This table displays the 27 Member States of the European Union plus the United Kingdom and allows you to click on a country in order to access its relevant transposition measures. The national transposition measures are presented in the form they were formally notified by the respective Member State to the European Commission. In some instances, only those legal instruments are presented that are of relevance for NIS security as such; thus, amendments to, for instance, criminal procedure law with no specific mentioning of the requirements of the NIS Directive have been omitted. In due course, the table will be amended by English translations of selected legal acts as commissioned in the framework of the EnCaViBS project to allow for a comparative analysis. The selection is based on the relevance for the EnCaViBS project and represents a variety of approaches. With regard to quick access to the relevant sections, some translations leave out sections that are irrelevant for our project. Nevertheless, the original national act is uploaded in its entirety so that native speakers are able to consider the measure in its legal context. The collection of national acts was retrieved from publicly available databases primarily from the national governments’ official gazettes. We are thankful for comments and corrections.

Austria
Belgium
Bulgaria

National transposition (in Original Language)National transposition (in Translation)
Закон за киберсигурностCybersecurity Act

Croatia

National transposition (in Original Language)National transposition (in Translation)
1. Zakon o kibernetičkoj sigurnosti operatora ključnih usluga i davatelja digitalnih uslugaCybersecurity law for operators of essential services and digital service providers
2. Uredba o kibernetičkoj sigurnosti operatora ključnih usluga i davatelja digitalnih uslugaRegulation on cybersecurity of operators of essential services and digital service providers

Cyprus

National transposition (in Original Language)National transposition (in Translation)
Ο Περί Ασφάλειας Δικτύων και Συστημάτων Πληροφοριών Νόμος του 2018The Security Networks and Information Systems Act of 2018

Czechia

Most relevant national transposition measures (in Original Language)National transposition (in Translation)
1. Zákon č. 205/2017 Sb., kterým se mění zákon č. 181/2014 Sb., o kybernetické bezpečnosti a o změně souvisejících zákonů (zákon o kybernetické bezpečnosti), ve znění zákona č. 104/2017 Sb., a některé další zákonyAct No 205/2017 amending Act No 181/2014 on cybersecurity and amending related acts (the Cybersecurity Act), as amended by Act No 104/2017 and certain other acts 
2. Vyhláška č. 437/2017 Sb., o kritériích pro určení provozovatele základní služby Decree No 437/2017 on the criteria for determining the operator of a basic service 
3. Vyhláška č. 82/2018 Sb. Vyhláška o bezpečnostních opatřeních, kybernetických bezpečnostních incidentech, reaktivních opatřeních, náležitostech podání v oblasti kybernetické bezpečnosti a likvidaci dat (vyhláška o kybernetické bezpečnosti)Decree No 82/2018 Coll. on security measures, cybersecurity incidents, reactive measures, cybersecurity filings and destruction of data (Cybersecurity Decree)

Denmark

National transposition (in Original Language)National transposition (in Translation)
1.Lov om sikkerhed i net- og informationssystemer for operatører af væsentlige internetudvekslingspunkter m.v. Act on the security of network and information systems for operators of essential Internet exchange points, etc.
2. Lov om krav til sikkerhed for net- og informationssystemer inden for sundhedssektoren.  Act on requirements for the security of network and information systems in the health sector 
3. Bekendtgørelse om krav til sikkerheden i visse vandforsyningers net­ og informationssystemer. Order on requirements for the security of network and information systems of certain water supplies 
4. Lov om sikkerhed i net- og informationssystemer i transportsektoren

Law on the security of network and information systems in the transport sector 
5. Bekendtgørelse om operatører af væsentlige tjenester. 

Order on operators of essential services
6. Bekendtgørelse om hændelsesrapportering for operatører af væsentlige tjenester. 
Order on incident reporting for operators of essential services 
7. Bekendtgørelse om sikkerhed i net- og informationssystemer for operatører af væsentlige tjenester på domænenavnsområdet. 


