EU sues Ireland, Spain, France, Netherlands over cybersecurity regulation failings

EU sues Ireland, Spain, France, Netherlands over cybersecurity regulation failings
EU sues Ireland, Spain, France, Netherlands over cybersecurity regulation failings

Thomson Reuters

The ‌European Commission on Wednesday said ​it had referred ​Ireland, Spain, ⁠France and the Netherlands ‌to ‌the ​EU's ⁠Court ​of Justice ​for ‌what it said ​were failings over ⁠implementing ⁠cybersecurity ​rules.

The EU executive's concerns come ‌amid an ⁠increase in cyberhacking targeting ‌both governments and ​businesses.

In a statement, the European Commission said: "The Directive strengthens EU cybersecurity by setting high standards for entities operating in 18 critical sectors, including health, energy, transport, and the public sector.

"Its full implementation is key to improving the EU's resilience and the incident response capacity of public and private entities operating in these critical sectors, and of the EU as a whole. The Commission sent letters of formal notice on 28 November 2024 and reasoned opinions on 7 May 2025. As these Member States have not yet notified complete transposition of the Directive, the Commission is referring them to the Court of Justice."

The referrals include a request to the Court to impose financial sanctions, a lump sum and daily penalties until notification of complete transposition. 

More in this section