NIS2 Directive Implementation State of Play: National Transposition, Entities Readiness Level, and Sectoral Applications

Despite the October 17, 2024 deadline, most EU member states have not yet transposed the NIS2 Directive into national law, prompting the European Commission to initiate infringement proceedings against 23 countries. We will take a look at the fragmented implementation which has created substantial operational challenges, particularly for organizations operating across borders. Member States have adopted varying approaches to entity classification, sector inclusion, and size-cap thresholds, while also implementing different incident reporting classification, compliance deadlines and referencing diverse international security frameworks. This will be followed by a closer examination of the main challenges and priorities facing organizations within the scope of the Directive, as well as their preparedness level.