In case not seen, the European Commission has adopted the Implementing Regulation and Annex on the 'cybersecurity risk-management and reporting obligations for digital infrastructure, providers and ICT service managers':

In terms of next steps, the implementing regulation will be published in the Official Journal in due course and enter into force 20 days following after that. Meanwhile, most EU member states are still about to transpose the new framework into their national legislation. 

All best

Romain