National Transposition Measures

This table displays the 27 Member States of the European Union plus the United Kingdom and allows you to click on a country in order to access its relevant transposition measures. The national transposition measures are presented in the form they were formally notified by the respective Member State to the European Commission. In some instances, only those legal instruments are presented that are of relevance for NIS security as such; thus, amendments to, for instance, criminal procedure law with no specific mentioning of the requirements of the NIS Directive have been omitted. In due course, the table will be amended by English translations of selected legal acts as commissioned in the framework of the EnCaViBS project to allow for a comparative analysis. The selection is based on the relevance for the EnCaViBS project and represents a variety of approaches. With regard to quick access to the relevant sections, some translations leave out sections that are irrelevant for our project. Nevertheless, the original national act is uploaded in its entirety so that native speakers are able to consider the measure in its legal context. The collection of national acts was retrieved from publicly available databases primarily from the national governments’ official gazettes. We are thankful for comments and corrections.

Austria

National transposition (in Original Language)
National transposition (in Translation)
Bundesgesetz zur Gewährleistung eines hohen Sicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz – NISG)Network and Information System Security Act

Belgium

National transposition (in Original Language)National transposition (in Translation)
1. Loi du 7 avril 2019 établissant un cadre pour la sécurité des réseaux et des systèmes d'information d'intérêt général pour la sécurité publique1. Law of 7 April 2019 Establishing a Framework for the Security of Network and Information Systems of General Interest for Public Security
2. Arrêté royal portant exécution de la loi du 7 avril 2019 établissant un cadre pour la sécurité des réseaux et des systèmes d'information d'intérêt général pour la sécurité publique, ainsi que de la loi du 1er juillet 2011 relative à la sécurité et la protection des infrastructures critiques2. Royal Decree of 12 July 2019 Implementing the Law of 7 April 2019 Establishing a Framework for the Security of Network and Information Systems of General Interest for Public Security, as well as the Law of 1 July 2011 on the Security and Protection of Critical Infrastructures

Bulgaria

National transposition (in Original Language)National transposition (in Translation)
Закон за киберсигурностCybersecurity Act

Croatia

National transposition (in Original Language)National transposition (in Translation)
1. Zakon o kibernetičkoj sigurnosti operatora ključnih usluga i davatelja digitalnih uslugaCybersecurity law for operators of essential services and digital service providers
2. Uredba o kibernetičkoj sigurnosti operatora ključnih usluga i davatelja digitalnih uslugaRegulation on cybersecurity of operators of essential services and digital service providers

Cyprus

National transposition (in Original Language)National transposition (in Translation)
Ο Περί Ασφάλειας Δικτύων και Συστημάτων Πληροφοριών Νόμος του 2018The Security Networks and Information Systems Act of 2018

Czechia

Most relevant national transposition measures (in Original Language)National transposition (in Translation)
1. Zákon č. 205/2017 Sb., kterým se mění zákon č. 181/2014 Sb., o kybernetické bezpečnosti a o změně souvisejících zákonů (zákon o kybernetické bezpečnosti), ve znění zákona č. 104/2017 Sb., a některé další zákonyAct No 205/2017 amending Act No 181/2014 on cybersecurity and amending related acts (the Cybersecurity Act), as amended by Act No 104/2017 and certain other acts 
2. Vyhláška č. 437/2017 Sb., o kritériích pro určení provozovatele základní služby Decree No 437/2017 on the criteria for determining the operator of a basic service 
3. Vyhláška č. 82/2018 Sb. Vyhláška o bezpečnostních opatřeních, kybernetických bezpečnostních incidentech, reaktivních opatřeních, náležitostech podání v oblasti kybernetické bezpečnosti a likvidaci dat (vyhláška o kybernetické bezpečnosti)Decree No 82/2018 Coll. on security measures, cybersecurity incidents, reactive measures, cybersecurity filings and destruction of data (Cybersecurity Decree)

