Romania
(a) What is the NIS2 implementation status?
The emergency government ordinance has been adopted by the local authorities in the shape of Government Emergency Ordinance 155/2024. The legislative document transposing the NIS2 Directive has been recently published within the Official Gazette and is currently in force.
(b) What is the envisaged NIS2 implementation timeline?
The NIS2 has been implemented in national law and applies since October/November 2024.
(c) What does the NIS2 mean for other national cybersecurity legislation?
At a national level, interest in cybersecurity has increased, and a number of measures have recently been adopted to strengthen cybersecurity. Among them is the entry into force in December last year of Law no. 354/2022 regarding the protection of IT systems of public authorities and institutions, in the context of the invasion initiated by the Russian Federation against Ukraine.
Another notable aspect is the entry into force of Law no. 58/2023 on the cybersecurity and defense of Romania, which establishes the legal and institutional framework for the organization and conduct of activities in the fields of cybersecurity and cyber defense, as well as the mechanisms of cooperation and responsibilities of the institutions involved in these areas. The law sets up the National Cybersecurity System, responsible for the unified organization and conduct of specific cybersecurity and cyber defense activities at the national level. The law applies in the field of cybersecurity to the computer networks and information systems of public authorities and institutions, as well as to individuals and legal entities that provide public or public interest services.
(d) Who will be the supervisory authority and how are they preparing the market?
The Romanian supervision relating to NIS2 falls within the responsibility of the National Directorate for Cyber Security, DNSC, the competent authority at the national level for the security of networks and information systems.
(e) What should you be doing/on the lookout for?
Companies must stay updated on their sector’s registration requirements, cybersecurity protocols, and any changes to regulations issued by DNSC to avoid penalties and maintain proper compliance.
Contact
Mihai Guia E: mihaiguia@eversheds.ro
Alexandra Sulea E: alexandrasulea@eversheds.ro
© Eversheds Sutherland. All rights reserved. Eversheds Sutherland is a global provider of legal and other services operating through various separate and distinct legal entities. Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed and affiliated firms and the members of Eversheds Sutherland (Europe) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements and operate in accordance with their locally registered names. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global LLP. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client.
Share this page