In progressNIS2
NIS2 in Luxembourg
Luxembourg is transposing NIS2 via Projet de loi nĀ°8385. ANSSI-LU is the designated competent authority for broad cybersecurity coordination.
Transposition law
Projet de loi nĀ°8385 (transposition draft)
In force
Pending
Competent authority
National Agency for the Security of Information Systems (ANSSI-LU) / ILR
Max fine (Essential)
ā¬10 million or 2% of global annual turnover
Max fine (Important)
ā¬7 million or 1.4% of global annual turnover
Full enforcement
June 2026
Key Deadlines
Enforcement target
1 June 2026
Competent Authority
National Agency for the Security of Information Systems (ANSSI-LU) / ILR
Lead coordinator; ILR regulates specific utility sectors
https://www.anssi.lu āLuxembourg splits supervision: ANSSI-LU coordinates standards, while sector watchdogs like ILR and CSSF run specific compliance programs.
Registration Process
Registration processes will launch on the central ANSSI-LU platform once the draft bill passes.
š Quick Test
Check NIS2 Scope āFind out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Provide registration logs to the designated supervisor
- 2Implement risk remediation measures according to national guides
- 3Deploy advanced security logs collection systems
National Additions
ā
Luxembourg aligns NIS2 closely with existing financial sector regulations (CSSF Circulars)
FAQ: NIS2 in Luxembourg
Who supervises telecommunication companies in Luxembourg?
The Luxembourg Institute of Regulation (ILR) supervises telecom and energy providers under the NIS2 framework.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.