European Commission refers Ireland, Spain, France and the Netherlands
Key points
Failure to notify full transposition of NIS2 Directive
Commission requests financial sanctions until full transposition
TL;DR
Commission refers Ireland, Spain, France and the Netherlands to the Court of Justice for failing to notify measures transposing the NIS2 Directive.
NIS2 sets high standards for entities in 18 critical sectors to strengthen EU cybersecurity and incident-response capacity.
Commission sent letters of formal notice on 28 November 2024 and reasoned opinions on 7 May 2025; Member States had until 17 October 2024 to transpose; referrals include a request for financial sanctions.
Original text
European Commission - Press release Commission refers Ireland, Spain, France and the Netherlands to the Court of Justice for failing to transpose the rules on cybersecurity Brussels, 8 July 2026 Today, the European Commission decided to refer Ireland, Spain, France and the Netherlands to the Court of Justice of the European Union for failing to notify measures transposing the NIS2 Directive on securing network and in...