Brussels: The European Commission has called on all member states to expedite the implementation of the NIS 2 Directive, aimed at establishing a high standard of cybersecurity across the European Union. This appeal comes in the wake of recent cyberattacks targeting European airports over the weekend. Cyprus has recently completed the implementation of the directive following prior non-compliance procedures. The Commission has confirmed to CNA that until all 27 EU member states incorporate the NIS 2 Directive, the union remains susceptible to similar cyber threats.
According to Cyprus News Agency, Commission spokesperson Thomas Regnier addressed the situation during the Midday briefing, noting that the Commission has been actively monitoring the cyberattacks which have disrupted check-in and boarding systems at numerous airports. Regnier assured that despite the delays faced by passengers, air traffic safety and control systems were not compromised.
Regnier further stated that the Commission is collaborating with Eurocontrol, the European Union Agency for Cybersecurity (ENISA), national authorities, airports, and airlines to restore normal operations and provide assistance to affected passengers. He stressed the necessity of fully implementing the NIS 2 Directive, especially in critical sectors like aviation and transport, urging all member states to act promptly.
Cyprus, which had previously faced EU infringement proceedings due to delayed implementation of the directive, has now fully incorporated NIS 2 into its national legislation, based on the latest Commission data from September 22, 2025. As of now, 12 EU member states, including Denmark, Romania, Greece, Belgium, Italy, Slovakia, Croatia, Lithuania, Cyprus, Malta, Slovenia, and Latvia, have complied with the directive.
In response to inquiries from CNA regarding Belgium’s Brussels Airport experiencing a cyberattack despite having fully implemented the NIS 2 Directive, Regnier explained that the incident underscores the need for all member states to enforce the directive to prevent vulnerabilities across the union. He reiterated the Commission’s commitment to ensuring full compliance among all member states.