NISDESK · CY
NIS2 Compliance in Cyprus
Cypriot entities in Annex I and II sectors must comply with NIS2 requirements supervised by the Digital Security Authority.
Are you in scope?
NIS2 covers medium and large organisations in 18 sectors. Fines reach €10M or 2% of global turnover. Check your scope, obligations and a readiness score for free.
National authority & CSIRT
In Cyprus, NIS2 supervision is handled by Digital Security Authority (DSA). The national CSIRT is CSIRT-CY. Significant incidents must be reported within 24 h (early warning), 72 h (notification) and one month (final report) per NIS2 Article 23.
NIS2 sectors in Cyprus
Each sector has specific obligations. Explore them for Cyprus:
Frequently asked questions
Which sectors are covered by NIS2 in Cyprus?
NIS2 covers 18 sectors: Annex I (highly critical — energy, transport, banking, financial markets, health, water, digital infrastructure, ICT service management, public administration, space) and Annex II (other critical — postal services, waste management, chemicals, food, manufacturing, digital providers, research). Transposed via the NIS2 Law (2024); DSA acts as the single competent authority and national CSIRT.
Who supervises NIS2 compliance in Cyprus?
In Cyprus, the primary competent authority is Digital Security Authority (DSA). The national CSIRT is CSIRT-CY, which handles significant incident notifications and cybersecurity coordination.
What are the NIS2 incident reporting deadlines in Cyprus?
Organisations must submit an early warning to CSIRT-CY within 24 hours of a significant incident, a formal notification within 72 hours, and a final report within one month — per NIS2 Article 23.
What are the NIS2 fines in Cyprus?
Essential entities face fines up to €10 million or 2% of global annual turnover. Important entities face up to €7 million or 1.4% of global annual turnover. Exact enforcement varies by national transposition.
For decision-support purposes only. Exact scope depends on national transposition — use our free scope checker for a personalised assessment.