ImplementedNIS2
NIS2 in Denmark
Denmark transposed NIS2 via amendments to the national Netsikkerhedslov. CFCS coordinates cross-sector cybersecurity strategies.
Transposition law
Lov om Γ¦ndring af lov om netsikkerhed (Cybersecurity Act)
In force
1 July 2025
Competent authority
Center for Cyber Security (CFCS)
Max fine (Essential)
DKK 75 million (~β¬10 million) or 2% of global annual turnover
Max fine (Important)
DKK 50 million (~β¬6.7 million) or 1.4% of global annual turnover
Full enforcement
July 2025
Key Deadlines
Law in force
1 July 2025
Competent Authority
Center for Cyber Security (CFCS)
Lead cybersecurity coordinator and supervisory support agency
https://www.cfcs.dk βCFCS acts as the core technical lead, working closely with industry-specific authorities (such as the Danish Energy Agency) that execute sector audits.
Registration Process
Register via the central Virk.dk corporate administration portal under specific NIS2 categories.
π Quick Test
Check NIS2 Scope βFind out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Registration with the designated sector authority
- 2Implementation of ISO 27001 standard frameworks
- 324-hour incident warning to CFCS
National Additions
β
Denmark integrates strict requirements for maritime infrastructure and offshore digital networks
FAQ: NIS2 in Denmark
Who conducts the audits in Denmark?
audits are decentralized; the Danish Business Authority or specific sector agencies conduct them with CFCS technical support.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.