In brief: Fewer than 15 percent of companies have implemented NIS2 by the regulatory deadline; most organizations are facing immediate risk of fines.
Only 14.3 percent of companies have fulfilled their NIS2 obligations, according to a current survey. For CISOs, this means considerable pressure to act before the remaining implementation deadlines.
According to a recent study, 14.3 percent of affected companies have fully implemented the requirements of the NIS2 Directive. This reveals a significant implementation deficit regarding regulatory compliance for the vast majority.
The EU NIS2 Directive mandates comprehensive IT security, incident response and governance rules for operators of essential entities and organizations of particular public importance. The deadline for national implementation ended on 17 October 2024, with compliance deadlines for operational measures ranging between mid-2024 and October 2025 depending on the member state.
For security leaders, this creates immediate need for action: without demonstrable implementation, substantial fines loom. CISOs must simultaneously advance gap analyses, revise policies, deploy technologies and train their teams.
The low percentage suggests that many organizations have not yet recognized that NIS2 is not an optional program but a mandatory compliance requirement with direct consequences for management.
Source: news.google.com · Published 11 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.