← All stories
● Covered by 1 source Β· 1 reportHigh impact

EU files court cases against four countries over cybersecurity law delays

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

The European Commission has initiated legal action against Ireland, Spain, France, and the Netherlands for not implementing the NIS2 Directive, which sets standards for cybersecurity across critical sectors. The action signals the EU's commitment to bolster cybersecurity, particularly as threats to infrastructure grow.

Key points

Legal Action Initiated

The European Commission has filed legal referrals with the Court of Justice of the European Union against four member states: Ireland, Spain, France, and the Netherlands. This action stems from their failure to transpose the NIS2 Directive into national law, which was due over 20 months ago.

Details of NIS2 Directive

The NIS2 Directive establishes minimum security requirements for a wide range of critical infrastructure sectors, including hospitals, energy networks, transport operators, and public administrations. It builds on the original Network and Information Security Directive from 2016 by extending its application to 18 sectors and introducing new risk management and incident reporting obligations.

Fines and Compliance History

The European Commission is seeking both a lump sum and daily financial penalties until the member states fulfill their legal obligations. However, it is common for states to adopt the necessary legislation during legal proceedings, often leading to the withdrawal of cases before a ruling is made.

Increasing Cybersecurity Threats

The action is timely, as ENISA has reported thousands of cybersecurity incidents affecting the EU, with public administration being the most targeted sector. European officials have raised alarms about vulnerabilities in critical infrastructure, emphasizing the need for immediate compliance with NIS2 to mitigate risks.

Broader Legislative Context

NIS2 is part of a wider EU effort to enhance cybersecurity, which includes the forthcoming Cyber Resilience Act. This act will impose security requirements on connected devices and is linked to the incident response infrastructure that NIS2 establishes, marking a significant step in EU cybersecurity policy.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

The European Commission has initiated legal action against Ireland, Spain, France, and the Netherlands for not implementing the NIS2 Directive, which sets standards for cybersecurity across critical sectors. The action signals the EU's commitment to bolster cybersecurity, particularly as threats to infrastructure grow.