Barry Ward (Dún Laoghaire, Fine Gael)
Link to this: Individually | In context

113. To ask the Tánaiste and Minister for Justice and Equality the reason the network and information security directive (NIS2 Directive) (EU) 2022/2555 was not transposed into Irish law by the October 2024 deadline. [52549/25]

Jim O'Callaghan (Dublin Bay South, Fianna Fail)
Link to this: Individually | In context

In 2016 the first EU-wide law on cyber security, the NIS Directive, came into force achieving a higher, and more even level of security of network and information systems across the EU. The NIS Directive was reviewed in 2019 and its successor the NIS2 Directive entered into force in January 2023.

The transposition deadline for the NIS2 Directive was 17 October 2024, which unfortunately was not met. Ireland is not alone in this regard, many EU Member States have not met the transposition deadline, with the majority indicating that it will be sometime in 2025 before national legislation is in place. Ireland was not in a position to transpose the Directive into Irish law by the deadline primarily due to the complexity of the supervision and enforcement requirements.

The enactment of the Bill is a priority. Officials from my Department provided a briefing to the Joint Oireachtas Committee on Justice, Home Affairs and Migration to assist in the pre-legislative scrutiny process for the General Scheme of the Bill on 15 July 2025 and I look forward to the committee’s response.

My Department continues to work with the Office of Parliamentary Counsel (OPC) and the Attorney General’s Office on the drafting of the Bill, which is at an advanced stage. Engagement is also ongoing with the relevant Departments and Agencies in relation to the Bill. The Bill is included on the Government Legislation Programme for priority publication this session.

Barry Ward (Dún Laoghaire, Fine Gael)
Link to this: Individually | In context

114. To ask the Tánaiste and Minister for Justice and Equality the timeframe for the transposition of the NIS2 Directive. [52550/25]

Jim O'Callaghan (Dublin Bay South, Fianna Fail)
Link to this: Individually | In context

The NIS2 Directive entered into force in January 2023 and the enactment of the National Cyber Security Bill, which is the legislative vehicle transposing the NIS2 Directive is a priority for my Department.

Officials from my Department provided the Joint Oireachtas Committee on Justice, Home Affairs and Migration with a briefing on the General Scheme of the National Cyber Security Bill on 15 July 2025 to assist it in undertaking pre-legislative scrutiny (PLS).

My Department continues to work with the Office of Parliamentary Council (OPC) and the Attorney General’s Office on the drafting of the Bill, which is at an advanced stage. Engagement is also ongoing with the relevant Departments and Agencies in relation to the Bill. The Bill is included on the Government Legislation Programme for priority publication this session.

Barry Ward (Dún Laoghaire, Fine Gael)
Link to this: Individually | In context

115. To ask the Tánaiste and Minister for Justice and Equality the measures currently in place to comply with Ireland's obligations under the network and information security directive (NIS2 Directive) (EU) 2022/2555; and if he will make a statement on the matter. [52591/25]

Jim O'Callaghan (Dublin Bay South, Fianna Fail)
Link to this: Individually | In context

The NIS2 Directive entered into force in January 2023 and the enactment of the National Cyber Security Bill, which is the legislative vehicle transposing the NIS2 Directive is a priority for my Department.

My Department is currently engaging with the Office of Parliamentary Council, the Attorney General’s Office, the National Cyber Security Centre (NCSC) and other relevant Government Departments and Agencies on the drafting of the Bill, which is at an advanced stage.

The NIS2 Directive is a revision of the Network and Information Security Directive (EU) 2016/1148 (NIS Directive), which is currently in force in the State via S.I. 360 of 2018. Until the NIS2 Directive is transposed and enacted, the NIS Directive will remain in full effect, covering the most critical operators of essential services and digital service providers in the State.

In anticipation of having the legislation in place and to ensure that Ireland is ready to implement the directive on the day of enactment of the Bill, we have taken significant steps to ensure various implementing measures are in place. This includes a robust approach to sectoral regulation for the Directive and the designation of nine National Competent Authorities (NCA) to carry out enforcement and supervision of the Directive. The NCSC has been designated as the lead NCA for the Directive and will offer guidance and support to the other competent authorities while they prepare to take on their new functions under the Bill.

To that end, a National Competent Authority Forum, led by the NCSC, has been stood up which allows NCAs to meet on a regular basis to discuss important issues about the implementation of the Directive. The NCSC has also published guidance documents on the implementation of the Directive including a tool to allow companies determine whether they will come into scope of the Directive.

Additionally work is ongoing in my Department on the preparation of Ireland's third National Cyber Security Strategy which fulfils another requirement under the Directive.