Every day of delay “increases our vulnerability” to cyberattacks, said MEP Bart Groothuis.

Even two and a half years after EU countries vowed to enhance cybersecurity requirements across 18 critical sectors, many have failed to adopt the rules into national law, blowing a deadline to comply with the directive.

The rules were supposed to enhance security in key areas such as pharmaceutical manufacturing facilities, government administrative agencies and space infrastructure operators.

But six months after the deadline to put the directive into law came and went on 17 October, a total of 13 countries still have not incorporated the NIS2 cybersecurity directive into domestic legislation as required. (…)