NIS2 in Slovakia: year two and tighter oversight
Slovakia’s cybersecurity act (NIS2 transposition) has applied since 1 January 2025. In 2026 “we will prepare later” is over — National Security Authority oversight, incident reporting, and supply-chain measures are live for thousands of entities.
In short: Fines up to 2% of turnover. Cloud providers are in scope — not only “the IT company”.
Who is in scope
Expanded sectors — energy, transport, health, digital services, public administration, and more. Cloud computing providers and managed services are explicitly covered. Many firms qualify as essential or important by size and sector.
Fines can reach 2% of global turnover (essential) or 1.4% (important), plus measures against management if gaps are not fixed.
What it means for IT and cloud
- MFA, encryption, backups, and continuity plans — not paper-only.
- Vendor security: where mail, files, and backups are hosted.
- Significant incidents within 24 hours — can you tell what happened to data?