National Transposition Measures

This table displays the 27 Member States of the European Union plus the United Kingdom and allows you to click on a country in order to access its relevant transposition measures. The national transposition measures are presented in the form they were formally notified by the respective Member State to the European Commission. In some instances, only those legal instruments are presented that are of relevance for NIS security as such; thus, amendments to, for instance, criminal procedure law with no specific mentioning of the requirements of the NIS Directive have been omitted. In due course, the table will be amended by English translations of selected legal acts as commissioned in the framework of the EnCaViBS project to allow for a comparative analysis. The selection is based on the relevance for the EnCaViBS project and represents a variety of approaches. With regard to quick access to the relevant sections, some translations leave out sections that are irrelevant for our project. Nevertheless, the original national act is uploaded in its entirety so that native speakers are able to consider the measure in its legal context. The collection of national acts was retrieved from publicly available databases primarily from the national governments’ official gazettes. We are thankful for comments and corrections.

National transposition (in Original Language)	National transposition (in Translation)
1. Loi du 7 avril 2019 établissant un cadre pour la sécurité des réseaux et des systèmes d'information d'intérêt général pour la sécurité publique	1. Law of 7 April 2019 Establishing a Framework for the Security of Network and Information Systems of General Interest for Public Security
2. Arrêté royal portant exécution de la loi du 7 avril 2019 établissant un cadre pour la sécurité des réseaux et des systèmes d'information d'intérêt général pour la sécurité publique, ainsi que de la loi du 1er juillet 2011 relative à la sécurité et la protection des infrastructures critiques	2. Royal Decree of 12 July 2019 Implementing the Law of 7 April 2019 Establishing a Framework for the Security of Network and Information Systems of General Interest for Public Security, as well as the Law of 1 July 2011 on the Security and Protection of Critical Infrastructures

National transposition (in Original Language)	National transposition (in Translation)
1. Zakon o kibernetičkoj sigurnosti operatora ključnih usluga i davatelja digitalnih usluga	Cybersecurity law for operators of essential services and digital service providers
2. Uredba o kibernetičkoj sigurnosti operatora ključnih usluga i davatelja digitalnih usluga	Regulation on cybersecurity of operators of essential services and digital service providers

Most relevant national transposition measures (in Original Language)	National transposition (in Translation)
1. Zákon č. 205/2017 Sb., kterým se mění zákon č. 181/2014 Sb., o kybernetické bezpečnosti a o změně souvisejících zákonů (zákon o kybernetické bezpečnosti), ve znění zákona č. 104/2017 Sb., a některé další zákony	Act No 205/2017 amending Act No 181/2014 on cybersecurity and amending related acts (the Cybersecurity Act), as amended by Act No 104/2017 and certain other acts
2. Vyhláška č. 437/2017 Sb., o kritériích pro určení provozovatele základní služby	Decree No 437/2017 on the criteria for determining the operator of a basic service
3. Vyhláška č. 82/2018 Sb. Vyhláška o bezpečnostních opatřeních, kybernetických bezpečnostních incidentech, reaktivních opatřeních, náležitostech podání v oblasti kybernetické bezpečnosti a likvidaci dat (vyhláška o kybernetické bezpečnosti)	Decree No 82/2018 Coll. on security measures, cybersecurity incidents, reactive measures, cybersecurity filings and destruction of data (Cybersecurity Decree)

