Back to home
GDPR & NIS2 Regulatory Landscape Across Europe
Each EU Member State has its own Data Protection Authority and NIS2 transposition timeline. Explore compliance requirements by country.
NIS2 Status:
Transposed into national law
Transposition in progress
Transposition delayed
🇩🇪
Germany
DENIS2 Transposed
Data Protection Authority
BfDI (Federal Commissioner for Data Protection)
NIS2 Competent Authority
BSI (Federal Office for Information Security)
2025 GDPR Enforcement
42 enforcement actions
Key Focus Areas
Employee data protectionConsent managementIT security (BSI standards)
🇫🇷
France
FRNIS2 Transposed
Data Protection Authority
CNIL (Commission Nationale de l'Informatique et des Libertés)
NIS2 Competent Authority
ANSSI (National Agency for Information Systems Security)
2025 GDPR Enforcement
38 enforcement actions
Key Focus Areas
Cookie complianceAdvertising trackingAI governance
🇳🇱
Netherlands
NLNIS2 In Progress
Data Protection Authority
Autoriteit Persoonsgegevens
NIS2 Competent Authority
NCSC (National Cyber Security Centre)
2025 GDPR Enforcement
28 enforcement actions
Key Focus Areas
Data breachesDirect marketingGovernment data processing
🇮🇹
Italy
ITNIS2 Transposed
Data Protection Authority
Garante per la protezione dei dati personali
NIS2 Competent Authority
ACN (National Cybersecurity Agency)
2025 GDPR Enforcement
35 enforcement actions
Key Focus Areas
TelemarketingHealth dataAI and automated decision-making
🇪🇸
Spain
ESNIS2 In Progress
Data Protection Authority
AEPD (Agencia Española de Protección de Datos)
NIS2 Competent Authority
CCN-CERT (National Cryptologic Center)
2025 GDPR Enforcement
45 enforcement actions
Key Focus Areas
Video surveillanceData access rightsSmall business compliance
🇵🇱
Poland
PLNIS2 In Progress
Data Protection Authority
UODO (Personal Data Protection Office)
NIS2 Competent Authority
CSIRT GOV / NASK
2025 GDPR Enforcement
22 enforcement actions
Key Focus Areas
Public sector complianceMarketing consentData breach notification
🇦🇹
Austria
ATNIS2 Transposed
Data Protection Authority
DSB (Datenschutzbehörde)
NIS2 Competent Authority
BMI Cybersecurity / NIS Authority
2025 GDPR Enforcement
15 enforcement actions
Key Focus Areas
Google Analytics complianceInternational transfersEmployee monitoring
🇸🇪
Sweden
SENIS2 Transposed
Data Protection Authority
IMY (Integritetsskyddsmyndigheten)
NIS2 Competent Authority
MSB (Swedish Civil Contingencies Agency)
2025 GDPR Enforcement
18 enforcement actions
Key Focus Areas
Camera surveillanceCredit scoringMunicipal data processing
🇵🇹
Portugal
PTNIS2 In Progress
Data Protection Authority
CNPD (Comissão Nacional de Proteção de Dados)
NIS2 Competent Authority
CNCS (National Cybersecurity Centre)
2025 GDPR Enforcement
12 enforcement actions
Key Focus Areas
Public sector data handlingCookie consent enforcementCross-border transfers
🇧🇪
Belgium
BENIS2 Transposed
Data Protection Authority
APD/GBA (Autorité de protection des données)
NIS2 Competent Authority
CCB (Centre for Cybersecurity Belgium)
2025 GDPR Enforcement
20 enforcement actions
Key Focus Areas
Direct marketingLegitimate interest assessmentsCookie walls
🇮🇪
Ireland
IENIS2 In Progress
Data Protection Authority
DPC (Data Protection Commission)
NIS2 Competent Authority
NCSC (National Cyber Security Centre)
2025 GDPR Enforcement
14 enforcement actions (incl. major Big Tech fines)
Key Focus Areas
Big Tech enforcementInternational data transfersChildren’s data protection
🇳🇴
Norway
NONIS2 In Progress
Data Protection Authority
Datatilsynet
NIS2 Competent Authority
NSM (National Security Authority)
2025 GDPR Enforcement
10 enforcement actions
Key Focus Areas
AI and facial recognitionEmployee monitoringHealth sector data
🇭🇺
Hungary
HUNIS2 Delayed
Data Protection Authority
NAIH (National Authority for Data Protection and Freedom of Information)
NIS2 Competent Authority
NBSZ (National Security Service)
2025 GDPR Enforcement
16 enforcement actions
Key Focus Areas
Government surveillance transparencyConsent managementData breach notifications
🇩🇰
Denmark
DKNIS2 Transposed
Data Protection Authority
Datatilsynet
NIS2 Competent Authority
CFCS (Centre for Cyber Security)
2025 GDPR Enforcement
14 enforcement actions
Key Focus Areas
Cloud services complianceMunicipal data processingProcessor oversight
Not sure where you stand?
Our assessment automatically adapts to your country and sector, giving you guidance aligned with your local regulatory requirements.
Start Free Assessment