Enforcement action · European Commission
European Commission vs. Ireland, Spain, France and the Netherlands (non-transposition of NIS2 Directive)
European Commission vs. Ireland, Spain, France and the Netherlands (non-transposition of NIS2 Directive) is an AI-related enforcement action involving European Commission. The European Commission has referred Ireland, Spain, France, and the Netherlands to the CJEU for failing to transpose the NIS2 Directive into national law.
Action details
- Agency
- European Commission
- Jurisdiction
- EU
- Enforcement type
- complaint
- Document type
- agency report
- Topic
- national security
Summary
The European Commission has initiated legal proceedings against Ireland, Spain, France, and the Netherlands by referring them to the Court of Justice of the European Union. This action is due to their failure to transpose the NIS2 Directive (Directive (EU) 2022/2555), which aims to strengthen cybersecurity across the EU, into their national legal frameworks, signalling active enforcement of EU cybersecurity obligations.
Primary source
https://ec.europa.eu/commission/presscorner/detail/en/ip_26_1499 →Related European Commission actions
- [EU Digital Strategy] Commission preliminarily finds the addictive design of Instagram and Facebook in breach of the Digital Services Act enforcement action 7/10/2026
- European Commission v. Temu enforcement action 5/28/2026
- [EU Digital Strategy] Commission preliminarily finds Meta in breach of Digital Services Act for failing to prevent minors under 13 from using Instagram and Facebook enforcement action 4/29/2026
- [EU Commission Press] Commission preliminarily finds Meta in breach of Digital Services Act for failing to prevent minors under 13 from using Instagram and Facebook enforcement action 4/28/2026
- [EU Commission Press] Daily News 10 / 07 / 2026 agency report 7/10/2026
Frequently asked questions
- What is European Commission vs. Ireland, Spain, France and the Netherlands (non-transposition of NIS2 Directive)?
- The European Commission has initiated legal proceedings against Ireland, Spain, France, and the Netherlands by referring them to the Court of Justice of the European Union. This action is due to their failure to transpose the NIS2 Directive (Directive (EU) 2022/2555), which aims to strengthen cybersecurity across the EU, into their national legal frameworks, signalling active enforcement of EU cybersecurity obligations. Primary source →
- Which agency brought the action?
- European Commission brought this enforcement action in EU. Primary source →
- What was the penalty?
- No specific penalty amount is disclosed in the primary source AIGI tracked for this action. Some enforcement actions resolve through injunctive relief, consent decrees, or behavioural undertakings rather than monetary penalty. Primary source →
- When did the action take effect?
- The most recent activity on this action was published on 7/7/2026. Primary source →
- Where can I find the primary source?
- The primary source for European Commission vs. Ireland, Spain, France and the Netherlands (non-transposition of NIS2 Directive) is at https://ec.europa.eu/commission/presscorner/detail/en/ip_26_1499. AIGI does not paraphrase secondary commentary — every claim on this page links back to that primary source. Primary source →
Related
Stay informed