„We have reached the deadline for EU Member States to transpose NIS2 into national law on October 17, 2024, marking a significant milestone. According to the timeline set by the directive, all organizations that fall under NIS2 should have started complying with their obligations from now. However, many EU Member States have not yet fully incorporated the directive into their national laws.
To date, only Belgium, Croatia, Hungary, Lithuania, Latvia, and Italy are in an advanced state of adopting NIS2 into their national legislation. Companies in these countries must now comply with it. Other countries, including major ones like Germany and France, are expected to finalize their laws in the coming months. However, these transpositions will not be straightforward. As NIS2 is a Directive rather than a Regulation, there will be some differences across the member states, reflecting national specificities.
Despite these differences, the core principles of NIS2 remain consistent across the EU. Once the national laws are in place, all affected organizations must self-report to their national authorities confirming they fall under NIS2, implement risk management measures, and meet reporting requirements. ESET products can assist organizations not only with advanced protection and detection but also with reporting and compliance obligations.
It is crucial for organizations to start preparing now, even if their country hasn’t yet finalized the national law transposing the NIS2 rules. Once national legislation is in place, organizations will need to be fully compliant without delay.”
Andy Garth, ESET Government Affairs Director
