ImplementedNIS2
NIS2 in Romania
Romania transposed NIS2 through amendments to its cybersecurity legislation. DNSC acts as the central supervisory authority.
Transposition law
Legea privind securitatea ciberneticΔ (Cybersecurity Law amendment)
In force
17 October 2024
Competent authority
National Cyber Security Directorate (DNSC)
Max fine (Essential)
RON 50 million (~β¬10 million) or 2% of global annual turnover
Max fine (Important)
RON 35 million (~β¬7 million) or 1.4% of global annual turnover
Full enforcement
October 2024
Key Deadlines
Law in force
17 October 2024
Competent Authority
National Cyber Security Directorate (DNSC)
Lead competent authority and national CSIRT
https://dnsc.ro βDNSC supervises critical operators through periodic compliance reviews, emphasizing localized threat sharing and rapid remediation.
Registration Process
Submit registry declarations via dnsc.ro using designated administrative templates.
π Quick Test
Check NIS2 Scope βFind out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Formal registration in the DNSC national database
- 2Symmetric incident declarations to DNSC within 24 hours
- 3Mandatory backup systems and offline recovery procedures
National Additions
β
Romania mandates security clearances for operations managers handling critical telemetry data
FAQ: NIS2 in Romania
What is the primary incident portal in Romania?
Incident declarations are routed through the DNSC alert platform at dnsc.ro.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.