Instant clarity. Zero complexity. Full control.
NIS2have removes the guesswork. We turn Europe’s NIS2 cyber regulation into a clear, seamless digital experience, from the initial assessment to ongoing compliance.Enabling a safer, more resilient digital Europe - together.
Subscribed
Thank you for signing up for NIS2have.You’re now on the list to receive early access to Europe’s most intuitive, AI-powered NIS2 assessment platform.
We’re currently finalizing the first experience - combining automated sector mapping, instant NIS2 classification, and clear, evidence-based guidance for your organization.We’ll reach out shortly.
NIS2 Legislation Status
The NIS2 Directive (EU 2022/2555) sets a stronger, EU-wide cybersecurity baseline for essential and important entities. It expands scope, raises security requirements, and introduces tighter incident-reporting and enforcement rules.Because it is a Directive, each Member State must implement it through national law, which has led to varying levels of strictness and different timelines across the EU.
| Country | Status / Key Facts | Strictness | In-force | Source |
|---|---|---|---|---|
| Austria | Draft implementation law “NISG 2026” introduced to Parliament on 20 Nov 2025 after a previous attempt failed in 2024; it modernizes Austria’s cybersecurity framework. | Baseline | Expected 2026 | bundeskanzleramt.gv.at |
| Belgium | NIS2 transposed via the Act of 26 April 2024; Royal Decree published; law effective by the EU deadline. | Baseline | 18 October 2024 | ccb.belgium.be |
| Bulgaria | Draft amendments to the Cybersecurity Act; first reading passed Feb 2025; second reading pending. | Baseline | Expected late 2025 / early 2026 | bnr.bg |
| Croatia | Cybersecurity Act adopted 26 Jan 2024 and published in Official Gazette No. 14/2024; replaces earlier NIS law. | Stricter | 15 February 2024 | narodne-novine.nn.hr |
| Cyprus | NIS2 transposed through amending Law 60(I)/2025; published on 25 April 2025. | Baseline | 25 April 2025 | dsa.cy |
| Czech Republic | New Cybersecurity Act No. 264/2025 Sb. published 4 August 2025; extends obligations incl. defence sector. | Stricter | 1 November 2025 | e-sbirka.cz |
| Denmark | Danish NIS2 Act adopted 29 April 2025; minimal implementation. | Baseline | 1 July 2025 | trafikstyrelsen.dk |
| Estonia | Draft amendments to the Cybersecurity Act prepared; implementation delayed. | Baseline | Expected 2025 | roedl.ee |
| Finland | Cybersecurity Act 124/2025 implements NIS2. | Baseline | 8 April 2025 | traficom.fi |
| France | “Resilience and Cybersecurity” bill in Parliament; scope expands massively. | Stricter | Expected 2026 | economie.gouv.fr |
| Germany | NIS2 implementation law passed in Nov 2025; extends BSIG and vendor controls. | Stricter | 6 December 2025 | bundesregierung.de |
| Greece | Law 5160/2024 published in the Government Gazette; updates Greek NIS framework. | Baseline | 17 December 2024 | nis2certification.eu |
| Hungary | Cybersecurity Act LXIX/2024 in force; expands sectors beyond NIS2 and strengthens audits. | Stricter | 1 January 2025 | veszpremikamara.hu |
| Ireland | National Cyber Security Bill in preparation; NIS2 implementation delayed. | Baseline | Expected late 2025 | ncsc.gov.ie |
| Italy | Legislative Decree 138/2024 issued 4 September 2024, implementing NIS2. | Baseline | 18 October 2024 | gtlaw.com |
| Latvia | National Cybersecurity Law adopted 20 June 2024, replacing the earlier NIS law. | Baseline | 1 September 2024 | ecs-org.eu |
| Lithuania | Amended Cybersecurity Law implementing NIS2; explicitly defines obligated entities. | Stricter | 18 October 2024 | nis2certification.eu |
| Luxembourg | Draft Cybersecurity Act under urgent parliamentary procedure. | Baseline | Expected 2025 | ezine.eversheds-sutherland.com |
| Malta | Subsidiary Legislation 460.41 (Legal Notice 71/2025) implementing NIS2. | Baseline | 8 April 2025 | dataguidance.com |
| Netherlands | Draft Cybersecurity Act published; institutional overhaul planned, adoption delayed. | Baseline | Expected mid-2026 | ezine.eversheds-sutherland.com |
| Poland | Amendment to the National Cybersecurity System Act under preparation; deadline missed. | Baseline | Expected in 2025 | copla.com |
| Portugal | Framework Law 59/2025 adopted to enable NIS2 implementation decree. | Baseline | Expected in 2026 | twobirds.com |
| Romania | Emergency Ordinance GEO 155/2024 transposes NIS2; later confirmed by Law 124/2025. | Baseline | 31December2024 | kinstellar.com |
| Slovakia | Amendment Act 366/2024 updates Cybersecurity Act to NIS2 standards. | Baseline | 1January2025 | pwc.com |
| Slovenia | New Information Security Act (ZInfV-1) adopted 23 May 2025, replacing 2018 law. | Baseline | 19June2025 | dataguidance.com |
| Spain | Draft Law on Cybersecurity Coordination and Governance approved Jan 2025; urgent procedure. | Baseline | Expected in 2025 | lawwwing.com |
| Sweden | Draft Cybersecurity Act published; transposition delayed beyond deadline. | Baseline | Expected mid-2025 | cdn.digitaleurope.org |
Imprint
Information pursuant to § 5 TMG (German Telemedia Act)
⸻
Website Operator:
David Steng
⸻
Responsible for Content pursuant to § 18 (2) MStV:
David Steng
71364 Winnenden, DE
[email protected]
⸻
Professional Disclaimer (No Legal, Compliance, or Consulting Advice)All information provided on this website, including assessments, analyses, and automated reports, is for informational purposes only. It does not constitute legal advice, compliance consulting, financial advice, or any form of binding assessment. No guarantee is given regarding compliance with the NIS2 Directive or other regulatory frameworks.
