ImplementedNIS2
NIS2 in Finland
Finland transposed NIS2 via the Cybersecurity Governance Act. Traficom handles supervisory coordination and incident tracking.
Transposition law
Laki kyberturvallisuuden hallinnasta (Cybersecurity Governance Act 124/2025)
In force
8 April 2025
Competent authority
Finnish Transport and Communications Agency (Traficom)
Max fine (Essential)
€10 million or 2% of global annual turnover
Max fine (Important)
€7 million or 1.4% of global annual turnover
Full enforcement
April 2025
Key Deadlines
Act in force
8 April 2025
Competent Authority
Finnish Transport and Communications Agency (Traficom)
Lead competent authority and National Cybersecurity Centre host
https://www.kyberturvallisuuskeskus.fi ↗Finland promotes a collaborative cybersecurity approach. Traficom shares intelligence and issues guidelines, conducting audits selectively based on risk levels.
Registration Process
Register via the digital form on the Traficom Cybersecurity Centre website using corporate credentials.
📊 Quick Test
Check NIS2 Scope →Find out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Self-declaration via Traficom registration interfaces
- 2Incident reports dispatched to Kyberturvallisuuskeskus within 24 hours
- 3Executive board liability and mandatory training programs
National Additions
★Finland places emphasis on digital routing paths and connectivity parameters in sub-zero environmental scenarios
FAQ: NIS2 in Finland
Who is the primary contact for threats in Finland?
Kyberturvallisuuskeskus (NCSC-FI) handles all incoming notifications and publishes local warning digests.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.