	NIS2 Implementation in the EU
	Finland
	(Europe) Firm Roschier, Attorneys Ltd. Contributors Johanna Lilja Updated 26 Jan 2026
Status of the legislative process	Enacted
Status of the NIS2 Implementation Act	The NIS2 Directive has been transposed into Finnish law by the Finnish Cybersecurity Act (124/2025), consolidating the obligations related to cybersecurity risk management and incident reporting for entities within its scope. Please note, supervision under the Cybersecurity Act is divided among several sectoral national authorities in Finland. The Finnish Transport and Communications Agency's ("Traficom") Cyber Security Centre acts as the single point of contact referred to in the Cybersecurity Act.
Significant deviations of the National Implementation Act from the NIS2 Directive, if any	The Cybersecurity Act implemented NIS2 into national legislation at the minimum level required, both in terms of scope and obligations.
Date of entry into force of the Implementation Act	The Cybersecurity Act entered into force on 8 April 2025.

NIS2 Implementation in the EU

Back XLS

Status of the legislative process

Enacted

Status of the NIS2 Implementation Act

The NIS2 Directive has been transposed into Finnish law by the Finnish Cybersecurity Act (124/2025), consolidating the obligations related to cybersecurity risk management and incident reporting for entities within its scope.

Please note, supervision under the Cybersecurity Act is divided among several sectoral national authorities in Finland. The Finnish Transport and Communications Agency's ("Traficom") Cyber Security Centre acts as the single point of contact referred to in the Cybersecurity Act.

Significant deviations of the National Implementation Act from the NIS2 Directive, if any

The Cybersecurity Act implemented NIS2 into national legislation at the minimum level required, both in terms of scope and obligations.

Date of entry into force of the Implementation Act

The Cybersecurity Act entered into force on 8 April 2025.