Denmark

National transposition (in Original Language)National transposition (in Translation)
1.Lov om sikkerhed i net- og informationssystemer for operatører af væsentlige internetudvekslingspunkter m.v. Act on the security of network and information systems for operators of essential Internet exchange points, etc.
2. Lov om krav til sikkerhed for net- og informationssystemer inden for sundhedssektoren.  Act on requirements for the security of network and information systems in the health sector 
3. Bekendtgørelse om krav til sikkerheden i visse vandforsyningers net­ og informationssystemer. Order on requirements for the security of network and information systems of certain water supplies 
4. Lov om sikkerhed i net- og informationssystemer i transportsektoren

Law on the security of network and information systems in the transport sector 
5. Bekendtgørelse om operatører af væsentlige tjenester. 

Order on operators of essential services
6. Bekendtgørelse om hændelsesrapportering for operatører af væsentlige tjenester. 
Order on incident reporting for operators of essential services 
7. Bekendtgørelse om sikkerhed i net- og informationssystemer for operatører af væsentlige tjenester på domænenavnsområdet. 


Order on the security of network and information systems for operators of essential services in the domain name area 
8. Bekendtgørelse om sikkerhed i net- og informationssystemer af betydning for skibes sikkerhed og deres sejlads. Order No 46 of 15 January 2019 on the security of network and information systems of importance for ship safety and navigation

Estonia

National transposition (in Original Language)National transposition (in Translation)
Küberturvalisuse seadusCybersecurity Act

Finland

National transposition (in Original Language)National transposition (in Translation)
1. Laki terveydenhuollon laitteista ja tarvikkeista / Lag om produkter och utrustning för hälso- och sjukvård (629/2010) 24/06/2010, viimeksi muutettuna / ändring senast genom (936/2017) 19/12/2017 
Act on Healthcare Equipment and Equipment (Lag om produkter och utrustning för hälso- och Sjukvård (629/2010) 24/06/2010, as last amended/ändring senast genom (936/2017) 19/12/2017  
2. Laki sähköisen viestinnän palveluista / Lag om tjänster inom elektronisk kommunikation (917/2014) 07/11/2014, viimeksi muutettuna / ändring senast genom (281/2018) 04/05/2018Act on Electronic Communications Services/Lag om tjänster inom elektronisk kommunikation (917/2014) 07/11/2014, as last amended/ändring senast genom (281/2018) 04/05/2018

France

National transposition (in Original Language)National transposition (in Translation)
1. LOI n° 2018-133 du 26 février 2018 portant diverses dispositions d'adaptation au droit de l'Union européenne dans le domaine de la sécurité. 1. Act No. 2018-133 of 26 February 2018 on various provisions for adapting to European Union law in the field of security
2.Décret n° 2018-384 du 23 mai 2018 relatif à la sécurité des réseaux et systèmes d'information des opérateurs de services essentiels et des fournisseurs de service numérique 2. Decree No. 2018-384 of 23 May 2018 on the security of the networks and information systems of critical service operators and digital service providers
3. Arrêté du 13 juin 2018 fixant les modalités des déclarations prévues aux articles 8, 11 et 20 du décret no 2018-384 du 23 mai 2018 relatif à la sécurité des réseaux et systèmes d’information des opérateurs de services essentiels et des fournisseurs de service numérique3. Order of 13 June 2018 setting out the terms and conditions for the declarations provided for in Articles 8, 11 and 20 of Decree No. 2018-384 of 23 May 2018 on the security of the networks and information systems of essential service operators and digital service providers
4. Arrêté du 14 septembre 2018 fixant les règles de sécurité et les délais mentionnés à l'article 10 du décret n° 2018-384 du 23 mai 2018 relatif à la sécurité des réseaux et systèmes d'information des opérateurs de services essentiels et des fournisseurs de service numérique4. Order of 14 September 2018 setting out the security rules and time frames referred to in Article 10 of Decree No. 2018-384 of 23 May 2018 on the security of networks and information systems of operators of critical services and digital service providers

