Ireland Referred to the Court of Justice Over NIS2 Delays

Ireland has just taken on the EU Council Presidency. A week later, it was referred to the EU's highest court for failing to implement its own cybersecurity law. Here's what the NIS2 delay actually means for Irish organisations, and why waiting for legal certainty is the wrong strategy.

Ireland referred to the Court of Justice over NIS2 delays: what it means for Irish organisations

Last week the European Commission referred Ireland, along with Spain, France and the Netherlands, to the Court of Justice of the EU for failing to implement the NIS2 Directive. The deadline passed on 17 October 2024. Nearly 21 months later, and after both a formal notice and a reasoned opinion, the Commission is now seeking financial penalties until full transposition is notified.

The timing is particularly awkward. Ireland assumed the EU Council Presidency on 1 July 2026, just one week before the referral.

Lee Bristow, our Director of Cyber & AI Governance, says the delay leaves organisations in a difficult planning position. “Given the Government’s focus on security during the Presidency, and against the backdrop of several high profile cyber incidents in recent years, it’s disappointing to see implementation delayed further towards the end of 2026. The organisations likely to fall within the scope of NIS2 would be wise not to wait for the legislation to catch up, as once live, there will be no grace period.”

Ireland’s National Cyber Security Bill, which will formally transpose NIS2 into domestic law, remains in pre-legislative scrutiny and is not expected to reach the Oireachtas before September at the earliest. In the meantime, the obligations set out at EU level, risk management measures, incident reporting timelines and management accountability, exist regardless of whether Irish legislation has caught up.

For organisations operating in sectors likely to fall within scope, energy, financial services, pharma and other critical infrastructure among them, the message is consistent regardless of when the legislation formally lands. Governance structures, risk management measures and incident reporting capability take time to build properly. Waiting for legal certainty before starting that work only compresses the runway once the law does take effect.

This is precisely the kind of regulatory ambiguity that makes independent, vendor neutral guidance valuable. Saros works with IT and security leaders to assess readiness against NIS2 requirements, identify governance gaps at board and management level, and build a practical roadmap toward compliance, without the pressure of a vendor pushing a specific platform or tool.

If your organisation is unsure where it stands, or has been waiting for clarity that keeps not arriving, now is the right time to have that conversation.

How Saros Consulting Can Guide Your Compliance Journey

NIS2 compliance is a significant undertaking that requires dedicated resources, expertise, and time. For organisations in highly specialised sectors, the challenge is even greater.
Saros offers a focused 5 day NIS2 Readiness Assessment, giving your organisation a clear answer on scope and classification, a prioritised gap analysis against the Directive’s core requirements, and a strategic roadmap for closing them, delivered straight to your leadership team.

  • Classify your organisation against NIS2’s Essential and Important entity categories, and identify the national competent authorities you’re accountable to.

  • Benchmark your current controls against the baseline risk management measures mandated by Article 21.

  • Review governance and accountability, assessing board level oversight against the management liability and incident reporting obligations under Articles 20 and 23.

  • Deliver a prioritised roadmap, a clear, executive ready summary of your risks and next steps.

If your organisation is unsure where it stands, this is the fastest way to find out.

enhancing your customer experiences, optimising operations, and driving innovation

We help you transform NIS2 from a regulatory burden into a strategic advantage, building a foundation of resilience and trust that protects your business and enhances your reputation.

Get in Touch with
Saros Consulting

Looking to simplify your IT challenges and achieve your goals? Reach out to discover how we can help.

Related Articles