How Lithuania stepped up its game with the NIS2 directive

Icon

While NIS2 remains a significant challenge for many EU countries, Lithuania appears to have stepped up its game by updating cybersecurity law and taking concrete actions to support and enable organizations to comply with the new requirements. We invited Liudas Ališauskas, former director of the National Cyber Security Center of Lithuania and a key figure in the implementation of NIS2 in Lithuania’s cybersecurity landscape, to share his insights on the process and the reasons behind its smooth implementation.

Solid foundation and clear responsibilities

Lithuania’s timely and successful implementation of the NIS2 Directive into national law can be attributed to several key factors. Lithuania had already established a solid foundation with a comprehensive national cybersecurity law and a mature understanding of cyber awareness among critical infrastructure entities from the NIS1 era. This made the transition to NIS2, despite its expanded scope of new essential and important entities, manageable.

Inclusion of cybersecurity community

The clear delineation of responsibilities, with the Ministry of National Defence shaping policy and the National Cyber Security Centre leading implementation, was crucial. The approach was not solely top-down; the entire cybersecurity community, including Cyber Security Service providers, academia, and experts in information and cybersecurity, participated in analyzing the required changes and developing the amended Law on Cyber Security. It has been made possible via a working group, coordinated by IT sector association Infobalt. This collaborative approach ensured that the new regulations were practical and well-understood.

External factors

Additionally, the heightened geopolitical landscape has increased awareness of cyber threats among decision-makers and organisations, fostering a greater sense of responsibility to mitigate these risks. This receptive environment for enhanced security measures mandated by NIS2, combined with a strong existing framework, inclusive collaboration, and heightened regional threat awareness, has been instrumental in Lithuania’s successful implementation.

More work still remains

Currently, Lithuania is advancing significantly in its implementation efforts. There are some great initiatives going on, such as Cyber Breakfast to facilitate the dialogue within the cybersecurity ecosystem, get greater engagement and clarify any misconceptions. However, numerous tasks remain to be completed to ensure the protection and resilience of essential and important functions, not only at a national level but also within Europe and on a global scale.

Other news and updates

What impact might NIS2 have on Africa?
What impact might NIS2 have on Africa?
What impact might NIS2 have on South America?
What impact might NIS2 have on South America?
Security automation: from idea to tool
Security automation: from idea to tool
SOCcare May 2025 Malpeek: Analysis of a "copyright infringement" malware
SOCcare May 2025 Malpeek: Analysis of a "copyright infringement" malware
NRD Cyber Security recorded strong growth and international expansion in 2024
NRD Cyber Security recorded strong growth and international expansion in 2024
Building awareness is a continuous effort
Building awareness is a continuous effort
Facilitating dialogue on NIS2 within the Lithuanian cybersecurity ecosystem
Facilitating dialogue on NIS2 within the Lithuanian cybersecurity ecosystem
Developing a culture of CTI sharing in Lithuania
Developing a culture of CTI sharing in Lithuania