Germany

National transposition (in Original Language)National transposition (in Translation)
1. Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme (IT-Sicherheitsgesetz)1. Act on improving the security of information technology systems (IT Security Act)

For a consolidated version of the German BSI Act, which implements major parts of the NIS Directive see Germany_BSI_Act_engl.
2. Verordnung zur Bestimmung Kritischer Infrastrukturen nach dem BSI-Gesetz (BSI-Kritisverordnung – BSI-KritisV)2. Regulation for Determining Critical Infrastructures Pursuant to the BSI Act (BSI Act Crisis Regulation - BSI CrisisV)
3. Erste Verordnung zur Änderung der BSI-Kritisverordnung3. First regulation amending the BSI-Kritisverordnung
4. Gesetz zur Umsetzung der Richtlinie (EU)2016/1148 des Europäischen Parlaments und des Rates vom 6. Juli 2016 über Maßnahmen zur Gewährleistung eines hohen gemeinsamen Sicherheitsniveaus von Netz- und Informationssystemen in der Union4. Law implementing Directive (EU)2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union

Greece

National transposition (in Original Language)National transposition (in Translation)
1. Ενσωμάτωση στην ελληνική νομοθεσία της Οδηγίας 2016/1148/ΕΕ του Ευρωπαϊκού Κοινοβουλίου και του Συμβουλίου σχετικά με μέτρα για υψηλό κοινό επίπεδο ασφάλειας συστημάτων δικτύου και πληροφοριών σε ολόκληρη την Ένωση και άλλες διατάξεις.Transposition into Greek law of the Directive 2016/1148/EU of the European Parliament and of the Council on measures for high common level of security of network and information systems across the Union and other provisions.

Hungary

National transposition (in Original Language)National transposition (in Translation)
1. Az infokommunikációs technológiák ágazathoz kapcsolódó létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelméről szóló 249/2017. (IX. 5.) Korm. rendeletGovernment Decree No 249/2017 on the identification, designation and protection of critical systems and facilities related to the ICT sector (IX. 5.) Government Decree
2. A belügyi feladatokat érintő és más kapcsolódó törvények módosításáról szóló 2017. évi CXXXIV. törvénnyel összefüggő Korm. rendeletek módosításáról szóló 394/2017. (XII. 13.) Korm. rendeletGovernment decrees amending Act CXXXIV of 2017 amending Act CXXXIV of 394 on the amendment of domestic tasks and other related acts (XII. 13.) Government Decree
3. A bejelentés-köteles szolgáltatást nyújtókról szóló 410/2017. (XII. 15.) Korm. rendeletGovernment Decree No 410/2017 on service providers subject to notification (XII. 15.) Government Decree
4. Az állami és önkormányzati szervek elektronikus információbiztonságáról szóló 2013. évi L. törvényben meghatározott technológiai biztonsági, valamint a biztonságos információs eszközökre, termékekre, továbbá a biztonsági osztályba és biztonsági szintbe sorolásra vonatkozó követelményekről szóló 41/2015. (VII. 15.) BM rendeletOn the technological security requirements laid down in Act L of 2013 on the security of electronic information of state and local government bodies and on the requirements for secure information devices and products, as well as the security class and security level classification, (VII. 15.) BM Decree
A Kormány 270/2018. (XII. 20.) Korm. rendelete az információs társadalommal összefüggő szolgáltatások elektronikus információbiztonságának felügyeletéről és a biztonsági eseményekkel kapcsolatos eljárásrendrőlGovernment Decree 270/2018. (XII. 20.) Government Decree on the supervision of the electronic information security of information society services and the procedure for security incidents
6. A Kormány 271/2018. (XII. 20.) Korm. rendelete az eseménykezelő központok feladat- és hatásköréről, valamint a biztonsági események kezelésének és műszaki vizsgálatának, továbbá a sérülékenységvizsgálat lefolytatásának szabályairólGovernment Decree 271/2018. (XII. 20.) Government Decree No/on the functions and powers of incident management centres and the rules on the management and technical investigation of security incidents and the conduct of vulnerability assessments
7. A Kormány 648/2020. (XII. 23.) Korm. rendelete egyes, az egészségügyi beszerzésekkel kapcsolatos kormányrendeletek módosításárólGovernment 648/2020. (XII. 23.) on the amendment of certain government decrees related to health procurement
8. A Kormány 161/2019. (VII. 4.) Korm. rendelete a közlekedési létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelméről
Government Decree 161/2019. (VII. 4.) on the identification, designation and protection of vital transport systems and facilities
9. A Kormány 374/2020. (VII. 30.) Korm. rendelete az energetikai létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelmérőlGovernment Decree 374/2020. (VII. 30.) Government Decree on the identification, designation and protection of vital energy systems and facilities
10. A Kormány 375/2020. (VII. 30.) Korm. rendelete egyes kiberbiztonsági tárgyú és egyéb kormányrendeletek módosításárólGovernment Decree 375/2020. (VII. 30.) Government Decree amending certain government decrees on cybersecurity and other government decrees
11. A Kormány 94/2020. (IV. 7.) Korm. rendelete a létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelméről szóló 2012. évi CLXVI. törvény végrehajtásáról szóló 65/2013. (III. 8.) Korm. rendelet módosításárólGovernment Decree 94/2020. (IV. 7.) Government Decree No/on the identification, designation and protection of vital systems and facilities Government Decree No 65/2013 of 2012 on the implementation of Act CLXVI of (III. 8.) amending Government Decree No.