National transposition (in Original Language)	National transposition (in Translation)
1.Lov om sikkerhed i net- og informationssystemer for operatører af væsentlige internetudvekslingspunkter m.v.	Act on the security of network and information systems for operators of essential Internet exchange points, etc.
2. Lov om krav til sikkerhed for net- og informationssystemer inden for sundhedssektoren.	Act on requirements for the security of network and information systems in the health sector
3. Bekendtgørelse om krav til sikkerheden i visse vandforsyningers net og informationssystemer.	Order on requirements for the security of network and information systems of certain water supplies
4. Lov om sikkerhed i net- og informationssystemer i transportsektoren	Law on the security of network and information systems in the transport sector
5. Bekendtgørelse om operatører af væsentlige tjenester.	Order on operators of essential services
6. Bekendtgørelse om hændelsesrapportering for operatører af væsentlige tjenester.	Order on incident reporting for operators of essential services
7. Bekendtgørelse om sikkerhed i net- og informationssystemer for operatører af væsentlige tjenester på domænenavnsområdet.	Order on the security of network and information systems for operators of essential services in the domain name area
8. Bekendtgørelse om sikkerhed i net- og informationssystemer af betydning for skibes sikkerhed og deres sejlads.	Order No 46 of 15 January 2019 on the security of network and information systems of importance for ship safety and navigation

National transposition (in Original Language)	National transposition (in Translation)
1. Laki terveydenhuollon laitteista ja tarvikkeista / Lag om produkter och utrustning för hälso- och sjukvård (629/2010) 24/06/2010, viimeksi muutettuna / ändring senast genom (936/2017) 19/12/2017	Act on Healthcare Equipment and Equipment (Lag om produkter och utrustning för hälso- och Sjukvård (629/2010) 24/06/2010, as last amended/ändring senast genom (936/2017) 19/12/2017
2. Laki sähköisen viestinnän palveluista / Lag om tjänster inom elektronisk kommunikation (917/2014) 07/11/2014, viimeksi muutettuna / ändring senast genom (281/2018) 04/05/2018	Act on Electronic Communications Services/Lag om tjänster inom elektronisk kommunikation (917/2014) 07/11/2014, as last amended/ändring senast genom (281/2018) 04/05/2018

National Transposition Measures

Archives

Categories

Meta

Archives

Categories

Meta

Archives

Categories

Meta

Archives

Categories

Meta

National transposition (in Original Language)	National transposition (in Translation)
1. LOI n° 2018-133 du 26 février 2018 portant diverses dispositions d'adaptation au droit de l'Union européenne dans le domaine de la sécurité.	1. Act No. 2018-133 of 26 February 2018 on various provisions for adapting to European Union law in the field of security
2.Décret n° 2018-384 du 23 mai 2018 relatif à la sécurité des réseaux et systèmes d'information des opérateurs de services essentiels et des fournisseurs de service numérique	2. Decree No. 2018-384 of 23 May 2018 on the security of the networks and information systems of critical service operators and digital service providers
3. Arrêté du 13 juin 2018 fixant les modalités des déclarations prévues aux articles 8, 11 et 20 du décret no 2018-384 du 23 mai 2018 relatif à la sécurité des réseaux et systèmes d’information des opérateurs de services essentiels et des fournisseurs de service numérique	3. Order of 13 June 2018 setting out the terms and conditions for the declarations provided for in Articles 8, 11 and 20 of Decree No. 2018-384 of 23 May 2018 on the security of the networks and information systems of essential service operators and digital service providers
4. Arrêté du 14 septembre 2018 fixant les règles de sécurité et les délais mentionnés à l'article 10 du décret n° 2018-384 du 23 mai 2018 relatif à la sécurité des réseaux et systèmes d'information des opérateurs de services essentiels et des fournisseurs de service numérique	4. Order of 14 September 2018 setting out the security rules and time frames referred to in Article 10 of Decree No. 2018-384 of 23 May 2018 on the security of networks and information systems of operators of critical services and digital service providers

National transposition (in Original Language)	National transposition (in Translation)
1. Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme (IT-Sicherheitsgesetz)	1. Act on improving the security of information technology systems (IT Security Act) For a consolidated version of the German BSI Act, which implements major parts of the NIS Directive see Germany_BSI_Act_engl.
2. Verordnung zur Bestimmung Kritischer Infrastrukturen nach dem BSI-Gesetz (BSI-Kritisverordnung – BSI-KritisV)	2. Regulation for Determining Critical Infrastructures Pursuant to the BSI Act (BSI Act Crisis Regulation - BSI CrisisV)
3. Erste Verordnung zur Änderung der BSI-Kritisverordnung	3. First regulation amending the BSI-Kritisverordnung
4. Gesetz zur Umsetzung der Richtlinie (EU)2016/1148 des Europäischen Parlaments und des Rates vom 6. Juli 2016 über Maßnahmen zur Gewährleistung eines hohen gemeinsamen Sicherheitsniveaus von Netz- und Informationssystemen in der Union	4. Law implementing Directive (EU)2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union

