EU member states were required to transpose the NIS2 Directive, which aims to ensure a high level of cybersecurity across the EU, into national law by 17 October 2024.

The directive covers entities operating in critical sectors such as public electronic communications services, ICT service management, digital services, wastewater and waste management, space, health, energy, transport, manufacturing of critical products, postal and courier services, and public administration.

A letter of formal notice has been sent to Ireland and 22 other member states which have allegedly failed to fully transpose the directive.

The member states now have two months to respond and to complete their transposition and notify their measures to the Commission.

In the absence of a satisfactory response, the Commission may decide to take the next step in infringement proceedings by issuing a reasoned opinion.