	NIS2 Implementation in the EU
	Slovak Republic
	(Europe) Firm Cechova & Partners Contributors Arnold Xavier Verhaege Updated 05 Feb 2024
Status	Enacted
Status of the NIS2 Implementation Act	On 4 October 2024, the Slovak Government submitted an amendment to Act No. 69/2018 Coll. on Cybersecurity, as amended ("Amendment"), to the National Council of the Slovak Republic ("Slovak Parliament") for discussion and adoption. The Amendment, serving as the implementing legislation for the NIS2 Directive, has already been adopted and it came into force on 1 January 2025.
If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive	There are nearly no material deviations from the text of NIS 2 in the current wording of the Amendment. However, pursuant to Article 2(5)(a) NIS 2, Slovakia has opted to use the possibility to apply NIS 2 to public administration entities at a local level. Similarly, pursuant to Article 2(8) NIS 2, Slovakia has opted to use the possibility to exclude the application of NIS 2 to specific entities which carry out activities in the areas of national security, public security, nuclear security, defense or law enforcement, including the prevention, investigation, detection and prosecution of criminal offenses, or which provide services exclusively to the public administration entities. The Amendment also covers so-called "critical entities." However, it does not provide an exact legal definition of such entities. We understand this term is referring to the critical entities as defined by Directive 2022/2557. Based on this directive, the National Council of the Slovak Republic approved, on 27 November 2024, an amendment to Act No. 45/2011 Coll. on Critical Infrastructure, which serves as the implementing legislation for Directive 2022/2557 in the Slovak Republic and is set to enter into force on 1 January 2025. Additionally, the Amendment states that any third party with significant influence on the provision of cybersecurity and a contract concluded with the operator of a critical essential service (essential entity) is also considered an operator of an essential service (important entity). Hence, such a third party is also obligated to implement cybersecurity measures and is subject to supervision by the Authority while providing cybersecurity services to the operator of a critical essential service.
Expected date of entry into force of the Implementation Act	Already in force since 1 January 2025

NIS2 Implementation in the EU

Back XLS

Status

Enacted

Status of the NIS2 Implementation Act

On 4 October 2024, the Slovak Government submitted an amendment to Act No. 69/2018 Coll. on Cybersecurity, as amended ("Amendment"), to the National Council of the Slovak Republic ("Slovak Parliament") for discussion and adoption. The Amendment, serving as the implementing legislation for the NIS2 Directive, has already been adopted and it came into force on 1 January 2025.

If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive

There are nearly no material deviations from the text of NIS 2 in the current wording of the Amendment. However, pursuant to Article 2(5)(a) NIS 2, Slovakia has opted to use the possibility to apply NIS 2 to public administration entities at a local level. Similarly, pursuant to Article 2(8) NIS 2, Slovakia has opted to use the possibility to exclude the application of NIS 2 to specific entities which carry out activities in the areas of national security, public security, nuclear security, defense or law enforcement, including the prevention, investigation, detection and prosecution of criminal offenses, or which provide services exclusively to the public administration entities.
The Amendment also covers so-called "critical entities." However, it does not provide an exact legal definition of such entities. We understand this term is referring to the critical entities as defined by Directive 2022/2557. Based on this directive, the National Council of the Slovak Republic approved, on 27 November 2024, an amendment to Act No. 45/2011 Coll. on Critical Infrastructure, which serves as the implementing legislation for Directive 2022/2557 in the Slovak Republic and is set to enter into force on 1 January 2025.
Additionally, the Amendment states that any third party with significant influence on the provision of cybersecurity and a contract concluded with the operator of a critical essential service (essential entity) is also considered an operator of an essential service (important entity). Hence, such a third party is also obligated to implement cybersecurity measures and is subject to supervision by the Authority while providing cybersecurity services to the operator of a critical essential service.

Expected date of entry into force of the Implementation Act

Already in force since 1 January 2025

NIS2 Implementation in the EU

Slovak Republic

NIS2 Implementation in the EU

Slovak Republic

Members