The European Commission has opened two infringement proceedings against Poland due to the continued failure to amend the Act on the National Cybersecurity System. Additionally, new regulations for the protection of critical infrastructure have not been implemented. According to EU regulations, member states were required to transpose the NIS2 Directive by October 17 of this year. However, that deadline has passed, and 24 countries still have not met this requirement. As reported earlier in November, the regulation is expected to cover 350,000 entities across the EU.
On Thursday, citing the need to increase resilience against cyber incidents across the community, the European Commission formally notified governments of those countries that failed to implement the directive. These countries have two months to respond. If the Commission deems their actions insufficient, it may issue a reasoned opinion and subsequently refer the matter to the Court of Justice of the EU. The European
The Commission is awaiting responses from each council of ministers within next two months. After this period, if the Commission finds the response inadequate, it will issue what is known as a reasoned opinion. The final step would be referring the case to the Court of Justice of the EU.