NIS 2 in the municipalities

This section deals specifically with municipalities.

Should municipalities comply with NIS 2 or not? This has been one of the most important questions since the NIS 2 directive was adopted at the end of 2022.

NB! This note is updated continuously and may therefore change form and content when the final conditions and guidelines have been adopted.

NIS 2 is basically aimed at certain sectors that we particularly want to protect, such as water supply, digital infrastructure, health, food production, etc. The decisive factor is therefore a reality assessment of whether a company or a public authority carries out the sector activities that need to be protected. The principle is therefore that if you carry out one or more of the activities worthy of protection, you are basically covered by NIS 2. 

In other words, whether you are covered by NIS 2 or not is not determined by whether you are public or private. However, there are some exceptions to this. One of the most debated is whether the Danish implementation of NIS 2 will mean that municipalities, because they are municipalities, must comply with NIS 2. It already applies that municipalities must comply with NIS 2 if they carry out activities in a protected sector such as health or supply.

Whether municipalities as municipalities are included depends on what Denmark stands for with the following passage in Article 2, paragraph 2, letter a, of the NIS 5 Directive:

“Member States may provide that this Directive shall apply to: (a) public administration units at local level”

This passage has been included in the proposal for the NIS 2 Act in Section 1, subsection 6: “The relevant minister may, after negotiation with the Minister of Public Safety and Emergency Preparedness, lay down rules that the Act shall also apply, in whole or in part, to public administrative units at local level and educational institutions, respectively.”

However, the Ministry of Public Safety and Emergency Preparedness has already announced that municipalities are included. "in its entirety"The statement must be interpreted as meaning that there is currently a strong political will for the NIS 2 Act to apply to municipalities as municipalities and not simply because the municipalities are healthcare providers or operate utility businesses.

The municipalities must then prepare for the fact that NIS 2 will affect the work of the city council, as they will presumably be responsible for the NIS 2 effort. The municipalities' existing information security efforts will probably also have to be put on somewhat tighter reins. Finally, the municipal IT tenders will also be significantly affected.

Unitas follows the development.

You are now ready to continue from the beginning: NIS2 – UNITAS

Tagged ,

Pssst! We are right here...

We love hearing from you! Send us a message and we'll get back to you quickly.

Lyshøjen 12, 1. tv. – DK-8520 Lystrup

CVR: 40 97 80 89

E-Mail: info@unitas.consulting

Protection of data

Privacy Policy
Data ethics

Unitas is D-marked and has several approved advisers who can secure your D-mark.

Unitas is on the SKI 02.14 framework agreement and can provide consulting services on competitive terms to the public sector.

Unitas has been appointed by Børsen as Gazelle 2024
(as the 10th fastest growing company in Central Jutland)

Contact Unitas – your partner in security and compliance

Unitas provides reliable advice in compliance, IT and information security. With a pragmatic approach, we help companies in regulated industries manage security and operational responsibility effectively. Contact us to discuss how we can help you.

Form for contact page

NIS 2 implementation calculates

We throw ourselves around with knowledge...

Order your free material here and receive it in a few minutes in your inbox. To be safe, check your SPAM folder if necessary.

Get material ordered on the website sent

Wanna join? Sign up Unitas' newsletter

Registration form for newsletter

UNITAS vulnerability scanning