European Commission Initiates Infringement Proceedings Against Germany , Austria and 22 Other Member States

The European Commission has launched infringement proceedings against Germany, Austria and 22 other EU member states. The reason: These countries have not fully implemented the NIS2 and CER directives into national law.

NIS2 Directive: Ensuring Uniform Cybersecurity Across the EU

The NIS2 Directive (Directive 2022/2555) aims to ensure a high level of cybersecurity throughout the EU. It covers critical sectors such as public electronic communications services, wastewater and waste disposal, health, energy, transport, and public administration. Member states had until October 17, 2024, to implement the directive. Since this has not been fully achieved, the Commission has sent letters of formal notice.

CER Directive: Protecting Critical Infrastructures

The CER Directive (Directive on the Resilience of Critical Entities) focuses on protecting critical infrastructures and strengthening the resilience of entities operating these infrastructures. Here too, member states missed the deadline and must now respond to the Commission's letters within two months.

Potential Consequences

If the affected states do not adequately respond, the Commission can issue reasoned opinions and eventually refer the matter to the European Court of Justice. This could result in substantial financial penalties for the affected countries.

Affected States

In addition to Germany, Bulgaria, Czech Republic, Denmark, Estonia, Ireland, Greece, Spain, France, Cyprus, Latvia, Luxembourg, Hungary, Malta, Netherlands, Austria, Poland, Portugal, Romania, Slovenia, Slovakia, Finland, and Sweden are among the affected countries.

The European Commission emphasizes the importance of these directives for the security and resilience of the EU and calls on member states to take the necessary measures.