Audit41Readiness
🇸🇰Slovakia

NIS2 in Slovakia: What your organisation must do.

Act No. 366/2024 Coll. (amendment to Cybersecurity Act No. 69/2018 Coll.) · In force January 1, 2025

Slovakia has transposed the EU NIS2 Directive. If your organisation operates in a covered sector, you are likely in scope and must comply with NBÚ — Národný bezpečnostný úrad (National Security Authority) requirements.

207d 22h 6m

Compliance deadline

Full NIS2 compliance is required by 31 December 2026.

Start your free self-check →See Audit41 Readiness →

Entity classification

Are you an Essential or Important Entity?

Essential Entity

250+ employees or €50M+ annual turnover

Penalties: up to €10M or 2% of global turnover

Proactive supervision, authorities can audit at any time

Important Entity

50+ employees or €10M+ annual turnover

Penalties: up to €7M or 1.4% of global turnover

Reactive supervision, investigated when non-compliance is indicated

Not sure which classification applies to your organisation? The free self-check takes 3 minutes and tells you exactly where you stand, including Slovakia-specific rules. Start your free self-check →

What Slovakia requires

Your obligations under Act No. 366/2024 Coll. (amendment to Cybersecurity Act No. 69/2018 Coll.).

1

Register via the NBÚ portal (nis2.nbu.gov.sk) — entities in scope on 1 January 2025 had to register by 1 March 2025

2

Implement Article 21 risk management measures

3

Essential entities: external audit every 2 years by an accredited Conformity Assessment Body (CAB)

4

Achieve full NIS2 compliance by 31 December 2026

5

Report significant incidents to SK-CERT (24h early warning, 72h full report)

6

Management body accountability — directors face personal liability for non-compliance

ISO 27001 in Slovakia

ISO 27001 is a useful framework for NIS2 compliance in Slovakia but no formal presumption of conformity exists under the amended Cybersecurity Act.

Sectors in scope in Slovakia

Across 18 NIS2-covered sectors(Annex I and Annex II)

What makes Slovakia different

Slovakia was among the first EU member states to transpose NIS2, with the amended Cybersecurity Act in force from 1 January 2025. Full compliance is required by 31 December 2026.

Thousands of organisations are in scope across 18 sectors.

Fines for essential entities: up to €10M or 2% of global annual turnover (whichever is higher).

Fines for important entities: up to €7M or 1.4% of global annual turnover.

National CSIRT: SK-CERT handles incident response.

Know exactly where you stand on NIS2 in Slovakia.

The free self-check takes 3 minutes. It applies Slovakia-specific rules, tells you your entity type, and recommends the right assessment plan.

Start your free self-check →