Top
Top

NIS2 Implementation in the EU

Croatia

(Europe) Firm Divjak Topic Bahtijarevic & Krka Law Firm

Contributors Anella Bukovic
Tena Pavelic

Updated 07 Feb 2025
Status

Enacted

Status of the NIS2 Implementation Act

The NIS2 Implementation Act was implemented through the adoption of the Cybersecurity Act (Official Gazette No. 14/2024).

If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive

The Croatian Cybersecurity Act deviates from the NIS2 Directive registering requirements for subjects in its scope – according to its provisions, the competent authorities will notify subjects of their categorization as essential or important entities by February 2025 at the latest. The competent authorities can also request information (if needed for the purposes of categorization) from subjects and the subjects need to provide the requested information within 15 days of the receipt of the request.

Other requirements are closely modeled after the NIS2 Directive, but there are several bylaws that would further specify the requirements that need to be adopted (some are currently in the public consultation phase).

Another deviation is that the Cybersecurity Act introduced a self-assessment requirement for important entities that must be performed at least once every 2 years.

Expected date of entry into force of the Implementation Act

The Act has been in force since 15 February 2024.

NIS2 Implementation in the EU

Croatia

(Europe) Firm Divjak Topic Bahtijarevic & Krka Law Firm

Contributors Anella Bukovic Tena Pavelic

Updated 07 Feb 2025