In a nutshell: The European Commission is suing four member states for failing to implement the NIS2 Directive and threatens them with financial penalties.
The European Commission is suing four member states for financial penalties because they failed to transpose the NIS2 Directive into national law within the prescribed deadline. This concerns cybersecurity requirements for critical infrastructure.
The European Commission has initiated an infringement procedure against four EU member states that have not timely transposed the NIS2 Directive (Network and Information Security Directive 2) into their national legal systems. This directive establishes cybersecurity standards and reporting obligations for operators of critical infrastructure and important digital services.
The affected countries must now respond to the Commission and submit an implementation plan. If they fail to comply with this request, they face penalties, the amount of which the Commission will determine later. The NIS2 Directive provided for a transposition deadline of October 2024.
For compliance officers, this means: the lack of national transposition in these countries creates temporary legal uncertainty for organisations operating there. However, they should work in parallel towards meeting the technical and organisational requirements of the directive in order to be prepared for subsequent transposition. The pressure on the non-compliant countries significantly increases the likelihood of prompt remediation.
Source: news.google.com · Published 11 July 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.3.