Current status of implementation

The Danish legislator has not yet made any bill regarding the new Directive public, and  it has not published a  deadline  for when a bill must be presented to the Danish Parliament for approval. The Directive will be implemented individually in each separate sector covered by the Directive. Different ministries are responsible for implementing the Directive under their jurisdiction. The Ministry of Defence has introduced a bill implementing the parts of the NIS Directive concerning the safety requirement obligations to give notices on the network and information security area for internet exchange points. The Ministry of Health has introduced a bill concerning the health sector.
Implementation Act


There are different acts in place for each ministry responsible for the specific implementation of the separate areas affected by the Directive. For instance: "Lov om krav til sikkerhed for net- og informationssystemer inden for sundhedssektoren", "Lov om sikkerhed i net- og informationssystemer for operatører af væsentlige internetudvekslingspunkter".

Determination of operators of essential services (Art. 5 NIS)

The Danish regulator is expected to disclose a dynamic list of operators of essential services in November 2018 at the latest. 
Reporting obligations

Not regulated yet. Different ministries set different rules in this regard.
Sanctions regime

Breaches will be sanctioned by way of fines, unless the breach in question is so serious that another, more stringent legislation applies to the specific situation.
Competent authorities

Center for Cyber Security, Sundhedsdatastyrelsen
Jurisdictional applications


Operators of digital services are subject to Danish law, if the headquarter or a representative is located in Denmark. This might differ in each Act though. 

Remarks (if any)

Denmark will not have a single bill implementing the Directive. The legislation will be different to each sector.


Last reviewed 28.02.2018