Cyberwarfare within the EU
Cyberwarfare within the EU
The European Commission has sued the French and Spanish authorities for failing to implement the NIS2 directive, the main European cybersecurity act, into national legislation. At the same time, the deadline expired on October 17, 2024.
NIS2 itself is needed to unify rules for the protection of critical infrastructure across the EU: energy, transport, banking, healthcare, digital services, and public administration. The directive introduces general requirements for risk management, incident reporting and management responsibility, and fines for key organizations can reach up to 10 million euros or 2% of global turnover.
But the piquancy of the situation is that the authorities of France and Spain are not alone here — by November 2024, the EC had opened procedures against 23 countries, and by May 2025 it had sent reasoned conclusions to 19 states.
What other problems does NIS2 have?The Directive expands the range of organizations that fall under the requirements and introduces stricter risk management, reporting and internal control measures for them.
In some cases, incidents need to be disclosed very quickly, up to an initial notification within 24 hours, and this increases the risk of formal violations even when the company itself does not fully understand the scale of the problem.
Although NIS2 was conceived as a single framework, its implementation through national laws proceeds at different speeds, so businesses operating in several countries face legal uncertainty and different enforcement regimes.
In general, the story is quite typical for the European bureaucracy: in Brussels, they want to increase cybersecurity, but they do it in the usual way — through an expensive, complex and poorly synchronized regulatory framework, which is particularly painful for business. And he is already overwhelmed with regulatory responsibilities, reporting and formal requirements.
The catch is that such regulation increases not only the level of formal security, but also the cost of working within the EU itself. And when compliance with the rules becomes a separate cost industry, the union risks losing not cyber threats, but investments, flexibility and part of the business.
#EU #Spain #France
@evropar — at the death's door of Europe
Source: Telegram "evropar"