On December 5, 2024, the Liechtenstein parliament adopted the Cyber Security Act (Cyber-Sicherheitsgesetz, or CSG), transposing Directive (EU) 2022/2555 (NIS2) into national law. The act was published as LGBI 2025 no. 111. Liechtenstein was among the first EEA countries to complete NIS2 transposition, joining EU member states such as Belgium, Croatia, Hungary, and Italy that had met the October 2024 deadline.
As an EEA member, Liechtenstein is subject to NIS2 requirements, which oblige covered entities to implement cybersecurity risk-management measures including policies addressing supply chain security, cryptographic controls, and incident reporting. An entity registration portal launched on February 1, 2025, with existing NIS1-regulated entities required to re-register by March 31, 2025. Supervision falls to the Stabsstelle Cyber-Sicherheit (National Cyber Security Unit), which reports to the Prime Minister’s Office.
NIS2 transposition is relevant to quantum policy because the EU’s Coordinated Implementation Roadmap for the Transition to Post-Quantum Cryptography, published by the NIS Cooperation Group, calls on member states and EEA countries to initiate national PQC transition strategies by the end of 2026 and to migrate high-risk use cases to post-quantum cryptography by the end of 2030. Liechtenstein’s CSG provides the domestic legal framework through which these PQC obligations will apply to essential and important entities in the principality.