Top
Top

NIS2 Implementation in the EU

Ireland

(Europe) Firm Arthur Cox

Contributors Colin Rooney
Vivian Spies

Updated 04 Feb 2025
Status

Ongoing

Status of the NIS2 Implementation Act

The Irish Government published the General Scheme of the National Cyber Security Bill 2024 (“General Scheme”) on 30 August 2024. This Scheme will inform the drafting of the National Cyber Security Bill. The National Cyber Security Bill has not yet been published. The provisions contained within the General Scheme are therefore subject to change.

If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive

The General Scheme is closely modeled on the NIS2 Directive, albeit with several local idiosyncrasies expected in transposition. Some of the more significant deviations include:

  • Enforcement
    The General Scheme introduces processes for exercising enforcement powers that are not prescribed in the NIS2 Directive. It provides that the enforcement powers of the national competent authority are to be exercised by way of a ‘compliance notice’ that is served on the relevant essential/important entity. Certain Public Bodies (discussed below) and Public Administration Entities appear (although the drafting is unclear) to be exempt from enforcement actions and penalties.
  • Sensor Employment
    The General Scheme provides that the NCSC may deploy sensors on essential and important entities, with their consent, where necessary to detect and manage risks to network and information security.
  • Public Body
    The General Scheme introduces the concept of “public bodies“ which is distinct from the concept of a “public administration entity“.
  • System of self-registration
    Head 31 of the General Scheme lists specific types of entities (TLD name registries, DNS service providers, domain name registration service providers, cloud computing service providers, data center service providers, content delivery network providers, managed service providers, managed security service providers, online marketplaces, online search engines and social networking platforms) that must self-register with the NCSC by submitting certain information to the NCSC by January 17, 2025. The General Scheme also provides that the NCSC must establish a list of essential and important entities by April 17, 2025, and that, in order to do this, the Minister shall require essential and important entities to submit certain details to the relevant competent authorities.
Expected date of entry into force of the Implementation Act

As the Cybersecurity Bill has yet to be published and go through the legislative process, the date on which final transposing legislation can be expected is not clear.

NIS2 Implementation in the EU

Ireland

(Europe) Firm Arthur Cox

Contributors Colin Rooney Vivian Spies

Updated 04 Feb 2025