Prices
Free Trial

Article 34

General conditions for imposing administrative fines on essential and important entities

1.   Member States shall ensure that the administrative fines imposed on essential and important entities pursuant to this Article in respect of infringements of this Directive are effective, proportionate and dissuasive, taking into account the circumstances of each individual case.

2.   Administrative fines shall be imposed in addition to any of the measures referred to in Article 32(4), points (a) to (h), Article 32(5) and Article 33(4), points (a) to (g).

3.   When deciding whether to impose an administrative fine and deciding on its amount in each individual case, due regard shall be given, as a minimum, to the elements provided for in Article 32(7).

4.   Member States shall ensure that where they infringe Article 21 or 23, essential entities are subject, in accordance with paragraphs 2 and 3 of this Article, to administrative fines of a maximum of at least EUR 10 000 000 or of a maximum of at least 2 % of the total worldwide annual turnover in the preceding financial year of the undertaking to which the essential entity belongs, whichever is higher.

5.   Member States shall ensure that where they infringe Article 21 or 23, important entities are subject, in accordance with paragraphs 2 and 3 of this Article, to administrative fines of a maximum of at least EUR 7 000 000 or of a maximum of at least 1,4 % of the total worldwide annual turnover in the preceding financial year of the undertaking to which the important entity belongs, whichever is higher.

6.   Member States may provide for the power to impose periodic penalty payments in order to compel an essential or important entity to cease an infringement of this Directive in accordance with a prior decision of the competent authority.

7.   Without prejudice to the powers of the competent authorities pursuant to Articles 32 and 33, each Member State may lay down the rules on whether and to what extent administrative fines may be imposed on public administration entities.

8.   Where the legal system of a Member State does not provide for administrative fines, that Member State shall ensure that this Article is applied in such a manner that the fine is initiated by the competent authority and imposed by competent national courts or tribunals, while ensuring that those legal remedies are effective and have an equivalent effect to the administrative fines imposed by the competent authorities. In any event, the fines imposed shall be effective, proportionate and dissuasive. The Member State shall notify to the Commission the provisions of the laws which it adopts pursuant to this paragraph by 17 October 2024 and, without delay, any subsequent amendment law or amendment affecting them.

Frequently Asked Questions

Administrative fines under the NIS2 Directive are financial penalties given by authorities to companies and organizations that break cybersecurity rules; these fines help ensure compliance by discouraging future violations and reinforcing that cybersecurity is taken very seriously, as penalties are designed to be strict yet fair, taking each individual case into account.
For essential entities breaching cybersecurity obligations under the NIS2 Directive, fines can reach up to at least 10 million euros or 2% of their total global annual turnover from the previous financial year, whichever amount is higher, meaning penalties can be quite large if the entity has significant financial revenues worldwide.
Important entities that do not follow NIS2 cybersecurity rules can receive fines of up to at least 7 million euros or 1.4% of their total global annual turnover from the previous year, whichever figure is bigger, making sure that companies and organizations of all sizes seriously adhere to cybersecurity responsibilities.
The NIS2 Directive allows each country in the European Union to decide whether and to what extent public administration entities might be fined for breaking cybersecurity rules, giving national authorities flexibility in how they enforce regulations with public entities according to their individual legal frameworks and practices.

NIS2 Training

Start Training

Free Trial

We will get back to you via email as soon as possible.