NIS regulations go into effect
Austria has implemented an EU directive, which is designed to ensure high levels of security in the networks and information systems across the European Union. The NIS regulations now require organizations in key business or social sectors to implement adequate cybersecurity measures and, if necessary, immediately report larger incidents. The key implementation provisions, which specify the NIS regulations and which organizations are affected by them, were adopted at the end of July.
The NIS regulations affect operators of essential services in the energy, transportation, finance, banking, health care, water supply, and digital infrastructure sectors, digital service providers (e.g. for cloud computing, search engines or online marketplaces) as well as federal facilities throughout Austria. Their services are playing an increasingly important role as critical infrastructures. Cyberattacks and cybercrime, however, pose a serious threat to their availability and ability to function. The publicized regulations contain concrete thresholds that show when a company must apply NISG and define a security incident. All affected companies must take the necessary safety precautions and are subject to special reporting requirements.
Cyberattacks can no longer be kept secret. NISG clearly states that they must be reported immediately to a sector-specific Computer Emergency Response Team (CERT) that, in turn, reports to the Austrian Federal Ministry for Interior. Organizations that fail to report an incident or fulfill the safety precautions are subject to fines of up to €50,000 or even €100,000 in the case of repeated offenses.
Implementing the NIS directive
avedos, in cooperation with T-Systems, supports you in implementing the NIS directive - either as a standalone process or part of an information security system driven by risk and opportunity. For more information on the NIS guideline, view our webinar "Ready for NIS?" in cooperation with T-Systems. bit.ly/niswebinar
Links to the provisions: