This year, we are expecting NIS2 – or the start of the implementation of new cybersecurity obligations for mandatory entities. A crucial date for organisations is July 2025 – the expected effective date of the new Cyber Security Act.
Businesses, providers of critical infrastructure and digital services, municipalities and other entities affected by the NIS2 national regulation will have to self-identify and submit a notification of their service through the NCIS Portal within 60 days of the entry into force of the nCSA and thus start the process of registration of regulated service providers.
A 12-month transition period for the implementation of organisational and technical measures to manage security risks will start from the subsequent receipt of the NCIS’s decision to register.
Organisations that fall under regulation will have to:
- register your duties,
- put in place measures to manage cyber security,
- report incidents,
- implement the required countermeasures.
In addition, providers of strategically important services will need to ensure the security of their supply chain and the availability of critical services.
| Organisational measures | Technical measures |
|---|---|
| ISMS (Information Security Management System) | Physical Security: Facility & Infrastructure |
| Asset & risk management | Cyber attack detection and prevention |
| Supplier Security management | Encrypting data |
| Access and change control | Protecting your network from unauthorized access |
| Management and staff training | Backup systems in case of failures (accidents, attacks) |
| Testing recovery plans | Network traffic monitoring and anomaly detection |
| Cyber Security Incident Management | Security incident detection and escalation |
| Cyber Security audit |
