NIS regulations go into effect

In July 2019 the key implementation provisions of the NIS regulations were adopted which specify the NIS regulations and which organizations are affected by them.

Austria has implemented an EU directive, which is designed to ensure high levels of security in the networks and information systems across the European Union. The NIS regulations now require organizations in key business or social sectors to implement adequate cybersecurity measures and, if necessary, immediately report larger incidents. The key implementation provisions, which specify the NIS regulations and which organizations are affected by them, were adopted at the end of July.

Affected companies

The NIS regulations affect operators of essential services in the energy, transportation, finance, banking, health care, water supply, and digital infrastructure sectors, digital service providers (e.g. for cloud computing, search engines or online marketplaces) as well as federal facilities throughout Austria. Their services are playing an increasingly important role as critical infrastructures. Cyberattacks and cybercrime, however, pose a serious threat to their availability and ability to function. The publicized regulations contain concrete thresholds that show when a company must apply NISG and define a security incident. All affected companies must take the necessary safety precautions and are subject to special reporting requirements.

Reporting requirements

Cyberattacks can no longer be kept secret. NISG clearly states that they must be reported immediately to a sector-specific Computer Emergency Response Team (CERT) that, in turn, reports to the Austrian Federal Ministry for Interior. Organizations that fail to report an incident or fulfill the safety precautions are subject to fines of up to € 50,000 or even € 100,000 in the case of repeated offenses.

Implementing the NIS directive

GBTEC, in cooperation with T-Systems, supports you in implementing the NIS directive – either as a standalone process or part of an information security system driven by risk and opportunity.

Value-based governance, risk and compliance management for your company's success

A professional GRC strategy builds the foundation for successful business management. BIC supports you with a unique combination of the latest technology, an intuitive user interface and fast implementation. That makes working with the BIC GRC Solutions so easy - in all GRC areas.

Expert information
Integrated GRC

The consolidation of the governance, risk and compliance areas provides decisive competitive advantages.

Product information
BIC Enterprise Risk

Build a foundation for a successful governance, risk and compliance strategy and cover all regulatory requirements.

Success Story
Deutscher Sparkassenverlag

The DSV Group relies on the integrated software platform BIC to dovetail the disciplines of Information Security, Risk Management and Control Management.

Product information
BIC Information Security

Protect your information and benefit from a standards-compliant ISMS with state-of-the-art technology.

Further resources on BIC GRC Solutions

Do you have any questions?

Do you have any questions about our products or services?
Our experts will gladly assist you and look forward to your request.

grc@gbtec.com+43 1 3670876 -0Contact form

Expand your knowledge with our e-learnings on BPM & GRC.

To the GBTEC Learning Hub