Bottom line: The EU launches infringement proceedings against France and Spain for failing to transpose the NIS2 Directive into national law after the transposition deadline expired.
The European Commission launches infringement proceedings against France and Spain because both countries failed to transpose the NIS2 Directive into national law on time. The deadline for implementing the Directive expired on 17 October 2024.
The European Commission has launched infringement proceedings against France and Spain, as they failed to transpose the Network and Information Systems Protection Directive (NIS2) into their national law within the prescribed deadline. Both Member States were required to complete the transposition by 17 October 2024 at the latest.
This proceeding is relevant for compliance officers because the NIS2 Directive imposes significant requirements on cybersecurity and operators of critical infrastructure. Countries that fail to transpose the Directive create legal uncertainty for companies within their jurisdiction and risk European sanctions. Particularly for internationally operating organizations active in France or Spain or processing data there, delayed national transpositions can lead to compliance conflicts.
For compliance teams, this means: monitor the development of these proceedings, as soon as national transposition laws are enacted, new reporting obligations, audits or certification requirements may arise at short notice. Previous NIS2 transpositions by other EU countries show that requirements are significantly stricter than its predecessor NIS1.
Source: news.google.com · Published 15 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.