NIS2 Implementation in the EU |
|
Greece |
|
(Europe)
Firm
Zepos & Yannopoulos
Contributors
Theodore Konstantakopoulos |
|
Status | Enacted |
Status of the NIS2 Implementation Act | The NIS2 has been transposed by virtue of Law 5160/2024. |
If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive |
|
Expected date of entry into force of the Implementation Act | Law 5160/2024 has been in force since 27 November 2024 (for first-tier local government bodies the law’s enforcement begins on 27 November 2025). |
NIS2 Implementation in the EU
Greece
(Europe) Firm Zepos & YannopoulosContributors Theodore Konstantakopoulos
Updated 30 Jan 2025Enacted
The NIS2 has been transposed by virtue of Law 5160/2024.
- Closely modeled on the NIS2 Directive.
- First-tier and second-tier local government bodies are within scope; the list of sectors and/or subsectors falling within the scope of Law 5160/2024 may be extended by virtue of a Ministerial Decision.
- Certain obligations for entities within scope are introduced (e.g., appointment of an Information Technology Systems and Communications Security Officer, adoption of unified cybersecurity policy, maintenance of a comprehensive inventory of tangible and intangible information and communication assets).
- Management of essential and important entities is liable for infringements of provisions in relation to the adoption of cybersecurity risk-management measures and training.
- Non-compliance can result in significant sanctions, ranging from EUR 100,000 to EUR 10,000,000, depending on the nature and severity of the breach.
- Secondary legislation is expected, which will specify certain important aspects of Law 5160/2024.
Law 5160/2024 has been in force since 27 November 2024 (for first-tier local government bodies the law’s enforcement begins on 27 November 2025).