Skip to content
LIVE · DISPATCH 26·189
EUROPAEXPRESS

Commission refers four EU nations to court over cybersecurity directive

The European Commission has referred Ireland, Spain, France and the Netherlands to the Court of Justice for failing to implement mandatory cybersecurity legislation.

By 8 Jul 2026 · 11:00 CET Updated 8 Jul 2026 · 11:00 CET

AI disclosure: Summarised from a single named source by an AI model with editorial rules; links to the original report.

According to the European Commission, the four member states have failed to notify the executive body of measures taken to transpose the NIS2 Directive into their respective national laws. This directive, formally known as Directive (EU) 2022/2555, establishes legal requirements for securing network and information systems across the European Union.

The failure to transpose these rules has led the Commission to refer the cases to the Court of Justice of the European Union. This legal action follows the deadline set for member states to adopt and publish the measures necessary to comply with the directive.

Source: European Commission. Read the original report ↗

Source ledger

  • This brief is based on reporting by European Commission.
    supports: European Commission