Select your country

BelgiumBelgium

ChinaChina

DenmarkDenmark

FranceFrance

GermanyGermany

GlobalGlobal

Maghreb & West AfricaMaghreb & West Africa

NetherlandsNetherlands

NorwayNorway

South AfricaSouth Africa

SwedenSweden

SwitzerlandSwitzerland

United KingdomUnited Kingdom

Not finding what you are looking for, select your country from our regional selector:

Search

  1. Denmark
  2. Insights
  3. Blog
  4. Regulations
  5. July 1st Is the New Date for NIS2 Implementation in Danish Legislation

July 1st Is the New Date for NIS2 Implementation in Danish Legislation

CybersecurityNIS2OT securityRegulations

Share

Ulrik Ledertoug

Director of Business Development and Services

The implementation date for NIS2 in Danish legislation has now been postponed for the fourth time. Initially delayed once, then twice, three times, and now, just three days before the original implementation deadline, the Ministry of Public Safety and Emergency Management announced that the implementation of NIS2 – the directive that aims to ensure a high level of cybersecurity across the EU – will now take effect on July 1, 2025 – nearly nine months after the EU deadline.

Many Delays and Postponements

The NIS2 directive will come into effect on October 17 across Europe – except in Denmark. The directive is crucial for improving cybersecurity throughout the EU, but Denmark is lagging behind in its implementation. The Ministry of Defense had already announced on February 5, 2024, that the work on NIS2 was taking longer than expected. The draft legislation was initially planned to be presented in the first quarter of 2024, but the complex process has now led to multiple delays.

Defense Minister Troels Lund Poulsen had originally hoped that NIS2 could be enforced by the end of 2024. However, this date has been moved several times – first to January 2025, then to March, and now the final implementation is set for July 1, 2025.

Desire for Good Dialogue Before Implementation

Minister for Public Safety and Emergency Management, Torsten Schack Pedersen, commented on the latest delay with the following statement:

"As I have said before, the cybersecurity sector is simply too important to rush through anything. Therefore, in the coming weeks and months, we will involve businesses, organizations, and other relevant stakeholders in discussions about the ongoing work to implement the NIS2 directive. And we will continue a good dialogue throughout the period until the law comes into effect."

On the other hand, Ulrik Ledertoug, Director of Business Development & Services at Orange Cyberdefense Denmark, expressed frustration over the delay:

“It’s disappointing that the Danish implementation of the new cybersecurity regulations won’t be introduced until a year after the original plan. These delays benefit neither Denmark nor Danish businesses."

Fear the Delay Will Become a Crutch

Ledertoug emphasizes that the repeated delays could have serious consequences for Denmark’s cybersecurity. He warns that companies and organizations may deprioritize cybersecurity in the meantime: "However you look at it, the announcement from the Ministry of Defense is a sign of procrastination that will act as a crutch for cybersecurity in Denmark."

He also highlights that the increased geopolitical uncertainty makes it even more necessary to strengthen cybersecurity: "It is critical for society that we strengthen cybersecurity due to the unstable geopolitical situation in the world, which has significantly increased the cyber threat. But without Danish NIS2 legislation, I fear that management teams and boards will focus on other areas until they are legally obliged to act."

The Importance of a Simple Implementation Model

Another important challenge is the often complex implementation of EU regulations in individual countries. Ledertoug points out the need for a more uniform approach if NIS2 is to function effectively in Denmark and the rest of Europe: "My advice would be to now focus on developing a simple implementation model for NIS2. Much regulation in both Denmark and Europe is implemented in vastly different ways, which makes it extremely complicated for businesses to operate across sectors and countries."

This statement highlights the need for a pragmatic approach to implementation, considering the practical consequences for businesses and organizations operating internationally.

The Consequences for Cybersecurity

The delay in the NIS2 implementation could have serious implications for Danish organizations that rely on clear guidelines to secure their systems against cyber threats. While many businesses are already working to enhance their cybersecurity, the lack of national legislation creates uncertainty around their obligations and requirements.

Ulrik Ledertoug concludes: "It is a serious mistake that we do not have a clear and structured implementation of NIS2 already. The Danish delay leaves businesses in a legal vacuum, which weakens their ability to handle cyber threats effectively."

The Purpose of the NIS2 Directive

The goal of the NIS2 directive is to strengthen and harmonize cybersecurity across the EU for companies, public organizations, and authorities dealing with areas characterized as critical to society. The directive imposes requirements for cybersecurity measures, incident reporting, and strengthened oversight and enforcement.

NIS2 Includes the Following Sectors and Industries

  • Energy sector
  • Transport sector
  • Healthcare sector
  • Financial sector
  • Manufacturing industries
  • Water supply, wastewater, and waste management
  • Digital infrastructure
  • Public administration

 

If you need advice on how your business should approach the NIS2 directive or the DORA regulation, please contact one of our experts or fill out the form below.

Bo Drejer

GRC Manager

Jonas Jacobsen

MSS Sales Specialist

Ulrik Ledertoug

Director of Business Development & Services

We will contact you.

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.