National transposition (in Original Language)	National transposition (in Translation)
1. Az infokommunikációs technológiák ágazathoz kapcsolódó létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelméről szóló 249/2017. (IX. 5.) Korm. rendelet	Government Decree No 249/2017 on the identification, designation and protection of critical systems and facilities related to the ICT sector (IX. 5.) Government Decree
2. A belügyi feladatokat érintő és más kapcsolódó törvények módosításáról szóló 2017. évi CXXXIV. törvénnyel összefüggő Korm. rendeletek módosításáról szóló 394/2017. (XII. 13.) Korm. rendelet	Government decrees amending Act CXXXIV of 2017 amending Act CXXXIV of 394 on the amendment of domestic tasks and other related acts (XII. 13.) Government Decree
3. A bejelentés-köteles szolgáltatást nyújtókról szóló 410/2017. (XII. 15.) Korm. rendelet	Government Decree No 410/2017 on service providers subject to notification (XII. 15.) Government Decree
4. Az állami és önkormányzati szervek elektronikus információbiztonságáról szóló 2013. évi L. törvényben meghatározott technológiai biztonsági, valamint a biztonságos információs eszközökre, termékekre, továbbá a biztonsági osztályba és biztonsági szintbe sorolásra vonatkozó követelményekről szóló 41/2015. (VII. 15.) BM rendelet	On the technological security requirements laid down in Act L of 2013 on the security of electronic information of state and local government bodies and on the requirements for secure information devices and products, as well as the security class and security level classification, (VII. 15.) BM Decree
A Kormány 270/2018. (XII. 20.) Korm. rendelete az információs társadalommal összefüggő szolgáltatások elektronikus információbiztonságának felügyeletéről és a biztonsági eseményekkel kapcsolatos eljárásrendről	Government Decree 270/2018. (XII. 20.) Government Decree on the supervision of the electronic information security of information society services and the procedure for security incidents
6. A Kormány 271/2018. (XII. 20.) Korm. rendelete az eseménykezelő központok feladat- és hatásköréről, valamint a biztonsági események kezelésének és műszaki vizsgálatának, továbbá a sérülékenységvizsgálat lefolytatásának szabályairól	Government Decree 271/2018. (XII. 20.) Government Decree No/on the functions and powers of incident management centres and the rules on the management and technical investigation of security incidents and the conduct of vulnerability assessments
7. A Kormány 648/2020. (XII. 23.) Korm. rendelete egyes, az egészségügyi beszerzésekkel kapcsolatos kormányrendeletek módosításáról	Government 648/2020. (XII. 23.) on the amendment of certain government decrees related to health procurement
8. A Kormány 161/2019. (VII. 4.) Korm. rendelete a közlekedési létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelméről	Government Decree 161/2019. (VII. 4.) on the identification, designation and protection of vital transport systems and facilities
9. A Kormány 374/2020. (VII. 30.) Korm. rendelete az energetikai létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelméről	Government Decree 374/2020. (VII. 30.) Government Decree on the identification, designation and protection of vital energy systems and facilities
10. A Kormány 375/2020. (VII. 30.) Korm. rendelete egyes kiberbiztonsági tárgyú és egyéb kormányrendeletek módosításáról	Government Decree 375/2020. (VII. 30.) Government Decree amending certain government decrees on cybersecurity and other government decrees
11. A Kormány 94/2020. (IV. 7.) Korm. rendelete a létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelméről szóló 2012. évi CLXVI. törvény végrehajtásáról szóló 65/2013. (III. 8.) Korm. rendelet módosításáról	Government Decree 94/2020. (IV. 7.) Government Decree No/on the identification, designation and protection of vital systems and facilities Government Decree No 65/2013 of 2012 on the implementation of Act CLXVI of (III. 8.) amending Government Decree No.

