The regulation containing the IT requirements of the NIS2 Act has been published

By: Trademagazin Date: 2024. 06. 25. 10:31

On June 24, the “Cyber Science Act” government decree on cybersecurity certification and cybersecurity supervision, containing the IT requirements system, became effective. The publication of the executive order related to the NIS2 law is an equally significant step for companies affected by the law, future auditors and consultants. The 120-page document precisely contains the requirements on the basis of which the preparations of the companies involved can already be started, and their official cyber security audits, which will start in 2025, can be planned. The experts of the international business and tax consulting firm Grant Thornton provide assistance in the interpretation of the decree below.

Rules were prepared for a wide target group

“In the decree, we are talking about a common list of requirements that should be applicable to companies performing one of the nearly 100 activities under the scope of the NIS2 law. For this reason, a rather long, general but at the same time sufficiently detailed material was created”

– says Péter Kóczé, head of Grant Thornton’s digital business.

NIS2 covers all companies that employ more than 50 people or have an annual turnover of more than 10 million euros and operate in one of the strategically risky sectors. According to preliminary estimates, around 2,500-3,000 farmers may be directly affected, but indirectly, even several times more may come into contact with this new provision.