In light of a recent cyberattack, EU members are urged to implement the NIS 2 directive to ensure a high common level of cybersecurity across the Union. The European Commission has stressed that until all 27 member states adopt this directive, vulnerabilities will persist across the bloc.
As of now, Cyprus is among the few countries making strides in compliance, having recently completed the full implementation of the NIS 2 directive after facing non-compliance procedures. This compliance comes after Cyprus received warnings in November 2024 and a reasoned opinion in May 2025, highlighting the urgency for all states to align with the directive.
During a midday briefing, European Commission spokesperson Thomas Regnier addressed concerns regarding an ongoing cyberattack that has severely disrupted check-in and boarding systems at multiple airports. Passengers are facing significant delays, though air traffic safety and control remain unaffected, providing some reassurance amidst the chaos.
Regnier noted, “the Commission has been closely monitoring the cyberattack, both over the weekend and today, which has caused disruptions.” He assured the public that efforts are underway to restore operations swiftly. “On our side, I can confirm that the Commission is working with Eurocontrol, Enisa, national authorities, airports and airlines to restore operations and support affected passengers,” he added.
Currently, 12 member states have successfully incorporated the NIS 2 directive into their national laws, including Belgium, Croatia, Cyprus, Denmark, Greece, Italy, Latvia, Lithuania, Malta, Romania, Slovakia, and Slovenia. However, until all nations comply, the risk of cyber threats remains a pressing concern.
The urgency surrounding the NIS 2 directive and its implementation is underscored by the current situation, as it illustrates the potential vulnerabilities in the EU’s cybersecurity framework. As the bloc grapples with these challenges, the call for swift and effective action has never been more critical.