Order on the security of network and information systems for operators of essential services in the domain name area 
8. Bekendtgørelse om sikkerhed i net- og informationssystemer af betydning for skibes sikkerhed og deres sejlads. Order No 46 of 15 January 2019 on the security of network and information systems of importance for ship safety and navigation

Estonia

National transposition (in Original Language)National transposition (in Translation)
Küberturvalisuse seadusCybersecurity Act

Finland

National transposition (in Original Language)National transposition (in Translation)
1. Laki terveydenhuollon laitteista ja tarvikkeista / Lag om produkter och utrustning för hälso- och sjukvård (629/2010) 24/06/2010, viimeksi muutettuna / ändring senast genom (936/2017) 19/12/2017 
Act on Healthcare Equipment and Equipment (Lag om produkter och utrustning för hälso- och Sjukvård (629/2010) 24/06/2010, as last amended/ändring senast genom (936/2017) 19/12/2017  
2. Laki sähköisen viestinnän palveluista / Lag om tjänster inom elektronisk kommunikation (917/2014) 07/11/2014, viimeksi muutettuna / ändring senast genom (281/2018) 04/05/2018Act on Electronic Communications Services/Lag om tjänster inom elektronisk kommunikation (917/2014) 07/11/2014, as last amended/ändring senast genom (281/2018) 04/05/2018

France

National transposition (in Original Language)National transposition (in Translation)
1. LOI n° 2018-133 du 26 février 2018 portant diverses dispositions d'adaptation au droit de l'Union européenne dans le domaine de la sécurité. 1. Act No. 2018-133 of 26 February 2018 on various provisions for adapting to European Union law in the field of security
2.Décret n° 2018-384 du 23 mai 2018 relatif à la sécurité des réseaux et systèmes d'information des opérateurs de services essentiels et des fournisseurs de service numérique 2. Decree No. 2018-384 of 23 May 2018 on the security of the networks and information systems of critical service operators and digital service providers
3. Arrêté du 13 juin 2018 fixant les modalités des déclarations prévues aux articles 8, 11 et 20 du décret no 2018-384 du 23 mai 2018 relatif à la sécurité des réseaux et systèmes d’information des opérateurs de services essentiels et des fournisseurs de service numérique3. Order of 13 June 2018 setting out the terms and conditions for the declarations provided for in Articles 8, 11 and 20 of Decree No. 2018-384 of 23 May 2018 on the security of the networks and information systems of essential service operators and digital service providers
4. Arrêté du 14 septembre 2018 fixant les règles de sécurité et les délais mentionnés à l'article 10 du décret n° 2018-384 du 23 mai 2018 relatif à la sécurité des réseaux et systèmes d'information des opérateurs de services essentiels et des fournisseurs de service numérique4. Order of 14 September 2018 setting out the security rules and time frames referred to in Article 10 of Decree No. 2018-384 of 23 May 2018 on the security of networks and information systems of operators of critical services and digital service providers

Germany

National transposition (in Original Language)National transposition (in Translation)
1. Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme (IT-Sicherheitsgesetz)1. Act on improving the security of information technology systems (IT Security Act)

For a consolidated version of the German BSI Act, which implements major parts of the NIS Directive see Germany_BSI_Act_engl.
2. Verordnung zur Bestimmung Kritischer Infrastrukturen nach dem BSI-Gesetz (BSI-Kritisverordnung – BSI-KritisV)2. Regulation for Determining Critical Infrastructures Pursuant to the BSI Act (BSI Act Crisis Regulation - BSI CrisisV)
3. Erste Verordnung zur Änderung der BSI-Kritisverordnung3. First regulation amending the BSI-Kritisverordnung
4. Gesetz zur Umsetzung der Richtlinie (EU)2016/1148 des Europäischen Parlaments und des Rates vom 6. Juli 2016 über Maßnahmen zur Gewährleistung eines hohen gemeinsamen Sicherheitsniveaus von Netz- und Informationssystemen in der Union4. Law implementing Directive (EU)2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union

Greece

National transposition (in Original Language)National transposition (in Translation)
1. Ενσωμάτωση στην ελληνική νομοθεσία της Οδηγίας 2016/1148/ΕΕ του Ευρωπαϊκού Κοινοβουλίου και του Συμβουλίου σχετικά με μέτρα για υψηλό κοινό επίπεδο ασφάλειας συστημάτων δικτύου και πληροφοριών σε ολόκληρη την Ένωση και άλλες διατάξεις.Transposition into Greek law of the Directive 2016/1148/EU of the European Parliament and of the Council on measures for high common level of security of network and information systems across the Union and other provisions.

