An amendment to the Act on Cybersecurity is currently in the interdepartmental comment process, which, through the implementation of the European directive NIS2, will fundamentally affect registrar activity, as well as activities related to it (e.g. provision of so-called proxy services).
We looked at it in detail.
The amendment brings several important changes.
The amendment applies to any entity, regardless of its size, number of employees, profitability or turnover, which performs the activity of a registrar.
For all these entities, it introduces not only
- mandatory scopes of managed data regarding domain holders and verification of their correctness in the process of obtaining them
- (here we also draw attention to the obligation to record the phone contact of the holder, where we recommend that registrars start adding it to the domain register now),
- but especially the extensive responsibilities in the field of cyber security:
- from the mandatory content of security policies and measures,
- through mandatory persons managing cyber security and training,
- mandatory reporting of security incidents to the NBU,
- interventions in contracts and processes with suppliers,
- up to the mandatory performance of a cyber security audit.
As part of the public comment procedure, it is possible to send comments on the draft amendment to the law until June 19, 2024.
Changes are also underway in the Critical Infrastructure Act.
Entities subject to the Critical Infrastructure Act should also pay more attention.
An amendment to the law is also underway there. What changes and challenges will it bring?
Amendments for inspection
Amendment to the Act on Cybersecurity: https://www.slov-lex.sk/legislativne-procesy/SK/LP/2024/264
Amendment to the Act on Critical Infrastructure: https://www.slov-lex.sk/legislativne-procesy/SK/LP/2024/275
