	NIS2 Implementation in the EU
	Lithuania
	(Europe) Firm Ellex Valiunas Contributors Migle Petkeviciene Ignas Sidaras Updated 30 Jan 2025
Status	Enacted
Status of the NIS2 Implementation Act	The general requirements of NIS2 have been transposed into the amended Republic of Lithuania Law on Cyber Security (hereinafter – the “LCS”) (lit. Lietuvos Respublikos kibernetinio saugumo įstatymas), which was adopted on 11 July 2024, and came into force on 18 October 2024. Additional regulations, further elaborating on technical and organizational measures, reporting, designation of cybersecurity entities and more were adopted on 11 November 2024.
If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive	The extended scope of application includes: local level public administration; entities that pursue critical research or experimental development activities (which may include universities); and electronic information hosting service providers. Entities do not need to register with the authorities if they fall under the NIS2 scope. The National Cyber Security Centre, together with other governmental institutions, will determine which entities fall under the NIS2 scope and, based on their assessment results, contact such entities and include them in a specific NIS2 entity list by 17 April 2025. An extensive list of mandatory technical and organizational measures was adopted by the government. In-scope entities will have a 12-24 months transitional period to incorporate them in practice.
Expected date of entry into force of the Implementation Act	The LCS has been in force since 18 October 2024 whereas further implementing acts, detailing reporting mechanisms, technical and organizational measures, enforcement measures and more, were adopted on 11 November 2024 and came into force on 12 November 2024.

NIS2 Implementation in the EU

Back XLS

Status

Enacted

Status of the NIS2 Implementation Act

The general requirements of NIS2 have been transposed into the amended Republic of Lithuania Law on Cyber Security (hereinafter – the “LCS”) (lit. Lietuvos Respublikos kibernetinio saugumo įstatymas), which was adopted on 11 July 2024, and came into force on 18 October 2024. Additional regulations, further elaborating on technical and organizational measures, reporting, designation of cybersecurity entities and more were adopted on 11 November 2024.

If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive

The extended scope of application includes: local level public administration; entities that pursue critical research or experimental development activities (which may include universities); and electronic information hosting service providers.
Entities do not need to register with the authorities if they fall under the NIS2 scope. The National Cyber Security Centre, together with other governmental institutions, will determine which entities fall under the NIS2 scope and, based on their assessment results, contact such entities and include them in a specific NIS2 entity list by 17 April 2025.
An extensive list of mandatory technical and organizational measures was adopted by the government. In-scope entities will have a 12-24 months transitional period to incorporate them in practice.

Expected date of entry into force of the Implementation Act

The LCS has been in force since 18 October 2024 whereas further implementing acts, detailing reporting mechanisms, technical and organizational measures, enforcement measures and more, were adopted on 11 November 2024 and came into force on 12 November 2024.

NIS2 Implementation in the EU

Lithuania

NIS2 Implementation in the EU

Lithuania

Members