On 15 October, the Romanian Cybersecurity Authority (DNSC) has published the updated draft transposing NIS2 Directive.
The current draft is elaborated in the form of a draft Government Emergency Ordinance (GEO), which means that the transposition is intended to be adopted by the Government, avoiding the parliamentary procedure. The Parliament of Romania will have to confirm or reject the GEO after its adoption by the Government, but until such parliamentary confirmation/rejection, the GEO adopted by the Government remains in force.
The updated draft published by DNSC has considered a number of comments received during the public consultation procedure, by eliminating and/or adjusting certain provisions initially included in the draft (e.g., certain discrepancies on the amounts of fines; certain provisions which were applicable only to essential entities under NIS2 Directive were also imposed upon the important entities under the initial draft).
However, the updated draft continues to comprise certain provisions which are not fully in line with the NIS2 Directive (e.g., certain notification timeframes).
The updated version of the Romanian draft transposing NIS2 Directive is available here (in Romanian).
The text of the NIS2 Directive is available here.
Our take on the initial draft published by DNSC is available here.