Hungary

National transposition (in Original Language)National transposition (in Translation)
1. Az infokommunikációs technológiák ágazathoz kapcsolódó létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelméről szóló 249/2017. (IX. 5.) Korm. rendeletGovernment Decree No 249/2017 on the identification, designation and protection of critical systems and facilities related to the ICT sector (IX. 5.) Government Decree
2. A belügyi feladatokat érintő és más kapcsolódó törvények módosításáról szóló 2017. évi CXXXIV. törvénnyel összefüggő Korm. rendeletek módosításáról szóló 394/2017. (XII. 13.) Korm. rendeletGovernment decrees amending Act CXXXIV of 2017 amending Act CXXXIV of 394 on the amendment of domestic tasks and other related acts (XII. 13.) Government Decree
3. A bejelentés-köteles szolgáltatást nyújtókról szóló 410/2017. (XII. 15.) Korm. rendeletGovernment Decree No 410/2017 on service providers subject to notification (XII. 15.) Government Decree
4. Az állami és önkormányzati szervek elektronikus információbiztonságáról szóló 2013. évi L. törvényben meghatározott technológiai biztonsági, valamint a biztonságos információs eszközökre, termékekre, továbbá a biztonsági osztályba és biztonsági szintbe sorolásra vonatkozó követelményekről szóló 41/2015. (VII. 15.) BM rendeletOn the technological security requirements laid down in Act L of 2013 on the security of electronic information of state and local government bodies and on the requirements for secure information devices and products, as well as the security class and security level classification, (VII. 15.) BM Decree
A Kormány 270/2018. (XII. 20.) Korm. rendelete az információs társadalommal összefüggő szolgáltatások elektronikus információbiztonságának felügyeletéről és a biztonsági eseményekkel kapcsolatos eljárásrendrőlGovernment Decree 270/2018. (XII. 20.) Government Decree on the supervision of the electronic information security of information society services and the procedure for security incidents
6. A Kormány 271/2018. (XII. 20.) Korm. rendelete az eseménykezelő központok feladat- és hatásköréről, valamint a biztonsági események kezelésének és műszaki vizsgálatának, továbbá a sérülékenységvizsgálat lefolytatásának szabályairólGovernment Decree 271/2018. (XII. 20.) Government Decree No/on the functions and powers of incident management centres and the rules on the management and technical investigation of security incidents and the conduct of vulnerability assessments
7. A Kormány 648/2020. (XII. 23.) Korm. rendelete egyes, az egészségügyi beszerzésekkel kapcsolatos kormányrendeletek módosításárólGovernment 648/2020. (XII. 23.) on the amendment of certain government decrees related to health procurement
8. A Kormány 161/2019. (VII. 4.) Korm. rendelete a közlekedési létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelméről
Government Decree 161/2019. (VII. 4.) on the identification, designation and protection of vital transport systems and facilities
9. A Kormány 374/2020. (VII. 30.) Korm. rendelete az energetikai létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelmérőlGovernment Decree 374/2020. (VII. 30.) Government Decree on the identification, designation and protection of vital energy systems and facilities
10. A Kormány 375/2020. (VII. 30.) Korm. rendelete egyes kiberbiztonsági tárgyú és egyéb kormányrendeletek módosításárólGovernment Decree 375/2020. (VII. 30.) Government Decree amending certain government decrees on cybersecurity and other government decrees
11. A Kormány 94/2020. (IV. 7.) Korm. rendelete a létfontosságú rendszerek és létesítmények azonosításáról, kijelöléséről és védelméről szóló 2012. évi CLXVI. törvény végrehajtásáról szóló 65/2013. (III. 8.) Korm. rendelet módosításárólGovernment Decree 94/2020. (IV. 7.) Government Decree No/on the identification, designation and protection of vital systems and facilities Government Decree No 65/2013 of 2012 on the implementation of Act CLXVI of (III. 8.) amending Government Decree No.

Ireland
Italy
Latvia

National transposition (in Original Language)National transposition (in Translation)
1. Informācijas tehnoloģiju drošības likumsLaw on Information Technology Security
2. Ministru kabineta 2015.gada 28.jūlija noteikumi Nr.442 "Kārtība, kādā tiek nodrošināta informācijas un komunikācijas tehnoloģiju sistēmu atbilstība minimālajām drošības prasībām"Cabinet Regulation No 442 of 28 July 2015 on procedures for ensuring compliance of information and communication technology systems with minimum security requirements
3. Finanšu un kapitāla tirgus komisijas 2018. gada 26. septembra noteikumi Nr. 158 "Informācijas sistēmu drošības normatīvie noteikumi"Financial and Capital Market Commission Regulation No 158 of 26 September 2018 “Regulatory Regulations on Information System Security”
4. Finanšu un kapitāla tirgus komisijas 2018. gada 26. septembra noteikumi Nr. 157 "Normatīvie noteikumi par ziņošanu par būtiskiem maksājumu pakalpojumu incidentiem"Financial and Capital Market Commission Regulation No 157 of 26 September 2018 “Regulatory provisions on reporting significant payment service incidents”
5. Informācijas tehnoloģiju drošības likumsLaw on Information Technology Security
6. Ministru kabineta 2019.gada 15.janvāra noteikumi Nr.15 "Noteikumi par drošības incidenta būtiskuma kritērijiem, informēšanas kārtību un ziņojuma saturu"Cabinet Regulation No 15 of 15 January 2019 laying down the criteria for materiality of a security incident, the information procedure and the content of the report.

