LGP Slovakia / News / Amendment to the Cybersecurity Act

Amendment to the Cybersecurity Act

Amendment to the Cybersecurity Act

Cybersecurity is an area that is intended to protect networks and information systems in the event of any threat to the availability, authenticity, integrity, and confidentiality of data. Therefore, cybersecurity is also essential for the business environment, especially in this digital age, where the number of cyber-attacks is constantly increasing.  

For this reason, we can see that the European Union has increased its activity in this area. Especially in developing a coherent and coordinated approach, based on measures intended to mitigate major cybersecurity risks caused by new technologies such as the 5G network. At the same time, the issue of internal security of the state and entities remains one of the most sensitive topics for EU member states. 

Therefore, The Slovak Republic responded to the requirements of the European Union in the field of cybersecurity and adopted an Amendment to the Cybersecurity Act, which entered into force on 1st August 2021. 

Some of the main changes that the amendment will bring in relation to the business sector:

  • clarification of some legal definitions,
  • extension of the range of obligated entities - basic service operators in the field of digital infrastructure and in the field of electronic communications, 
  • modification of the procedure for cybersecurity certification, 
  • introduction of new regulations for basic service providers and digital service providers,
  • introduction of the institute of automated provision of information, 
  • strengthening the role of the cybersecurity auditor, 
  • establishment of the institute of prohibition or restriction of a specific product, process, service or a third party.

The institute of restriction or prohibition is a fundamental competence of the National Security Authority. It allows the National Security Authority to exclude the business entity concerned from the competition. Mentioned restriction or prohibition can be carried out only based on a detailed risk analysis performed by the National Security Authority based on the opinion of the relevant central state administration bodies. Subsequently, the National Security Authority submits the analysis to the Security Council of the Slovak Republic and the Government of the Slovak Republic.However, the last word will have the Government of the Slovak Republic since the National Security Authority cannot deviate from its opinion. The risk analysis also includes the political risk analysis of a third party. Political risks are approved by the Government of the Slovak Republic based on the opinion of the National Security Authority. The opinion of the Authority shall be submitted to the Security Council of the Slovak Republic. In this procedure, the Authority shall also consider the statements of the relevant central state administration bodies.

The legislator introduced this option based on the recommendations of the EU 5G Toolbox. The EU 5G Toolbox is a set of measures established by the EU based on a risk assessment process to ensure the highest possible protection for end-users. The aim of the EU 5G Toolbox is to identify and determine possible measures to mitigate the primary cyber threats of the 5G network, based on the findings of the assessment process. In conclusion, it should be noted that the EU 5G Toolbox is not binding EU legislation (only recommended) and therefore the introduction of the institute of restricting or banning a product, process, service or third party was not so necessary and perhaps even premature on the part of the legislator, as a new NIS 2 directive is currently being prepared, which should also address this issue.

On the other hand, together with the introduction of the institute of restricting or prohibiting a product, process, service, or a third party, the amendment introduced the possibility of defending the business entity against an unfavorable decision in a two-stage administrative procedure and a subsequent judicial review of the decision.