Ireland

National transposition (in Original Language)National transposition (in Translation)
 European Union (Measures for a High Common Level of Security of Network and Information Systems) Regulations 2018 European Union (Measures for a High Common Level of Security of Network and Information Systems) Regulations 2018

Italy

National transposition (in Original Language)National transposition (in Translation)
Attuazione della direttiva (UE) 2016/1148 del Parlamento europeo e del Consiglio, del 6 luglio 2016, recante misure per un livello comune elevato di sicurezza delle reti e dei sistemi informativi nell'UnioneLegislative Decree of 18 May 2018, no. 65, Implementation of Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 promulgating measures for a high common level of security of network and information systems across the Union

Latvia

National transposition (in Original Language)National transposition (in Translation)
1. Informācijas tehnoloģiju drošības likumsLaw on Information Technology Security
2. Ministru kabineta 2015.gada 28.jūlija noteikumi Nr.442 "Kārtība, kādā tiek nodrošināta informācijas un komunikācijas tehnoloģiju sistēmu atbilstība minimālajām drošības prasībām"Cabinet Regulation No 442 of 28 July 2015 on procedures for ensuring compliance of information and communication technology systems with minimum security requirements
3. Finanšu un kapitāla tirgus komisijas 2018. gada 26. septembra noteikumi Nr. 158 "Informācijas sistēmu drošības normatīvie noteikumi"Financial and Capital Market Commission Regulation No 158 of 26 September 2018 “Regulatory Regulations on Information System Security”
4. Finanšu un kapitāla tirgus komisijas 2018. gada 26. septembra noteikumi Nr. 157 "Normatīvie noteikumi par ziņošanu par būtiskiem maksājumu pakalpojumu incidentiem"Financial and Capital Market Commission Regulation No 157 of 26 September 2018 “Regulatory provisions on reporting significant payment service incidents”
5. Informācijas tehnoloģiju drošības likumsLaw on Information Technology Security
6. Ministru kabineta 2019.gada 15.janvāra noteikumi Nr.15 "Noteikumi par drošības incidenta būtiskuma kritērijiem, informēšanas kārtību un ziņojuma saturu"Cabinet Regulation No 15 of 15 January 2019 laying down the criteria for materiality of a security incident, the information procedure and the content of the report.

