NIS2 Implementation in the EU |
|
Slovak Republic |
|
(Europe)
Firm
Cechova & Partners
Contributors
Arnold Xavier Verhaege |
|
Status | Enacted |
Status of the NIS2 Implementation Act | On 4 October 2024, the Slovak Government submitted an amendment to Act No. 69/2018 Coll. on Cybersecurity, as amended ("Amendment"), to the National Council of the Slovak Republic ("Slovak Parliament") for discussion and adoption. The Amendment, serving as the implementing legislation for the NIS2 Directive, has already been adopted and it came into force on 1 January 2025. |
If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive |
|
Expected date of entry into force of the Implementation Act | Already in force since 1 January 2025 |
NIS2 Implementation in the EU
Slovak Republic
(Europe) Firm Cechova & PartnersContributors Arnold Xavier Verhaege
Updated 05 Feb 2024Enacted
On 4 October 2024, the Slovak Government submitted an amendment to Act No. 69/2018 Coll. on Cybersecurity, as amended ("Amendment"), to the National Council of the Slovak Republic ("Slovak Parliament") for discussion and adoption. The Amendment, serving as the implementing legislation for the NIS2 Directive, has already been adopted and it came into force on 1 January 2025.
-
There are nearly no material deviations from the text of NIS 2 in the current wording of the Amendment. However, pursuant to Article 2(5)(a) NIS 2, Slovakia has opted to use the possibility to apply NIS 2 to public administration entities at a local level. Similarly, pursuant to Article 2(8) NIS 2, Slovakia has opted to use the possibility to exclude the application of NIS 2 to specific entities which carry out activities in the areas of national security, public security, nuclear security, defense or law enforcement, including the prevention, investigation, detection and prosecution of criminal offenses, or which provide services exclusively to the public administration entities.
-
The Amendment also covers so-called "critical entities." However, it does not provide an exact legal definition of such entities. We understand this term is referring to the critical entities as defined by Directive 2022/2557. Based on this directive, the National Council of the Slovak Republic approved, on 27 November 2024, an amendment to Act No. 45/2011 Coll. on Critical Infrastructure, which serves as the implementing legislation for Directive 2022/2557 in the Slovak Republic and is set to enter into force on 1 January 2025.
-
Additionally, the Amendment states that any third party with significant influence on the provision of cybersecurity and a contract concluded with the operator of a critical essential service (essential entity) is also considered an operator of an essential service (important entity). Hence, such a third party is also obligated to implement cybersecurity measures and is subject to supervision by the Authority while providing cybersecurity services to the operator of a critical essential service.
Already in force since 1 January 2025