Lithuania

National transposition (in Original Language)National transposition (in Translation)
1. Lietuvos Respublikos asmens duomenų teisinės apsaugos įstatymas Nr. I-1374 (Suvestinė redakcija nuo 2017-01-01)Law of the Republic of Lithuania No I-1374 on the legal protection of personal data (consolidated version from 2017-01-01)
2. Lietuvos Respublikos kibernetinio saugumo įstatymo Nr. XII-1428 pakeitimo įstatymas Nr. XLaw No XII-1428 amending the Law on Cybersecurity of the Republic of Lithuania No XIII-1299
3. Lietuvos Respublikos Vyriausybės 2018 m. rugpjūčio 13 d. nutarimas Nr. 818 "Dėl Nacionalinės kibernetinio saugumo strategijos patvirtinimoResolution No 818 of the Government of the Republic of Lithuania of 13 August 2018 approving the National Cyber Security Strategy

Luxembourg
Malta
Netherlands
Poland
Portugal

National transposition (in Original Language)National transposition (in Translation)
Lei n.º 46/2018,de 13 de agosto, Estabelece o regime jurídico da segurança do ciberespaço, transpondo a Diretiva (UE) 2016/1148, do Parlamento Europeu e do Conselho, de 6 de julho de 2016, relativa a medidas destinadas a garantir um elevado nível comum de segurança das redes e da informação em toda a UniãoLaw No 46/2018 of 13 August 2007 establishing the legal framework for the security of cyberspace, transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures to ensure a high common level of network and information security across the Union

Romania

National transposition (in Original Language)National transposition (in Translation)
1. Legea nr. 362/2018 privind asigurarea unui nivel comun ridicat de securitate a reţelelor şi sistemelor informaticeLaw no. 362/2018 ensuring a high common level of security of network and information systems
2. Ordin nr. 599/2019 al ministrului comunicaţiilor şi societăţii informaţionale privind aprobarea Normelor metodologice de identificare a operatorilor de servicii esenţiale şi furnizorilor de servicii digitaleOrder no. 599/2019 of the Minister of Communications and Information Society approving the methodological rules for the identification of operators of essential services and digital service providers
3. Ordin nr. 601/2019 al ministrului comunicaţiilor şi societăţii informaţionale pentru aprobarea Metodologiei de stabilire a efectului perturbator semnificativ al incidentelor la nivelul reţelelor şi sistemelor informatice ale operatorilor de servicii esenţialeOrder no. 601/2019 of the Minister of Communications and Information Society approving the methodology for determining the significance of an disruptive effect of incidents on networks and information systems of operators of essential services

Slovakia

National transposition (in Original Language)National transposition (in Translation)
1. Zákon č. 69/2018 Z. z. o kybernetickej bezpečnosti a o zmene a doplnení niektorých zákonovAct No 69/2018 on cybersecurity and amending certain acts
2. Vyhláška Národného bezpečnostného úradu č. 164/2018 Z. z., ktorou sa určujú identifikačné kritériá prevádzkovanej služby (kritériá základnej služby)Decree of the National Integrity Agency No 164/2018 Coll. establishing the identification criteria for the service operated (basic service criteria)
3. Vyhláška Národného bezpečnostného úradu č. 165/2018 Z. z., ktorou sa určujú identifikačné kritériá pre jednotlivé kategórie závažných kybernetických bezpečnostných incidentov a podrobnosti hlásenia kybernetických bezpečnostných incidentov Decree of the National Integrity Agency No 165/2018 Coll. establishing the identification criteria for each category of serious cybersecurity incidents and the details of the reporting of cybersecurity incidents
4. Vyhláška Národného bezpečnostného úradu č. 166/2018 Z. z. o podrobnostiach o technickom, technologickom a personálnom vybavení jednotky pre riešenie kybernetických bezpečnostných incidentovDecree of the National Integrity Agency No 166/2018 Coll. on details of the technical, technological and personnel equipment of the Cybersecurity Incident Response Team

Slovenia

National transposition (in Original Language)National transposition (in Translation)
Zakon o informacijski varnostiInformation Security Act

Spain
Sweden
United Kingdom

National transposition (in Original Language)National transposition (in Translation)
The Network and Information Systems Regulations 2018The Network and Information Systems Regulations 2018