The Irish government has confirmed that the introduction of the NIS2 cyber security directive, which was supposed to be implemented in October 2024, remains “in progress”. The directive aims to establish a unified legal framework to uphold cybersecurity in 18 critical sectors across the EU, enhancing both resilience and enforcement mechanisms.
As the 17 October deadline for the transposition of Network and Information Security Directive (NIS2) passed, Ireland missed out due to the late publication of the necessary legislative bill. Only Belgium and Croatia notified the European Commission of their compliance with the transposition of the NIS2 cybersecurity rules in October 2024, which includes supervisory and enforcement measures.
However, the Department could not provide confirmation on when the directive will be transposed. The directive will be integrated into the National Cyber Security Bill, currently at the general scheme stage in the legislative process.
Back in October, The Department of the Environment, Climate and Communications stated that it will probably “be 2025 before national legislation is in place”, with the NIS Directive remaining in full effect until then.
The government is expected to publish its legislative priority list in February, which will likely provide more clarity on the anticipated timeline for enactment.
