Fieldfisher, 2025. NIS2 across the EU -summary.
To whom does the Cybersecurity Act apply?
The Cybersecurity Act applies to entities in the following sectors, as further specified in the law:
- Transport
- Space
- Digital Infrastructure
- ICT service management
- Energy
- Health
- Drinking water & waste water
- Postal and courier services
- Providers of digital services
- Research organisations
- Manufacture, production and distribution of chemicals
- Production, processing and distribution of food
- Waste management
- Manufacturing
- Manufacture of motor vehicles, trailers and semi-trailers
- Manufacture of other transport equipment
- Manufacture of medical devices and in vitro diagnostic medical devices
- Manufacture of computer, electronic and optical products
- Manufacture of electrical and machinery equipment
It is important to assess the applicability of the law on a case-by-case basis. Entities to which the Cybersecurity Act applies must register in the list of entities maintained by the supervisory authority by May 8, 2025. More detailed information about the supervisory authorities can be found, for example, on the Traficom website.
Implementation in EU countries – HH Partners involved in Fieldfisher’s collaborative project
HH Partners has participated, representing Finland, in a collaborative project coordinated by Fieldfisher, which monitors the implementation of the NIS 2 Directive in various EU countries. The accompanying map illustrates the implementation status in different countries. More information on the topic can be found in Fieldfisher’s publication.
