Slovenia

(a) What is the NIS2 implementation status?

NIS2 has not been implemented yet. The transposition deadline has been missed, as well as the governmental timeline of the end of 2024. On April 10th 2025 the Government approved a draft law (ZInfV-1). The Government has submitted the proposal of law to the National Assembly under the urgent procedure.

(b) What is the envisaged NIS2 implementation timeline?

From the Head of the Information and Cybersecurity Divison at the Government Information Security Office we received information that they anticipate the government's consideration of the draft law by the end of February 2025 and its discussion and adoption in the National Assembly of the Republic of Slovenia by the end of May 2025.

(c) What does the NIS2 mean for other national cybersecurity legislation?

It is expected to be an upgrade of the existing Information Security Act.

In line with the Directive, the law provides, among other things, for the extension of the number of obliged entities that are required to take measures to ensure cyber security, to include both public sector and business entities. Obligors will be required to prepare, among other things, risk assessments and cyber incident management plans.

(d) Who will be the supervisory authority and how are they preparing the market?

The Government Information Security Office.

(e) What should you be doing/on the lookout for?

Normally, for such technical directives, we expect the national law to, more or less, strictly follow the wording of the directive and not deviate from substantive obligations under NIS2. The already published draft of the new Information Security Act (ZInfV-1) does not majorly deviate from the directive.

Contact

Bojan Sporar E: sporar@rppp.si

Sergej Omladic E: omladic@rppp.si

Compare NIS2 implementation across other EU member states

Compare now

Other Resources

Eversheds Sutherland NIS2 Directive hub

Visit webpage

Whitepaper: Everything you need to know about the NIS2 Directive

Read the whitepaper

Webinar: One year to go until the EU NIS2 Directive

Watch the webinar

Article: Focus on the NIS2 directive

Read the summary briefing

© Eversheds Sutherland. All rights reserved. Eversheds Sutherland is a global provider of legal and other services operating through various separate and distinct legal entities. Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed and affiliated firms and the members of Eversheds Sutherland (Europe) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements and operate in accordance with their locally registered names. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global LLP. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client.

Share this page