Lithuania

National transposition (in Original Language)National transposition (in Translation)
1. Lietuvos Respublikos asmens duomenų teisinės apsaugos įstatymas Nr. I-1374 (Suvestinė redakcija nuo 2017-01-01)Law of the Republic of Lithuania No I-1374 on the legal protection of personal data (consolidated version from 2017-01-01)
2. Lietuvos Respublikos kibernetinio saugumo įstatymo Nr. XII-1428 pakeitimo įstatymas Nr. XLaw No XII-1428 amending the Law on Cybersecurity of the Republic of Lithuania No XIII-1299
3. Lietuvos Respublikos Vyriausybės 2018 m. rugpjūčio 13 d. nutarimas Nr. 818 "Dėl Nacionalinės kibernetinio saugumo strategijos patvirtinimoResolution No 818 of the Government of the Republic of Lithuania of 13 August 2018 approving the National Cyber Security Strategy

Luxembourg

National transposition (in Original Language)National transposition (in Translation)
Loi du 28 mai 2019 portant transposition de la directive (UE) 2016/1148 du Parlement européen et du Conseil du 6 juillet 2016 concernant des mesures destinées à assurer un niveau élevé commun de sécurité des réseaux et des systèmes d’information dans l’Union européenne et modifiantn1° la loi modifiée du 20 avril 2009 portant création du Centre des technologies de l’information de l’État etn2° la loi du 23 juillet 2016 portant création d’un Haut-Commissariat à la Protection nationaleAct of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 on measures to ensure a common high level of network and information system security in the European Union and amending 1° the amended Act of 20 April 2009 establishing the State Information Technology Centre and 2° the Act of 23 July 2016 establishing a High Commission for National Protection

Malta

National transposition (in Original Language)National transposition (in Translation)
European UNION ACT (CAP.460), Measures For High Common Level of Security of Network and Information Systems Order, 2018European UNION ACT (CAP.460), Measures For High Common Level of Security of Network and Information Systems Order, 2018

Netherlands

National transposition (in Original Language)National transposition (in Translation)
1. Besluit van 30 oktober 2018 tot aanwijzing van het CSIRT voor digitale diensten en tot vaststelling van het tijdstip van inwerkingtreding van de Wet en het Besluit beveiliging netwerk- en informatiesystemenDecree of 30 October 2018 designating the CSIRT for digital services and fixing the date of entry into force of the Act and the Decree on security of network and information systems
2. Besluit beveiliging netwerk- en informatiesystemenDecision dated 30 October 2018, concerning the rules related to the execution of the Network and Information Systems Act (Network and Information Systems Directive)
3. Wet van 17 oktober 2018, houdende regels ter implementatie van richtlijn (EU) 2016/1148 (Wet beveiliging netwerk- en informatiesystemen)Act of 17 October 2018 laying down rules for the implementation of Directive (EU) 2016/1148 (Network and Information Systems Security Act)

Poland

National transposition (in Original Language)National transposition (in Translation)
1. Ustawa z dnia 5 lipca 2018 r.o krajowym systemie cyberbezpieczeństwaNational Cybersecurity Act of 5 July 2018
2. Rozporządzenie Rady Ministrów z dnia 11 września 2018 r. w sprawie wykazu usług kluczowych oraz progów istotności skutku zakłócającego incydentu dla świadczenia usług kluczowychRegulation of the Council of Ministers of 11 September 2018 on the list of essential services and the material thresholds of disruptive effect of an incident for the provision of essential services
3. Rozporządzenie Rady Ministrów z dnia 31 października 2018 r. w sprawie progów uznania incydentu za poważnyRegulation of the Council of Ministers of 31 October 2018 on the thresholds for considering an incident as serious
4. Uchwała nr 125 Rady Ministrów z dnia 22 października 2019 r. w sprawie Strategii Cyberbezpieczeństwa Rzeczypospolitej Polskiej na lata 2019-2024Resolution No. 125 of the Council of Ministers of 22 October 2019 on the cybersecurity strategy  of the Republic of Poland 2019-2024

