Top
Top

NIS2 Implementation in the EU

Greece

(Europe) Firm Zepos & Yannopoulos

Contributors Theodore Konstantakopoulos

Updated 30 Jan 2025
Status

Enacted

Status of the NIS2 Implementation Act

The NIS2 has been transposed by virtue of Law 5160/2024

If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive
  • Closely modeled on the NIS2 Directive.
  • First-tier and second-tier local government bodies are within scope; the list of sectors and/or subsectors falling within the scope of Law 5160/2024 may be extended by virtue of a Ministerial Decision.
  • Certain obligations for entities within scope are introduced (e.g., appointment of an Information Technology Systems and Communications Security Officer, adoption of unified cybersecurity policy, maintenance of a comprehensive inventory of tangible and intangible information and communication assets).
  • Management of essential and important entities is liable for infringements of provisions in relation to the adoption of cybersecurity risk-management measures and training.
  • Non-compliance can result in significant sanctions, ranging from EUR 100,000 to EUR 10,000,000, depending on the nature and severity of the breach.
  • Secondary legislation is expected, which will specify certain important aspects of Law 5160/2024.
Expected date of entry into force of the Implementation Act

Law 5160/2024 has been in force since 27 November 2024 (for first-tier local government bodies the law’s enforcement begins on 27 November 2025).

NIS2 Implementation in the EU

Greece

(Europe) Firm Zepos & Yannopoulos

Contributors Theodore Konstantakopoulos

Updated 30 Jan 2025