Slovenia


(a) What is the NIS2 implementation status?

On 4 June 2025, Slovenia officially published the Information Security Act (ZInfV-1) in its Official Gazette. The law will enter into force on 19 June 2025, thereby transposing the EU NIS2 Directive into national legislation.

(b) What is the envisaged NIS2 implementation timeline?

On 19 June 2025 the NIS2 Directive is implemented in national law with the effectuation of the Information Security Act.

(c) What does the NIS2 mean for other national cybersecurity legislation?

It is expected to be an upgrade of the existing Information Security Act.

In line with the Directive, the law provides, among other things, for the extension of the number of obliged entities that are required to take measures to ensure cyber security, to include both public sector and business entities. Obligors will be required to prepare, among other things, risk assessments and cyber incident management plans.

(d) Who will be the supervisory authority and how are they preparing the market?

The Government Information Security Office.

(e) What should you be doing/on the lookout for?

As the NIS2 Directive is transposed into national law it is important for companies that are operating in Slovenia to adhere to their laws, including ZinfV-1. While the Slovenian law is only available in the local language, it closely mirrors the obligations set out in the NIS2 Directive.

Contact

Bojan Sporar E: sporar@rppp.si

Sergej Omladic E: omladic@rppp.si

Compare NIS2 implementation across other EU member states

Compare now

Other Resources

Eversheds Sutherland NIS2 Directive hub

Visit webpage

Whitepaper: Everything you need to know about the NIS2 Directive

Read the whitepaper

Webinar: One year to go until the EU NIS2 Directive

Watch the webinar

Article: Focus on the NIS2 directive

Read the summary briefing

© Eversheds Sutherland. All rights reserved. Eversheds Sutherland is a global provider of legal and other services operating through various separate and distinct legal entities. Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed and affiliated firms and the members of Eversheds Sutherland (Europe) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements and operate in accordance with their locally registered names. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global LLP. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client.

Share this page