	NIS2 Implementation in the EU
	Slovak Republic
	(Europe) Firm Čechová & Partners s. r. o. Contributors Arnold Xavier Verhaege Updated 22 Jan 2026
Status of the legislative process	Enacted
Status of the NIS2 Implementation Act	On 4 October 2024, the Slovak Government submitted an amendment to Act No. 69/2018 Coll. on Cybersecurity, as amended ("Amendment"), to the National Council of the Slovak Republic ("Slovak Parliament") for discussion and adoption. The Amendment, serving as the implementing legislation for the NIS2 Directive, has already been adopted, and it came into force on 1 January 2025.
Significant deviations of the National Implementation Act from the NIS2 Directive, if any	There are nearly no material deviations from the text of NIS2 in the current wording of the Amendment. However, pursuant to Article 2(5)(a) NIS2, Slovakia has opted to use the possibility to apply NIS2 to public administration entities at a local level. Similarly, pursuant to Article 2(8) NIS2, Slovakia has opted to use the possibility to exclude the application of NIS2 to specific entities which carry out activities in the areas of national security, public security, nuclear security, defense or law enforcement, including the prevention, investigation, detection and prosecution of criminal offenses, or which provide services exclusively to the public administration entities. The Amendment also covers so-called "critical entities." However, it does not provide an exact legal definition of such entities. We understand this term is referring to the critical entities as defined by Directive 2022/2557. Based on this directive, the National Council of the Slovak Republic approved, on 27 November 2024, an amendment to Act No. 45/2011 Coll. on Critical Infrastructure, which serves as the implementing legislation for Directive 2022/2557 in the Slovak Republic and is set to enter into force on 1 January 2025. Additionally, the Amendment states that any third party with significant influence on the provision of cybersecurity and a contract concluded with the operator of a critical essential service (essential entity) is also considered an operator of an essential service (important entity). Hence, such a third party is also obligated to implement cybersecurity measures and is subject to supervision by the Authority while providing cybersecurity services to the operator of a critical essential service.
Date of entry into force of the Implementation Act	1 January 2025

NIS2 Implementation in the EU

Back XLS

Status of the legislative process

Enacted

Status of the NIS2 Implementation Act

On 4 October 2024, the Slovak Government submitted an amendment to Act No. 69/2018 Coll. on Cybersecurity, as amended ("Amendment"), to the National Council of the Slovak Republic ("Slovak Parliament") for discussion and adoption. The Amendment, serving as the implementing legislation for the NIS2 Directive, has already been adopted, and it came into force on 1 January 2025.

Significant deviations of the National Implementation Act from the NIS2 Directive, if any

There are nearly no material deviations from the text of NIS2 in the current wording of the Amendment. However, pursuant to Article 2(5)(a) NIS2, Slovakia has opted to use the possibility to apply NIS2 to public administration entities at a local level. Similarly, pursuant to Article 2(8) NIS2, Slovakia has opted to use the possibility to exclude the application of NIS2 to specific entities which carry out activities in the areas of national security, public security, nuclear security, defense or law enforcement, including the prevention, investigation, detection and prosecution of criminal offenses, or which provide services exclusively to the public administration entities.
The Amendment also covers so-called "critical entities." However, it does not provide an exact legal definition of such entities. We understand this term is referring to the critical entities as defined by Directive 2022/2557. Based on this directive, the National Council of the Slovak Republic approved, on 27 November 2024, an amendment to Act No. 45/2011 Coll. on Critical Infrastructure, which serves as the implementing legislation for Directive 2022/2557 in the Slovak Republic and is set to enter into force on 1 January 2025.
Additionally, the Amendment states that any third party with significant influence on the provision of cybersecurity and a contract concluded with the operator of a critical essential service (essential entity) is also considered an operator of an essential service (important entity). Hence, such a third party is also obligated to implement cybersecurity measures and is subject to supervision by the Authority while providing cybersecurity services to the operator of a critical essential service.

Date of entry into force of the Implementation Act

1 January 2025