Skip to content

NIS2 Implementation Deadline 31 July: Financial Institutions Face Fines Up to Ten Million Euro

The Point: Financial institutions must fully implement the NIS2 Directive by 31 July 2024, or face fines of up to ten million euro.

Financial institutions must implement the NIS2 Directive by 31 July 2024, otherwise fines of up to ten million euro threaten. The deadline is approaching and a large part of the affected companies have not yet completed their compliance measures.

The EU Directive NIS2 (Network and Information Security Directive 2) sets new minimum standards for the cybersecurity of operators of critical infrastructure and certain service providers. Financial institutions qualify as operators of critical infrastructure in the scope and must have implemented a series of mandatory measures.

The implementation deadline of 31 July 2024 is binding. Companies that do not implement the required technical and organizational measures by the deadline must expect significant administrative fines. Maximum fines are ten million euro or up to 2.2 per cent of global annual turnover – whichever is higher.

For CISOs, this means that the remaining time to implement critical requirements – such as establishing governance structures, documenting cybersecurity measures, reporting significant incidents, and implementing security testing – is limited. A compliance audit should verify what has been achieved before the deadline in order to identify and close any gaps.


Source: news.google.com · Published 7 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: