NIS2 coverage
NIS2 compliance guidance for every EU+EEA country.
Audit41 Readiness covers all 30 EU+EEA member states. Select your country for jurisdiction-specific requirements, deadlines, and what your organisation must do.
Phase 1: Full guidance available
๐ฉ๐ฐ Denmark
Center for Cybersikkerhed (CFCS)
NIS2-loven Article 21 risk management measures must be in place.
๐ญ๐บ Hungary
SZTFH (Supervisory Authority for Regulated Activities)
First mandatory cybersecurity audit must be completed by June 30, 2026.
๐ธ๐ฐ Slovakia
NBร, Nรกrodnรฝ bezpeฤnostnรฝ รบrad (National Security Authority)
Full NIS2 compliance is required by 31 December 2026.
๐จ๐ฟ Czech Republic
NรKIB, Nรกrodnรญ รบลad pro kybernetickou a informaฤnรญ bezpeฤnost (National Cyber and Information Security Agency)
The Czech Cybersecurity Act (Act No. 264/2025 Coll.) has been in force since 1 November 2025. Organisations in scope on that date had to notify NรKIB within 60 days, by 31 December 2025. If your organisation is in scope and has not registered, it is already past the statutory deadline. Organisations that come into scope later must notify within 60 days. Security measures must be in place within 12 months of registration confirmation.
Phase 2: Guidance available
๐ง๐ช Belgium
Centre for Cybersecurity Belgium (CCB)
Essential entities must demonstrate conformity to CCB by April 18, 2026.
๐ณ๐ฑ Netherlands
NCSC-NL / RDI (Rijksinspectie Digitale Infrastructuur)
The Cyberbeveiligingswet enters full force October 1, 2026. EU baseline obligations apply now.
All 30 EU+EEA countries
Country-specific guidance for all EU+EEA states is being finalised. The self-check already applies country-specific classification rules for all 30 countries.
Pursuing ISO 27001 certification? See our ISO 27001 guidance โ
Not sure which country applies to your organisation?
If you operate across multiple EU member states, start with the self-check. It handles multi-jurisdiction situations.
Start your free self-check โ