EU Policy. Croatia alone partially adopts new cyber rules for critical entities

A battery storage facility.
A battery storage facility. Copyright Ross D. Franklin/Copyright 2024 The AP. All rights reserved
By Cynthia Kroet
Share this articleComments
Share this articleClose Button

The rules to protect the energy, banking and transport sector need to be in place by 17 October this year.


Only Croatia has so far officially notified the European Commission about a partial transposition of EU cybersecurity rules, designed to protect critical entities, such as energy, transport, banking, water and digital infrastructures, against major incidents.

National laws implementing the Network and Information Security Directive 2 (NIS2) should be in place in all EU countries by 17 October this year, following its approval in 2022.

Some other countries, including Belgium, Finland and the Netherlands, have begun a consultation process. French lawmakers have also begun preparatory work to transpose the law.

The European Commission proposed NIS 2 with the aim to keep up with increased digitisation and an evolving cybersecurity threat landscape. According to a spokesperson for the EU executive, the first directive proposed in 2016 failed to improve cyber resilience of businesses operating in the EU, and did not promote joint crisis response.

NIS 1 aimed at beefing up the resilience of network and information systems across Europe against cybersecurity risks. Companies need to notify, in case of incidents that cause serious operational disruptions, issue a warning within 24 hours and deliver an incident report within 72 hours.


A study published by IT company Cisco today (27 March), revealed that 69% of European businesses expect to be disrupted by a cyberattack within the next two years, with 49% having experienced an incident over the last 12 months. In addition, only 3% have cybersecurity protections rated ‘mature’ to remain resilient against an evolving threat landscape.

Some 22% of the respondents said they feel very confident in their ability to remain resilient as the cybersecurity landscape evolves, according to the survey carried out in January and February of this year.

Roberto Viola, director-general of the commission’s digital unit last week (19 March) said that cybersecurity investments need to double under the next commission mandate in order to ensure the bloc’s resilience to counter attacks. Last December, the commission earmarked €214m for 2024 for cybersecurity, to improve the Union's collective resilience against cyber threats.

Share this articleComments

You might also like