Back to home
GDPR & NIS2 Regulatory Landscape Across Europe
Each EU Member State has its own Data Protection Authority and NIS2 transposition timeline. Explore compliance requirements by country.
NIS2 Status:
Transposed into national law
Transposition in progress
Transposition delayed
🇩🇪
Germany
DENIS2 In Progress
Data Protection Authority
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
NIS2 Competent Authority
BSI (Federal Office for Information Security)
2025 GDPR Enforcement
42 enforcement actions
Key Focus Areas
Employee data protectionConsent managementIT security (BSI standards)
🇫🇷
France
FRNIS2 In Progress
Data Protection Authority
Commission Nationale de l'Informatique et des Libertés (CNIL)
NIS2 Competent Authority
ANSSI (National Agency for Information Systems Security)
2025 GDPR Enforcement
38 enforcement actions
Key Focus Areas
Cookie complianceAdvertising trackingAI governance
🇳🇱
Netherlands
NLNIS2 Delayed
Data Protection Authority
Autoriteit Persoonsgegevens (AP)
NIS2 Competent Authority
NCSC (National Cyber Security Centre)
2025 GDPR Enforcement
28 enforcement actions
Key Focus Areas
Data breachesDirect marketingGovernment data processing
🇪🇸
Spain
ESNIS2 In Progress
Data Protection Authority
Agencia Española de Protección de Datos (AEPD)
NIS2 Competent Authority
CCN-CERT (National Cryptologic Center)
2025 GDPR Enforcement
45 enforcement actions
Key Focus Areas
Video surveillanceData access rightsSmall business compliance
🇮🇹
Italy
ITNIS2 Transposed
Data Protection Authority
Garante per la protezione dei dati personali
NIS2 Competent Authority
ACN (National Cybersecurity Agency)
2025 GDPR Enforcement
35 enforcement actions
Key Focus Areas
TelemarketingHealth dataAI and automated decision-making
🇵🇱
Poland
PLNIS2 Delayed
Data Protection Authority
UrzÄ…d Ochrony Danych Osobowych (UODO)
NIS2 Competent Authority
CSIRT GOV / NASK
2025 GDPR Enforcement
22 enforcement actions
Key Focus Areas
Public sector complianceMarketing consentData breach notification
🇵🇹
Portugal
PTNIS2 Delayed
Data Protection Authority
Comissão Nacional de Proteção de Dados (CNPD)
NIS2 Competent Authority
CNCS (National Cybersecurity Centre)
2025 GDPR Enforcement
12 enforcement actions
Key Focus Areas
Public sector data handlingCookie consent enforcementCross-border transfers
🇸🇪
Sweden
SENIS2 In Progress
Data Protection Authority
Integritetsskyddsmyndigheten (IMY)
NIS2 Competent Authority
MSB (Swedish Civil Contingencies Agency)
2025 GDPR Enforcement
18 enforcement actions
Key Focus Areas
Camera surveillanceCredit scoringMunicipal data processing
🇦🇹
Austria
ATNIS2 Delayed
Data Protection Authority
Österreichische Datenschutzbehörde (DSB)
NIS2 Competent Authority
BMI Cybersecurity / NIS Authority
2025 GDPR Enforcement
15 enforcement actions
Key Focus Areas
Google Analytics complianceInternational transfersEmployee monitoring
🇧🇪
Belgium
BENIS2 Transposed
Data Protection Authority
Autorité de protection des données / Gegevensbeschermingsautoriteit (APD/GBA)
NIS2 Competent Authority
CCB (Centre for Cybersecurity Belgium)
2025 GDPR Enforcement
20 enforcement actions
Key Focus Areas
Direct marketingLegitimate interest assessmentsCookie walls
🇩🇰
Denmark
DKNIS2 In Progress
Data Protection Authority
Datatilsynet
NIS2 Competent Authority
CFCS (Centre for Cyber Security)
2025 GDPR Enforcement
14 enforcement actions
Key Focus Areas
Cloud services complianceMunicipal data processingProcessor oversight
🇫🇮
Finland
FINIS2 In Progress
Data Protection Authority
Tietosuojavaltuutetun toimisto (Office of the Data Protection Ombudsman)
NIS2 Competent Authority
Traficom National Cyber Security Centre Finland (NCSC-FI)
2025 GDPR Enforcement
12 enforcement actions
Key Focus Areas
Healthcare and digital health data processingPublic register transparency vs. data protectionWorkplace data protectionDigital service and app compliancePersonal identity code processing
🇮🇪
Ireland
IENIS2 In Progress
Data Protection Authority
Data Protection Commission (DPC)
NIS2 Competent Authority
NCSC Ireland
2025 GDPR Enforcement
14 enforcement actions (incl. major Big Tech fines)
Key Focus Areas
Big Tech enforcementInternational data transfersChildren’s data protection
ðŸ‡ðŸ‡º
Hungary
HUNIS2 Delayed
Data Protection Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
NIS2 Competent Authority
NBSZ (National Security Service)
2025 GDPR Enforcement
16 enforcement actions
Key Focus Areas
Government surveillance transparencyConsent managementData breach notifications
Not sure where you stand?
Our assessment automatically adapts to your country and sector, giving you guidance aligned with your local regulatory requirements.
Start Free Assessment