0:00
0:00
EU Struggles to Execute Essential Cybersecurity Directives
Only seven of the twenty-seven EU nations have completely implemented the NIS2 directive, leading to infringement actions and urgent requests for adherence.
The European Commission has disclosed that only seven out of the twenty-seven EU member states have completely implemented the Network and Information Security Directive Two (NIS2) aimed at safeguarding critical entities, following an October deadline.
A representative of the Commission verified that Belgium, Italy, Croatia, Romania, Slovakia, Lithuania, and Greece have fully adopted the national regulations, while six other nations, including Latvia, Germany, Czechia, Austria, Denmark, and Poland, have only partially enforced the measures.
As of October, only Belgium and Croatia were prepared to enforce NIS2, which was sanctioned in 2022 to protect vital sectors such as energy, transport, banking, water, and digital infrastructures from significant cyber incidents.
During a discussion in the European Parliament in Strasbourg on Thursday, European Commissioner Glenn Micallef, in charge of intergenerational fairness, youth, culture, and sport, urged member states to accelerate the adoption of NIS2 as well as the Critical Entities Resilience Directive, which is designed to maintain the continuity of essential services during hybrid crises, including recent cyberattacks on undersea cables in the Baltic Sea.
Commissioner Micallef remarked that progress has been “still slow” and highlighted the necessity for immediate action.
In November, the Commission commenced infringement procedures by dispatching letters of formal notice to member states that did not comply with the deadline, providing these countries until late January to reply.
The Commission is currently evaluating these responses and may take additional steps.
The Dutch government, which did not meet the deadline, stated in a letter to parliament that the regulations are projected to be implemented in the third quarter of two thousand twenty-five.
The NIS2 directive, which updates the previous NIS1, seeks to tackle the evolving cybersecurity threat landscape amidst rising digitisation.
Under NIS2, organizations must issue a warning within twenty-four hours and file an incident report within seventy-two hours for any events leading to significant operational disruptions.
Failure to comply can lead to fines of up to ten million euros or two percent of global revenue, whichever amount is greater.
A representative of the Commission verified that Belgium, Italy, Croatia, Romania, Slovakia, Lithuania, and Greece have fully adopted the national regulations, while six other nations, including Latvia, Germany, Czechia, Austria, Denmark, and Poland, have only partially enforced the measures.
As of October, only Belgium and Croatia were prepared to enforce NIS2, which was sanctioned in 2022 to protect vital sectors such as energy, transport, banking, water, and digital infrastructures from significant cyber incidents.
During a discussion in the European Parliament in Strasbourg on Thursday, European Commissioner Glenn Micallef, in charge of intergenerational fairness, youth, culture, and sport, urged member states to accelerate the adoption of NIS2 as well as the Critical Entities Resilience Directive, which is designed to maintain the continuity of essential services during hybrid crises, including recent cyberattacks on undersea cables in the Baltic Sea.
Commissioner Micallef remarked that progress has been “still slow” and highlighted the necessity for immediate action.
In November, the Commission commenced infringement procedures by dispatching letters of formal notice to member states that did not comply with the deadline, providing these countries until late January to reply.
The Commission is currently evaluating these responses and may take additional steps.
The Dutch government, which did not meet the deadline, stated in a letter to parliament that the regulations are projected to be implemented in the third quarter of two thousand twenty-five.
The NIS2 directive, which updates the previous NIS1, seeks to tackle the evolving cybersecurity threat landscape amidst rising digitisation.
Under NIS2, organizations must issue a warning within twenty-four hours and file an incident report within seventy-two hours for any events leading to significant operational disruptions.
Failure to comply can lead to fines of up to ten million euros or two percent of global revenue, whichever amount is greater.
