LR pixel

avedos GRC News

NIS regulations go into effect

At the end of July the key implementation provisions of the NIS regulations were adopted which specify the NIS regulations and which organizations are affected by them.

Austria has implemented an EU directive, which is designed to ensure high levels of security in the networks and information systems across the European Union. The NIS regulations now require organizations in key business or social sectors to implement adequate cybersecurity measures and, if necessary, immediately report larger incidents. The key implementation provisions, which specify the NIS regulations and which organizations are affected by them, were adopted at the end of July.

Affected companies

The NIS regulations affect operators of essential services in the energy, transportation, finance, banking, health care, water supply, and digital infrastructure sectors, digital service providers (e.g. for cloud computing, search engines or online marketplaces) as well as federal facilities throughout Austria. Their services are playing an increasingly important role as critical infrastructures. Cyberattacks and cybercrime, however, pose a serious threat to their availability and ability to function. The publicized regulations contain concrete thresholds that show when a company must apply NISG and define a security incident. All affected companies must take the necessary safety precautions and are subject to special reporting requirements.

Reporting requirements

Cyberattacks can no longer be kept secret. NISG clearly states that they must be reported immediately to a sector-specific Computer Emergency Response Team (CERT) that, in turn, reports to the Austrian Federal Ministry for Interior. Organizations that fail to report an incident or fulfill the safety precautions are subject to fines of up to €50,000 or even €100,000 in the case of repeated offenses.

Implementing the NIS directive

avedos, in cooperation with T-Systems, supports you in implementing the NIS directive – either as a standalone process or part of an information security system driven by risk and opportunity. For more information on the NIS guideline, view our webinar “Ready for NIS?” in cooperation with T-Systems.


Links to the provisions:

Share on facebook
Share on twitter
Share on linkedin
Share on xing
Share on email

GRC alert!

GRC Know-how für Ihre Inbox!

Informieren Sie sich zu aktuellen Trends und Fakten und verpassen Sie keine News über Events, Webinare, Podcast-Folgen oder Trainings.

CSM Webinar 150x151 Icon
Podcast icon avedos
CSM Event Icon avedos 150x151
CSM Newsletter Icon avedos 150x151
CSM Training 150x150 Icon