The European Commission has initiated legal action against Ireland, Spain, France, and the Netherlands for not implementing the NIS2 Directive, which sets standards for cybersecurity across critical sectors. The action signals the EU's commitment to bolster cybersecurity, particularly as threats to infrastructure grow.
The European Commission has filed legal referrals with the Court of Justice of the European Union against four member states: Ireland, Spain, France, and the Netherlands. This action stems from their failure to transpose the NIS2 Directive into national law, which was due over 20 months ago.
The NIS2 Directive establishes minimum security requirements for a wide range of critical infrastructure sectors, including hospitals, energy networks, transport operators, and public administrations. It builds on the original Network and Information Security Directive from 2016 by extending its application to 18 sectors and introducing new risk management and incident reporting obligations.
The European Commission is seeking both a lump sum and daily financial penalties until the member states fulfill their legal obligations. However, it is common for states to adopt the necessary legislation during legal proceedings, often leading to the withdrawal of cases before a ruling is made.
The action is timely, as ENISA has reported thousands of cybersecurity incidents affecting the EU, with public administration being the most targeted sector. European officials have raised alarms about vulnerabilities in critical infrastructure, emphasizing the need for immediate compliance with NIS2 to mitigate risks.
NIS2 is part of a wider EU effort to enhance cybersecurity, which includes the forthcoming Cyber Resilience Act. This act will impose security requirements on connected devices and is linked to the incident response infrastructure that NIS2 establishes, marking a significant step in EU cybersecurity policy.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
The European Commission has initiated legal action against Ireland, Spain, France, and the Netherlands for not implementing the NIS2 Directive, which sets standards for cybersecurity across critical sectors. The action signals the EU's commitment to bolster cybersecurity, particularly as threats to infrastructure grow.