KüTS Copilot
Navigate Estonia's NIS 2 transposition with confidence
What the KüTS Copilot Can Do
Understand whether your organisation is an essential or important entity
Navigate the three-stage incident reporting timeline under § 8
Identify applicable security obligations in chapter 2 of KüTS
Map penalty exposure under §§ 18²–18⁵ for your entity type
Interpret RIA and CERT-EE supervisory roles and notification recipients
Compare KüTS obligations against NIS 2 Directive requirements
About KüTS Copilot
The Küberturvalisuse seadus (KüTS) is Estonia's national cybersecurity law, amended in December 2025 to transpose the NIS 2 Directive. KüTS Copilot helps you understand your obligations under the consolidated act and the 2025 amendment (RT I, 30.12.2025, 4).
Frequently Asked Questions
What is KüTS?
Küberturvalisuse seadus (KüTS) is Estonia's primary cybersecurity law, in force since 2018 and substantially amended in December 2025 (RT I, 30.12.2025, 4) to transpose the EU NIS 2 Directive. It establishes obligations for essential and important entities, incident reporting requirements, and a supervisory framework administered by RIA (NCSC-EE).
How does the KüTS Copilot help?
KüTS Copilot helps you work through the structure and requirements of the consolidated act, including the 2025 NIS 2 amendment — so you can understand entity classification, incident reporting deadlines under § 8, and the penalty framework under §§ 18¹–18⁵ without having to cross-reference multiple legislative texts manually.
What are the incident reporting deadlines under KüTS?
Under § 8, entities must submit an initial alert to RIA/CERT-EE within 24 hours of becoming aware of a significant incident, a detailed notification within 72 hours including an initial assessment and indicators of compromise, and a final report within one month covering root cause, measures taken, and any cross-border impact.
Ready to streamline your compliance work?
Built for speed, accuracy, and audit-ready output.