Following the European Parliament, the Council of the EU has also approved the amendment to the Cybersecurity Directive. Cybersecurity in Slovakia should thus have a new legislative framework within 21 months.
The need to secure society from a cybersecurity perspective has been around for a few years now, and it is becoming increasingly urgent. That is why it is necessary to address appropriate cybersecurity measures in companies now, rather than waiting until lawmakers issue a binding decision. On the other hand, legislation in Slovakia will not be approved until at least 2024, which provides sufficient time even for companies that have not yet given much thought to cybersecurity.
We currently cannot say how strictly the new directive will be transposed into Slovak law. What we do know for certain is that the amendment to this directive will mandatorily regulate hundreds to thousands of entities on the Slovak market that meet several requirements (e.g., company size) and also fall under the extensive list of services defined in NIS2 (specifically, 60 services across 18 sectors).
According to a press release from the Council of Europe, the directive establishes a framework for cybersecurity risk management measures and reporting obligations across all sectors covered by the directive, such as energy, transportation, healthcare, and digital infrastructure. “The aim of the revised directive is to harmonize cybersecurity requirements and the implementation of cybersecurity measures across different member states. To achieve this goal, it establishes minimum rules for the regulatory framework and sets out mechanisms for effective cooperation among the competent authorities in each Member State. It updates the list of sectors and activities subject to cybersecurity obligations and provides for corrective measures and sanctions to ensure enforcement.”
The directive formally establishes the European Network of Cyber Crisis Contact Organizations, EU-CyCLONe, which will support the coordinated management of large-scale cybersecurity incidents and crises.
We are preparing a webinar on NIS2 and the entire amendment to this directive in collaboration with our partner, and we will certainly keep you informed about it.
