In a nutshell: Only a minority of 14 percent of companies has fully implemented NIS2 requirements to date.
A current survey shows that only 14 percent of companies fully meet the requirements of the NIS2 Directive. This highlights a significant implementation gap in European cybersecurity regulation.
According to available data, currently only 14 percent of companies meet all provisions of the NIS2 Directive (Directive on measures for a high common level of cybersecurity). This indicates a broad implementation gap that poses relevant risks, particularly for critical infrastructures and important services.
The EU’s NIS2 Directive establishes minimum standards for cybersecurity management, incident reporting, and organizational measures. It obligates operators of critical infrastructures and providers of important services to maintain documented security processes, conduct regular reviews, and comply with incident reporting requirements in the event of security breaches.
The low compliance rate has immediate consequences: a large portion of affected organizations risks regulatory fines and faces elevated operational risks. For CISOs, this means that in addition to ongoing cybersecurity challenges, significant efforts in governance, documentation, and audit readiness are required. The gap between requirements and implementation is likely to widen as long as investments in compliance infrastructure remain outstanding.
Source: news.google.com · Published 17 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.