ImplementedNIS2
NIS2 in Cyprus
Cyprus implemented NIS2 through the Security of Network and Information Systems Law. The Digital Security Authority (DSA) supervises compliance.
Transposition law
Security of Network and Information Systems Law of 2024
In force
17 October 2024
Competent authority
Digital Security Authority (DSA)
Max fine (Essential)
€10 million or 2% of global annual turnover
Max fine (Important)
€7 million or 1.4% of global annual turnover
Full enforcement
October 2024
Key Deadlines
Law in force
17 October 2024
Full enforcement
17 October 2024
Competent Authority
Digital Security Authority (DSA)
Lead supervisory authority and national CSIRT-CY host
https://dsa.cy ↗The DSA conducts regular on-site security assessments for essential providers and mandates incident mitigation exercises.
Registration Process
Provide company identification, domain mapping, and security profiles via the digital registration tool on dsa.cy.
📊 Quick Test
Check NIS2 Scope →Find out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Self-registration via the DSA online form
- 2Implementation of baseline cyber protection configurations
- 3Rapid incident declaration within 24 hours to CSIRT-CY
National Additions
★Cyprus introduced specific cyber audit checklists for maritime and digital hub service sectors
FAQ: NIS2 in Cyprus
What is CSIRT-CY?
CSIRT-CY is the national computer security incident response team of Cyprus, hosting specialized portals for reporting.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.