National transposition (in Original Language)	National transposition (in Translation)
1. Informācijas tehnoloģiju drošības likums	Law on Information Technology Security
2. Ministru kabineta 2015.gada 28.jūlija noteikumi Nr.442 "Kārtība, kādā tiek nodrošināta informācijas un komunikācijas tehnoloģiju sistēmu atbilstība minimālajām drošības prasībām"	Cabinet Regulation No 442 of 28 July 2015 on procedures for ensuring compliance of information and communication technology systems with minimum security requirements
3. Finanšu un kapitāla tirgus komisijas 2018. gada 26. septembra noteikumi Nr. 158 "Informācijas sistēmu drošības normatīvie noteikumi"	Financial and Capital Market Commission Regulation No 158 of 26 September 2018 “Regulatory Regulations on Information System Security”
4. Finanšu un kapitāla tirgus komisijas 2018. gada 26. septembra noteikumi Nr. 157 "Normatīvie noteikumi par ziņošanu par būtiskiem maksājumu pakalpojumu incidentiem"	Financial and Capital Market Commission Regulation No 157 of 26 September 2018 “Regulatory provisions on reporting significant payment service incidents”
5. Informācijas tehnoloģiju drošības likums	Law on Information Technology Security
6. Ministru kabineta 2019.gada 15.janvāra noteikumi Nr.15 "Noteikumi par drošības incidenta būtiskuma kritērijiem, informēšanas kārtību un ziņojuma saturu"	Cabinet Regulation No 15 of 15 January 2019 laying down the criteria for materiality of a security incident, the information procedure and the content of the report.

National transposition (in Original Language)	National transposition (in Translation)
1. Lietuvos Respublikos asmens duomenų teisinės apsaugos įstatymas Nr. I-1374 (Suvestinė redakcija nuo 2017-01-01)	Law of the Republic of Lithuania No I-1374 on the legal protection of personal data (consolidated version from 2017-01-01)
2. Lietuvos Respublikos kibernetinio saugumo įstatymo Nr. XII-1428 pakeitimo įstatymas Nr. X	Law No XII-1428 amending the Law on Cybersecurity of the Republic of Lithuania No XIII-1299
3. Lietuvos Respublikos Vyriausybės 2018 m. rugpjūčio 13 d. nutarimas Nr. 818 "Dėl Nacionalinės kibernetinio saugumo strategijos patvirtinimo	Resolution No 818 of the Government of the Republic of Lithuania of 13 August 2018 approving the National Cyber Security Strategy

National transposition (in Original Language)	National transposition (in Translation)
1. Besluit van 30 oktober 2018 tot aanwijzing van het CSIRT voor digitale diensten en tot vaststelling van het tijdstip van inwerkingtreding van de Wet en het Besluit beveiliging netwerk- en informatiesystemen	Decree of 30 October 2018 designating the CSIRT for digital services and fixing the date of entry into force of the Act and the Decree on security of network and information systems
2. Besluit beveiliging netwerk- en informatiesystemen	Decision dated 30 October 2018, concerning the rules related to the execution of the Network and Information Systems Act (Network and Information Systems Directive)
3. Wet van 17 oktober 2018, houdende regels ter implementatie van richtlijn (EU) 2016/1148 (Wet beveiliging netwerk- en informatiesystemen)	Act of 17 October 2018 laying down rules for the implementation of Directive (EU) 2016/1148 (Network and Information Systems Security Act)

