13 EU member states miss NIS2 Directive deadline
17/04/2025 | EURACTIV
Over two years after the EU committed to strengthening cybersecurity requirements across 18 critical sectors, 13 member states have still not fully transposed (EU) 2022/2555 on Security of Network and Information Systems (NIS2 Directive) into their national laws, missing the compliance deadline of 17 October 2024 by six months.
EURACTIV reports that factors contributing to the delay include political instability, shortages of skilled cybersecurity professionals, and concerns about the potential costs of new cybersecurity requirements for businesses and their impact on competitiveness.
As of the latest report, only seven EU member states have fully adopted the directive, with another seven having done so partially. A European Commission spokesperson indicated that some countries only took action after receiving formal letters of notice from the Commission in November urging them to expedite the process. The failure of numerous member states to meet the deadline raises concerns about the EU's collective cybersecurity posture and its vulnerability to online threats.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 6,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.