The amendment to the Cybersecurity Act is approaching. Are you ready?
The amendment to Act No. 69/2018 Coll. on Cybersecurity introduces new and stricter obligations for organizations classified as providers of essential services (PES).
If your organization falls into this category, you will be required to comply with clearly defined legislative obligations within specified deadlines – from registration to regular audits.
Our company will help you navigate the entire process efficiently, professionally, and with minimal stress.
Who is affected by the new legislation?
Essential Service Operators (ESOs)
What needs to be implemented?
- Implementation of security measures
- creation and maintenance of security documentation
- Conducting a self-assessment or compliance audit
Key Deadlines and Obligations
Identification of Essential Service Operators (ESOs) and Registration in the Official Register
Each organization is required to assess whether it falls within the scope of an Essential Service Operator (ESO) and, if so, ensure its registration in the official register.
60 days – submission of the registration application (from 1 January 2025)
The registration application must be submitted within 60 days from the commencement of activities as an Essential Service Operator (ESO).
We will help you prepare all required documentation and ensure the registration application is submitted correctly.
12 months – implementation of security measures
Appropriate security measures must be implemented within 12 months of registration, based on a decision issued by the National Security Authority (NBÚ).
Indicative deadline: 30. 9. 2026 9. (based on the date specified in the notification from the National Security Authority of the Slovak Republic (NBÚ SR) regarding inclusion in the list of Essential Service Operators)
We will support you throughout the entire process – from the design and implementation of security measures to the preparation of all required documentation.
24 months – compliance audit or self-assessment
Organizations are required to complete their first compliance audit or self-assessment within 24 months of registration.
Indicative deadline: 30.9. 2028 9. 2028
We provide professional audits, GAP analyses, and compliance assessments.
Penalties for Non-Compliance
Act No. 69/2018 Coll. on Cybersecurity provides for the following penalties:
- from €100 up to €300,000 or 1% of annual turnover
- in the event of repeated non-compliance, penalties may be increased up to twice the original amount.
The amount of the penalty depends on the severity of the violation and the category of the entity concerned.
Why Work With Us?
Extensive expertise in cybersecurity and regulatory compliance
Fast and efficient implementation of tailored solutions
Comprehensive support from identification to audit
Minimizing the risk of penalties and non-compliance
Don’t wait for an inspection or a problem to arise. Ensure compliance with regulatory requirements early and with confidence.
Contact us today and ensure hassle-free compliance with the requirements of the Cybersecurity Act.
