Audit41Readiness
🇩🇰Denmark

NIS2 in Denmark: What your organisation must do.

NIS-2-loven (L 141) · In force July 1, 2025

Denmark has transposed the EU NIS2 Directive. If your organisation operates in a covered sector, you are likely in scope and must comply with Center for Cybersikkerhed (CFCS) requirements.

67d 9h 9m

Article 21 compliance deadline

NIS2-loven Article 21 risk management measures must be in place.

Registration via Virk.dk was due October 1, 2025. If not yet registered, do so immediately.

Check your NIS2 scope — free →See Audit41 Readiness →

Entity classification

Are you an Essential or Important Entity?

Essential Entity

250+ employees or €50M+ turnover in Annex I sector

Penalties: up to €10M or 2% of global turnover

Proactive supervision — authorities can audit at any time

Important Entity

50+ employees or €10M+ turnover in Annex I or II sector

Penalties: up to €7M or 1.4% of global turnover

Reactive supervision — investigated when non-compliance is indicated

Not sure which classification applies to your organisation? The free self-check takes 3 minutes and tells you exactly where you stand — including Denmark-specific rules. Start free self-check →

What Denmark requires

Your obligations under NIS-2-loven (L 141).

1

Register via Virk.dk (registration deadline was October 1, 2025)

2

Implement Article 21 risk management measures

3

Report significant incidents within 24 hours (early warning) and 72 hours (full report)

4

Management body accountability — board must approve cybersecurity measures

5

Supply chain security due diligence

6

Business continuity and crisis management plans

ISO 27001 in Denmark

ISO 27001 is a useful framework for NIS2 compliance in Denmark but no formal presumption of conformity exists under Danish law.

Sectors in scope in Denmark

Energy(separate legislation in force March 7, 2025)TransportHealthDrinking waterDigital infrastructureICT service managementPublic administrationFood productionManufacturingDigital providers

What makes Denmark different

Denmark does NOT impose administrative fines — enforcement is through corrective orders and prohibition notices.

Finance and banking in Denmark falls under DORA, not NIS2.

Public administration entities including municipalities are in scope.

The Danish Energy Agency, Financial Supervisory Authority, and telecoms regulators maintain sector-specific oversight.

Know exactly where you stand on NIS2 in Denmark.

The free self-check takes 3 minutes. It applies Denmark-specific rules, tells you your entity type, and recommends the right assessment plan.

Start Denmark self-check — free →