⸻
Liability for ContentsThe contents of these pages were created with care. However, we cannot guarantee the accuracy, completeness, or timeliness of the content. As a service provider, we are responsible for our own content on these pages under general laws (§ 7 para. 1 TMG). According to §§ 8–10 TMG, we are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information under general laws remain unaffected.
⸻
Liability for LinksOur website contains links to external third-party websites, over whose content we have no control. Therefore, we cannot assume any liability for such external content. The respective provider or operator of the linked pages is always responsible for the content. At the time of linking, the linked pages were checked for possible legal violations. Permanent monitoring of linked pages without concrete evidence of a violation is unreasonable. Upon becoming aware of legal violations, we will remove such links immediately.
⸻
Liability for External Data Sources & Automated ReportsOur analyses and NIS2-related reports rely exclusively on externally observable (“outside-in”) data collected from public or externally accessible sources. We do not assume any liability for the accuracy, completeness, or currency of such data or for conclusions drawn from it. Automatically generated reports may contain inaccuracies and shall not be relied upon as the sole basis for risk, security, or compliance decisions.
⸻
Technical Availability DisclaimerWe do not guarantee uninterrupted availability of the website or services. Liability for service interruptions, data access issues, or delays is excluded except in cases of intent or gross negligence.
⸻
CopyrightThe content and works on these pages created by the site operator are subject to German copyright law. Duplication, editing, distribution, or any form of commercialization of such material beyond the scope of copyright law requires written permission from the author or creator. Downloads and copies of these pages are permitted only for private, non-commercial use. Where content on this website was not created by the operator, third-party copyrights are respected and such content is marked accordingly. Should you notice a copyright infringement, please inform us. We will remove such content immediately if a legal violation becomes known.
⸻
Consumer Dispute Resolution Notice (VSBG)Our services are intended exclusively for business customers (B2B). We do not participate in dispute resolution procedures before a consumer arbitration board under the VSBG.
⸻
Applicable Law & JurisdictionGerman law applies. The place of jurisdiction, to the extent legally permissible, is Winnenden, Germany.
⸻
Security Contact (Responsible Disclosure)If you discover a security issue, vulnerability, or data protection concern related to this website or service, please notify us immediately at:
[email protected]
We will address reported issues promptly and responsibly.
Privacy Notice
We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR) and only to the extent necessary to provide and operate NIS2have.eu.1. Categories and purposes of data processing
We collect and process personal data provided by users (e.g., name, email address) solely for the following purposes:
– Operation of this website via Carrd.co
– Communication with users, including service-related messages, via our CRM provider Brevo.com
– Granting and managing access to our platform and related services
– Delivering information and materials explicitly requested by the user2. NIS2 Reports and data sources
The NIS2 reports generated by us are based exclusively on outside-in data that we collect, aggregate, and prepare from publicly accessible or externally observable sources. These reports do not rely on personal data provided by users, nor do they require internal company data.3. No legal advice or compliance guarantee
The analyses, assessments, and reports provided by NIS2have.eu do not constitute legal advice, consulting, or a compliance guarantee. They are informational tools based on the available external data and do not replace professional legal or compliance evaluation.4. Data recipients and third-country transfers
Personal data may be processed by our service providers Carrd.co (website hosting) and Brevo.com (CRM and communications). These processors act on the basis of data-processing agreements and implement appropriate safeguards in line with GDPR requirements. Transfers outside the EU/EEA, if applicable, occur only under valid legal mechanisms (e.g., adequacy decisions, standard contractual clauses).5. Storage periods
Personal data is stored only as long as necessary for the stated purposes or to comply with statutory retention requirements.6. Data subject rights (Art. 15–21 GDPR)
Users have the following rights regarding their personal data:
– Right of access (Art. 15)
– Right to rectification (Art. 16)
– Right to erasure (Art. 17)
– Right to restriction of processing (Art. 18)
– Right to data portability (Art. 20)
– Right to object (Art. 21)
– Right to withdraw consent at any time (Art. 7(3))
– Right to lodge a complaint with a supervisory authority (Art. 77)7. Contact for privacy matters
[email protected]
⸻
Security Contact (Responsible Disclosure)If you discover a security issue, vulnerability, or data protection concern related to this website or service, please notify us immediately at: [email protected]
We will address reported issues promptly and responsibly.