NIS2 Implementation Timeline

Track the NIS2 Directive's implementation across EU member states and understand key compliance deadlines.

Check Your Status Back to NIS2 Overview

Current Status: NIS2 is in effect since October 18, 2024, but many member states are still implementing it. Check your country's status below.

Implementation Progress Across EU

9
Countries Completed
18
Countries In Progress
23
Infringement Procedures
19
Reasoned Opinions Issued

Official NIS2 Timeline

Key dates from directive adoption to full enforcement

legislative ✓ Completed

NIS2 Directive Adopted

European Parliament and Council adopt the NIS2 Directive

legislative ✓ Completed

NIS2 Enters into Force

Directive becomes legally binding for the EU

implementation ✓ Completed

Transposition Deadline

Member states must implement NIS2 into national law

enforcement ✓ Completed

NIS2 Takes Effect

Organizations must comply - only 4 countries ready on time

critical priority
enforcement ✓ Completed

EU Opens Infringement Procedures

23 Member States face proceedings for missing deadline

high priority
implementation ✓ Completed

Peer Review Methodologies

NIS Cooperation Group establishes review methods

implementation

Entity Lists Due

Member States must deliver lists of essential/important entities

high priority
enforcement ✓ Completed

EU Reasoned Opinions

19 Member States given 2 months to complete transposition

high priority
enforcement

Full Enforcement Expected

All member states expected to have enforcement frameworks operational

review

Three-Year Review Report

Commission evaluates NIS2 functioning and effectiveness

Member State Implementation Status

Track which countries have successfully transposed NIS2 into national law

Belgium
Complete
Completed: 4/26/2024
First to transpose
Italy
Complete
Completed: 10/16/2024
Legislative Decree No. 138
Lithuania
Complete
Completed: 10/17/2024
Met deadline
Latvia
Complete
Completed: 10/15/2024
On time
Hungary
Complete
Completed: 9/30/2024
Early completion
Croatia
Complete
Completed: 10/10/2024
Timely transposition
Malta
Complete
Completed: 1/15/2025
Late but completed
Luxembourg
Complete
Completed: 2/1/2025
Recently completed
Slovenia
Complete
Completed: 1/30/2025
Recently completed
Germany
Delayed
Expected late 2025/early 2026
France
In Progress
Under reasoned opinion procedure
Spain
In Progress
Working on transposition
Netherlands
In Progress
Delayed implementation
Poland
In Progress
In legislative process
Others
Various
15 countries still completing

What This Means for Organizations

Even if your country hasn't fully implemented NIS2 yet, the directive is in effect as of October 18, 2024. Organizations should start preparing now, as national authorities will eventually enforce requirements retroactively.

Your NIS2 Compliance Roadmap

What you should focus on during each implementation phase

1
Immediate (2024-2025)

Assess Your Status

Determine if NIS2 applies to your organization

  • Check if you're in a covered sector
  • Assess your organization size (medium/large)
  • Identify essential vs. important entity classification
  • Review national implementation in your country
2
Short-term (2025)

Implement Core Requirements

Start implementing mandatory cybersecurity measures

  • Conduct cybersecurity risk assessments
  • Implement basic cybersecurity measures
  • Establish incident response procedures
  • Set up governance and reporting structures
3
Medium-term (2025-2026)

Full Compliance Achievement

Complete all NIS2 requirements and prepare for audits

  • Complete cybersecurity strategy documentation
  • Implement advanced security measures
  • Prepare for national authority inspections
  • Establish ongoing compliance monitoring

EU Enforcement Actions

How the European Commission is ensuring member state compliance

November 28, 2024

Infringement Procedures Opened

European Commission initiated proceedings against 23 member states for failing to meet the transposition deadline.

May 7, 2025

Reasoned Opinions Issued

19 member states received reasoned opinions giving them 2 months to complete transposition or face EU Court proceedings.

What Happens Next?

For Member States:

  • • Must complete transposition within 2 months of reasoned opinion
  • • Risk European Court of Justice proceedings
  • • Potential daily fines until compliance achieved
  • • Must establish national enforcement authorities

For Organizations:

  • • Should prepare for compliance regardless of national status
  • • Monitor local implementation progress
  • • Start implementing cybersecurity measures now
  • • Expect retroactive enforcement once laws are in place

Implementation Examples

How leading countries have implemented NIS2

Belgium

First to transpose - April 26, 2024

  • • Established Centre for Cybersecurity Belgium as national authority
  • • Clear sector-specific guidance published
  • • Integrated with existing cybersecurity framework

Italy

Legislative Decree No. 138 - October 16, 2024

  • • CISA designated as national cybersecurity authority
  • • Comprehensive penalty framework established
  • • Industry consultation process completed

Germany

Significantly delayed - Expected late 2025/2026

  • • Political changes affecting legislative process
  • • Complex federal-state coordination required
  • • May be last EU country to implement

Don't Wait - Start NIS2 Compliance Now

Regardless of your country's implementation status, begin preparing for NIS2 requirements

🎯

Check Your Scope

Determine if NIS2 applies to your organization

Scope Assessment
🛡️

Start Risk Assessment

Begin cybersecurity risk evaluation

Compliance Guide
📋

Review Requirements

Understand NIS2 cybersecurity measures

View Requirements
👥

Get Expert Help

Consult with NIS2 specialists

Contact Us

Official Source

Directive (EU) 2022/2555 - NIS2 Directive

Measures for a high common level of cybersecurity across the Union - implementation timeline and member state obligations.

View on EUR-Lex

🤝 Still Feeling Overwhelmed?

EU cybersecurity laws can be complex. Our free tools and guides work great for most people, but if you're dealing with something particularly challenging or have tight deadlines, we're here to help.

Talk to an expert → or Browse all our free resources →