To improve cybersecurity, new requirements will be introduced in the future for companies with 50 or more employees from certain sectors. The government sent a corresponding law for assessment on Wednesday, as Interior Minister Gerhard Karner (ÖVP) and Justice Minister Alma Zadic (Greens) announced after the Council of Ministers.
Critical infrastructure companies and federal institutions will therefore be required to take certain IT security measures and report IT security incidents in the future.
Austria implements EU directive
This is intended to create uniform cybersecurity standards. Austria is thus implementing the European Cybersecurity Directive NIS 2. The aim is to increase the network security and resilience of companies and public institutions and to shorten the response time to cyber attacks, Karner said in the press foyer after the government meeting.
The requirements mean extra efforts for the approximately 3,000 to 4,000 affected companies, local authorities and associations. The minister emphasized that the goal of the Ministry of the Interior is to prepare and support them on this path as best as possible. A cybersecurity service center has therefore been set up at the Minister of the Interior.
Specifications must be practical
Last year, an integration process was also started with the trade association, the Chamber of Commerce and the federal states. The goal was not to write excessive regulations (so-called “golden plating”) into law to make the requirements as practical as possible, Karner said. The assessment phase for the Network and Information Security Act lasts four weeks. The EU directive must be implemented by October 2024.
Source: Krone
I am Ida Scott, a journalist and content author with a passion for uncovering the truth. I have been writing professionally for Today Times Live since 2020 and specialize in political news. My career began when I was just 17; I had already developed a knack for research and an eye for detail which made me stand out from my peers.