Portugal

National transposition (in Original Language)National transposition (in Translation)
Lei n.º 46/2018,de 13 de agosto, Estabelece o regime jurídico da segurança do ciberespaço, transpondo a Diretiva (UE) 2016/1148, do Parlamento Europeu e do Conselho, de 6 de julho de 2016, relativa a medidas destinadas a garantir um elevado nível comum de segurança das redes e da informação em toda a UniãoLaw No 46/2018 of 13 August 2007 establishing the legal framework for the security of cyberspace, transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures to ensure a high common level of network and information security across the Union

Romania

National transposition (in Original Language)National transposition (in Translation)
1. Legea nr. 362/2018 privind asigurarea unui nivel comun ridicat de securitate a reţelelor şi sistemelor informaticeLaw no. 362/2018 ensuring a high common level of security of network and information systems
2. Ordin nr. 599/2019 al ministrului comunicaţiilor şi societăţii informaţionale privind aprobarea Normelor metodologice de identificare a operatorilor de servicii esenţiale şi furnizorilor de servicii digitaleOrder no. 599/2019 of the Minister of Communications and Information Society approving the methodological rules for the identification of operators of essential services and digital service providers
3. Ordin nr. 601/2019 al ministrului comunicaţiilor şi societăţii informaţionale pentru aprobarea Metodologiei de stabilire a efectului perturbator semnificativ al incidentelor la nivelul reţelelor şi sistemelor informatice ale operatorilor de servicii esenţialeOrder no. 601/2019 of the Minister of Communications and Information Society approving the methodology for determining the significance of an disruptive effect of incidents on networks and information systems of operators of essential services

Slovakia

National transposition (in Original Language)National transposition (in Translation)
1. Zákon č. 69/2018 Z. z. o kybernetickej bezpečnosti a o zmene a doplnení niektorých zákonovAct No 69/2018 on cybersecurity and amending certain acts
2. Vyhláška Národného bezpečnostného úradu č. 164/2018 Z. z., ktorou sa určujú identifikačné kritériá prevádzkovanej služby (kritériá základnej služby)Decree of the National Integrity Agency No 164/2018 Coll. establishing the identification criteria for the service operated (basic service criteria)
3. Vyhláška Národného bezpečnostného úradu č. 165/2018 Z. z., ktorou sa určujú identifikačné kritériá pre jednotlivé kategórie závažných kybernetických bezpečnostných incidentov a podrobnosti hlásenia kybernetických bezpečnostných incidentov Decree of the National Integrity Agency No 165/2018 Coll. establishing the identification criteria for each category of serious cybersecurity incidents and the details of the reporting of cybersecurity incidents
4. Vyhláška Národného bezpečnostného úradu č. 166/2018 Z. z. o podrobnostiach o technickom, technologickom a personálnom vybavení jednotky pre riešenie kybernetických bezpečnostných incidentovDecree of the National Integrity Agency No 166/2018 Coll. on details of the technical, technological and personnel equipment of the Cybersecurity Incident Response Team

Slovenia

National transposition (in Original Language)National transposition (in Translation)
Zakon o informacijski varnostiInformation Security Act

Spain

National transposition (in Original Language)National transposition (in Translation)
Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de las redes y sistemas de informaciónRoyal-Decree-Law 12/2018 of 7 September on Security of Network and Information Systems

Sweden

National transposition (in Original Language)National transposition (in Translation)
1. MyndighetsförordningAuthority Regulation (2007:515)
2. Förvaltningslag (2017:900)Administrative Procedures Act (2017:900)
3. Förordning (2018:1175) om informationssäkerhet för samhällsviktiga och digitala tjänster3. Regulation (2018:1175) on Information Security for Essential and Digital Services
4. Lag (2018:1174) om informationssäkerhet för samhällsviktiga och digitala tjänster4. Law (2018:1174) on Information Security for Essential and Digital Services

United Kingdom

National transposition (in Original Language)National transposition (in Translation)
The Network and Information Systems Regulations 2018The Network and Information Systems Regulations 2018

 

 

 

Archives

Categories

Meta

Archives

Categories

Meta

Archives

Categories

Meta

Archives

Categories

Meta