ISMS Copilot for Austrian critical infrastructure operators
Classify your entity under NISG 2026 (BGBl. I Nr. 94/2025) and register before the 31 December 2026 deadline.
Why Austrian operators choose ISMS Copilot
- Determine whether you qualify as a wesentliche or wichtige Einrichtung under section 24 NISG 2026
- Work through the ten risk-management areas required by the 3. Hauptstueck
- Plan electronic registration via the Cybersicherheitsbehoerde portal at nis.gv.at
- Track the 31 December 2026 registration deadline and 24h / 72h / one-month reporting clocks
- Map supply-chain security duties onto existing vendor management
- Align NISG 2026 obligations with parallel DSGVO and Austrian DSG requirements
Built around the Austrian NIS 2 stack
NISG 2026 entity-classification guidance under section 24
Ten risk-management areas mapped to controls you already run
Cybersicherheitsbehoerde registration workflow and deadline tracking
Tiered incident-reporting templates: 24-hour, 72-hour, one-month
Management-body accountability and training documentation under NISG 2026
Cross-reference to DSGVO, the Austrian Datenschutzgesetz (DSG) and DORA
NISG 2026 entity classification in Austria
Austria transposed NIS 2 through its own statute, the Netz- und Informationssystemsicherheitsgesetz 2026, published as BGBl. I Nr. 94/2025, replacing NISG 2018. The first compliance question is classification: section 24 decides whether you are a wesentliche Einrichtung or a wichtige Einrichtung, and that determines supervision intensity and which of the ten risk-management areas in the 3. Hauptstueck you must evidence. In-scope entities must register electronically via the Bundesamt fuer Cybersicherheit (Cybersicherheitsbehoerde) portal at nis.gv.at, with a registration deadline of 31 December 2026, and run the 24-hour, 72-hour and one-month reporting timeline. Alongside this sits the Austrian Datenschutzgesetz (DSG) supplementing the GDPR. ISMS Copilot walks you through the section 24 test, the ten areas, and the registration and reporting clocks.
Explore the NISG 2026 Copilot →Frequently Asked Questions
What is NISG 2026?
The Netz- und Informationssystemsicherheitsgesetz 2026 (NISG 2026), published as BGBl. I Nr. 94/2025, is Austria's national law transposing the EU NIS 2 Directive. It replaces NISG 2018 and introduces updated obligations for essential and important entities covering risk management, incident reporting, supervision and enforcement.
Which entities must register, with whom, and by when?
Entities in scope as wesentliche or wichtige Einrichtungen must register electronically via the portal of the Bundesamt fuer Cybersicherheit (Cybersicherheitsbehoerde) at nis.gv.at. The registration deadline under NISG 2026 is 31 December 2026. ISMS Copilot helps you run the section 24 classification test and prepare the registration.
Does ISMS Copilot register us or certify NISG 2026 compliance?
No. ISMS Copilot does not register you with the Cybersicherheitsbehoerde and does not issue certifications. It interprets the specific provisions of NISG 2026 and prepares the documentation and notifications so your team can complete registration through the official portal.
Ready to streamline your compliance work?
Built for speed, accuracy, and audit-ready output.