On 20 August 2025, the following Orders of the Director of the National Cyber Security Directorate (DNSC) were published in the Official Gazette of Romania (no. 776/2025):
- Order of the Director of DNSC no. 1/2025 – Requirements regarding the registration notification process and the method of transmitting information (link);
- Order of the Director of DNSC no. 2/2025 – Criteria and thresholds for determining the degree of disruption of a service and the methodology for assessing the risk level of entities (link).
Both Orders entered into force on the date of publication.
Entities falling within the scope of GEO no. 155/2024 must notify DNSC for the purpose of registration within 30 days of 20 August 2025, in line with the provisions of these Orders.
Registration process
- At the moment, until the NIS2@RO Platform becomes available, registration is carried out through the NIS2@RO Tool.
- Entities must complete the notification form generated via the tool and submit it to DNSC at [email protected].
Once the platform is launched, entities that have registered using the tool will also be required to create an account on the platform.
