Top
Top

NIS2 Implementation in the EU

Latvia

(Europe) Firm Ellex Klavins

Contributors Sarmis Spilbergs
Edvijs Zandars

Updated 05 Feb 2025
Status

Enacted

Status of the NIS2 Implementation Act

The NIS2 Directive is implemented in national legislation with the adoption of the National Cybersecurity Law (Nacionālais kiberdrošības likums).

In addition to the National Cybersecurity Law, separate Cabinet of Minister regulations shall be adopted, which will further implement the requirements of the NIS2 Directive. Most importantly, the Cabinet of Ministers Rules on Minimum Cybersecurity Requirements which implements Art. 21 of the NIS2 shall be adopted (not yet adopted).

If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive
  • The National Cybersecurity Law closely mirrors NIS2 requirements and obligations.
  • Under the national law organizations must perform a self-assessment to determine whether it confirms the status of important or essential entity and must notify the supervisory authority if it confirms by 1 April 2025. In addition to essential and important entities, the national law implementing NIS2 also applies to owners/holders of critical infrastructure of information technologies.
  • Subject scope extends also to direct and intermediate administrative bodies and other state institutions (except for state security institutions), all electronic communication merchants are considered essential entities, medium and large entities providing security services as well, regardless of the size of the entity, the maintainers of educational information systems are considered as important entities.
  • The subjects will have to submit to the competent authority a self-assessment report, which indicates whether the entity complies with the statutory requirements and provides explanations for any non-compliance with the national law. The first self-assessment report will have to be submitted by October 1, 2025.
Expected date of entry into force of the Implementation Act

The National Cybersecurity Law came into force on 1 September 2024.

The Cabinet of Ministers Rules on Minimum Cybersecurity Requirements are expected to be adopted in March-April 2025.

NIS2 Implementation in the EU

Latvia

(Europe) Firm Ellex Klavins

Contributors Sarmis Spilbergs Edvijs Zandars

Updated 05 Feb 2025