What is the NIS2 Directive 17 April 2025 deadline?

3 obligations from NIS2 Directive carry 17 April 2025 as their deadline in the Fontvera corpus. The page above lists each, grouped by sector.

Is the NIS2 Directive 17 April 2025 deadline still active?

That date is past (409 days ago). The obligations listed should already be in force for any organisation in scope.

What happens if you miss the NIS2 Directive 17 April 2025 deadline?

Per-obligation penalties vary — see the Penalty column on each obligation. Where the row is silent, the regulation's general fine ceiling applies. Refer to a qualified legal advisor for exposure modelling.

§ NIS2 Directive BRIEFING

NIS2 Directive Compliance Deadline: 17 April 2025

3 obligations from NIS2 Directive fell due on 17 April 2025. In force since this date — see what should already be in place.

Summary

3 NIS2 Directive obligations carry 17 April 2025 as their deadline. This page lists them grouped by sector with article references and the action each obligation requires — extracted verbatim from the Regulation.

The deadline has passed (409 days ago). The obligations listed below should already be in force for any organisation in scope. Use the page as an audit checklist.

Who this applies to

Any organisation in scope of NIS2 Directive that has obligations dated 17 April 2025.

Compliance deadline

17 April 2025 — already in force.

§ Detail

In depth

Obligations due by this deadline

For all in-scope entities

Art 3 — Member States shall establish a list of essential and important entities as well as entities providing domain name registration services.
Art 3 — Competent authorities shall notify the Commission and the Cooperation Group of the number of essential and important entities listed for each sector and subsector.
Art 3 — Competent authorities shall notify the Commission of relevant information about the number of essential and important entities identified pursuant to Article 2(2), including sector, subsector, service type, and identification provision.

Checklist — what you need to have done

Art 3: establish
Art 3: notify

What should already be in place — audit framing

17 April 2025 is 409 days behind us. The obligations on this page have been in force since then; treat any gap as an audit finding, not a planning question. The expected baseline under NIS2 Directive:

entity registration with the competent authority — should be done already
incident-reporting playbook update — should be done already
management-body cybersecurity training — should be done already

If any of these are missing, the right next step is a gap assessment plus a documented remediation plan — not a re-design of the underlying programme.

Related Fontvera pages

Check your full compliance exposure with the 5-minute Fontvera diagnostic →

§ What Fontvera found

Documents in our corpus

Enforcement data is expanding. AI Act enforcement begins 2 August 2026 — this section will populate automatically as authorities and courts publish decisions citing the regulations covered on this page.

§ Cross-references

Related Fontvera intelligence

Need a cross-border briefing on this?

Search Fontvera ↵ Run the AI Act diagnostic

AI Act enforcement

63 days

until 2026-08-02, when most AI Act provisions begin to apply.