National transposition (in Original Language)	National transposition (in Translation)
1. Ustawa z dnia 5 lipca 2018 r.o krajowym systemie cyberbezpieczeństwa	National Cybersecurity Act of 5 July 2018
2. Rozporządzenie Rady Ministrów z dnia 11 września 2018 r. w sprawie wykazu usług kluczowych oraz progów istotności skutku zakłócającego incydentu dla świadczenia usług kluczowych	Regulation of the Council of Ministers of 11 September 2018 on the list of essential services and the material thresholds of disruptive effect of an incident for the provision of essential services
3. Rozporządzenie Rady Ministrów z dnia 31 października 2018 r. w sprawie progów uznania incydentu za poważny	Regulation of the Council of Ministers of 31 October 2018 on the thresholds for considering an incident as serious
4. Uchwała nr 125 Rady Ministrów z dnia 22 października 2019 r. w sprawie Strategii Cyberbezpieczeństwa Rzeczypospolitej Polskiej na lata 2019-2024	Resolution No. 125 of the Council of Ministers of 22 October 2019 on the cybersecurity strategy of the Republic of Poland 2019-2024

National transposition (in Original Language)	National transposition (in Translation)
1. Legea nr. 362/2018 privind asigurarea unui nivel comun ridicat de securitate a reţelelor şi sistemelor informatice	Law no. 362/2018 ensuring a high common level of security of network and information systems
2. Ordin nr. 599/2019 al ministrului comunicaţiilor şi societăţii informaţionale privind aprobarea Normelor metodologice de identificare a operatorilor de servicii esenţiale şi furnizorilor de servicii digitale	Order no. 599/2019 of the Minister of Communications and Information Society approving the methodological rules for the identification of operators of essential services and digital service providers
3. Ordin nr. 601/2019 al ministrului comunicaţiilor şi societăţii informaţionale pentru aprobarea Metodologiei de stabilire a efectului perturbator semnificativ al incidentelor la nivelul reţelelor şi sistemelor informatice ale operatorilor de servicii esenţiale	Order no. 601/2019 of the Minister of Communications and Information Society approving the methodology for determining the significance of an disruptive effect of incidents on networks and information systems of operators of essential services

National transposition (in Original Language)	National transposition (in Translation)
1. Zákon č. 69/2018 Z. z. o kybernetickej bezpečnosti a o zmene a doplnení niektorých zákonov	Act No 69/2018 on cybersecurity and amending certain acts
2. Vyhláška Národného bezpečnostného úradu č. 164/2018 Z. z., ktorou sa určujú identifikačné kritériá prevádzkovanej služby (kritériá základnej služby)	Decree of the National Integrity Agency No 164/2018 Coll. establishing the identification criteria for the service operated (basic service criteria)
3. Vyhláška Národného bezpečnostného úradu č. 165/2018 Z. z., ktorou sa určujú identifikačné kritériá pre jednotlivé kategórie závažných kybernetických bezpečnostných incidentov a podrobnosti hlásenia kybernetických bezpečnostných incidentov	Decree of the National Integrity Agency No 165/2018 Coll. establishing the identification criteria for each category of serious cybersecurity incidents and the details of the reporting of cybersecurity incidents
4. Vyhláška Národného bezpečnostného úradu č. 166/2018 Z. z. o podrobnostiach o technickom, technologickom a personálnom vybavení jednotky pre riešenie kybernetických bezpečnostných incidentov	Decree of the National Integrity Agency No 166/2018 Coll. on details of the technical, technological and personnel equipment of the Cybersecurity Incident Response Team

National transposition (in Original Language)	National transposition (in Translation)
1. Myndighetsförordning	Authority Regulation (2007:515)
2. Förvaltningslag (2017:900)	Administrative Procedures Act (2017:900)
3. Förordning (2018:1175) om informationssäkerhet för samhällsviktiga och digitala tjänster	3. Regulation (2018:1175) on Information Security for Essential and Digital Services
4. Lag (2018:1174) om informationssäkerhet för samhällsviktiga och digitala tjänster	4. Law (2018:1174) on Information Security for Essential and Digital Services