What is the status of NIS2 around Europe?

We have revised the lists in this article to reflect the current status of NIS2 implementation in Europe based on the latest data from March 2026. Data is based on reports from The European Cybersecurity Organization (ECSO) and the NIS2 implementation tracker from Eversheds Sutherland.

Over the last few years, the NIS2 Directive has been a hot topic for many organizations. We have extensively covered it in articles, whitepapers, speaker slots at several events, and webinars in English and German.

The directive, which entered into force in October 2024, should be transposed into local law by then.

What happens now?

What does transposing into local law mean in practice, then? Put simply, it means that each country in the European Union has to adapt the NIS2 directive to fit local laws. 

A new report published by ABB indicates that not every country in the European Union is quite there yet, even though most are far along in the process. The report can be summarized into four categories: 

Countries that have already implemented NIS2 into local law
Countries that, for different reasons, are not quite there yet but are at an “advanced stage” of implementation.
Countries that are in an early stage of implementation.
Countries that are at the beginning of the process.

If you want to learn more about each country's details, we advise you to take a closer look at the ABB report linked above. However, to give you a quick overview of where EU countries stand on NIS2 implementation, we have compiled a short list.

The implementation of NIS2 in European countries

What does this mean for organizations?

If your organization is in a country where NIS2 has not yet been fully implemented, you cannot postpone your work to comply with the directive. If you fall within one of the categories affected by NIS2, you should have already started your compliance journey. If not, you risk losing business to compliant organizations and, in the worst case, being fined for non-compliance.

Adhering to NIS2 is not just about avoiding fines. It is also about increasing cybersecurity to prevent security incidents. If you avoid incidents, your clients perceive you as more serious and trustworthy, which can prevent bad press while growing your business.

How can Pointsharp help?

As a leading cybersecurity provider founded and based in Europe, Pointsharp is uniquely positioned to help you become compliant with the NIS2 directive. We have already helped numerous organizations comply with regulations such as NIS2, DORA, and GDPR, and have provided high-security solutions to large organizations in critical infrastructure for many years.

If you want to learn more, we have several whitepapers, ebooks, and webinars that cover all aspects of NIS2 and its benefits to your organization.

We can help you become compliant, no matter what infrastructure of solutions you already use today.

Talk to a local expert