austria, Poland, Portugal, Slovenia, Finland and Sweden) for failing to notify full transposition of the NIS2 Directive.  The 19 Member States have two months to respond and take the necessary measures. Otherwise, the Commission may decide to refer the cases to the Court of Justice of the European Union.

Flag of Austria

Austria

 Flag of Italy

Italy
Flag of Belgium

Belgium

 Flag of Latvia

Latvia
Flag of Bulgaria

Bulgaria

 Flag of Lithuania

 Lithuania
Flag of Croatia

Croatia

 Flag of Luxembourg

Luxembourg
Flag of Cyprus

Cyprus

 Flag of Malta

Malta
Flag of the Czech Republic

Czech Republic

 Flag of the Netherlands

Netherlands
Flag of Denmark

Denmark

 Flag of Poland

Poland
Flag of Estonia

Estonia

 Flag of Portugal

Portugal
Flag of Finland

Finland

 Flag of Romania

Romania
Flag of France

France

 Flag of Slovakia

Slovakia
Flag of Germany

Germany

 Flag of Slovenia

Slovenia
Flag of Greece

Greece

 Flag of Spain

Spain
Flag of Hungary

Hungary

 Flag of Sweden

Sweden
Flag of Ireland

Ireland

  

The EU Agency for Cybersecurity (ENISA) is supporting the EU Member States since 2012 to develop, implement and evaluate their National Cyber Security Strategies (NCSS). Since 2017, all EU Member States have published their own NCSS. This interactive map, published by ENISA, provides a comprehensive overview of all NCSS across the EU, including their strategic objectives, implementation measures, and good practices.

Latest News

BlueOLEx promotional visual, text "BlueOLEx, Assessing EU Crisis Management Skills, Cyprus, 4 November 2025" against white background.
  • Press release
  • 04 November 2025
Member States and Commission test collective cybersecurity crisis response

On 4 November 2025, senior cybersecurity officials from EU Member States and the Commission took part in the 2025 edition of the 'Blueprint Operational Level Exercise' (BlueOLEx), marking the first exercise since the adoption of the new EU Cyber Blueprint that clarifies roles and responsibilities in a crisis.

Browse Cybersecurity

Related Content

Big Picture

NIS2 Directive: securing network and information systems

The NIS2 Directive establishes a unified legal framework to uphold cybersecurity in 18 critical sectors across the EU. It also calls on Member States to define national cybersecurity strategies and collaborate with the EU for cross-border reaction and enforcement.

Dig deeper

Last update

1 July 2025

Print as PDF