Article 5 Harmonisation minimale

Summary What does Article 5 of the NIS 2 directive say?

This is a brief but important permissive clause that establishes the minimum harmonisation nature of the Directive.

Rather than setting a fixed ceiling on cybersecurity requirements, it explicitly allows Member States to go beyond what the Directive requires.

The single condition is that any stricter national provisions must remain compatible with Member States' broader obligations under Union law.

In essence, this article acts as a safeguard of national regulatory autonomy within the framework established by the Directive.

Important points:

Member States may adopt or maintain national cybersecurity rules that are stricter than those required by this Directive.
Any such provisions must remain consistent with Member States' obligations under Union law.
The Directive sets a floor, not a ceiling, for cybersecurity standards across the EU.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

La présente directive ne fait pas obstacle à l’adoption ou au maintien par les États membres de dispositions assurant un niveau plus élevé de cybersécurité, à condition que ces dispositions soient compatibles avec les obligations des États membres prévues par le droit de l’Union.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.