Zakon o kibernetičkoj sigurnosti Copilot
Navigate Croatia's NIS 2 transposition with clarity
What the Zakon o kibernetičkoj sigurnosti Copilot Can Do
Identify whether your entity qualifies as ključni or važni under Arts 9-10
Map your sector to the correct nadležno tijelo and CSIRT via Prilog III
Understand the 24h, 72h, and 30-day reporting chain under Uredba Arts 66-71
Navigate risk management measure requirements set out from Art. 26
Interpret penalty exposure ranges for ključni and važni subjects under Arts 101-102
Draft incident notification documentation aligned with Arts 37-42 obligations
About Zakon o kibernetičkoj sigurnosti Copilot
The Zakon o kibernetičkoj sigurnosti (NN 14/2024), supplemented by the Uredba (NN 135/2024), transposes the EU NIS 2 Directive into Croatian law and sets out cybersecurity obligations for essential and important entities. ISMS Copilot helps you interpret the law's requirements, understand your entity classification, and work through incident reporting obligations.
Frequently Asked Questions
What is the Zakon o kibernetičkoj sigurnosti?
The Zakon o kibernetičkoj sigurnosti (NN 14/2024) is Croatia's transposition of the EU NIS 2 Directive (2022/2555), enacted by the Croatian Parliament on 26 January 2024 and in force from 15 February 2024. It establishes cybersecurity obligations for essential and important entities, defines competent authorities, and sets out incident reporting, risk management, and supervisory rules, supplemented by the operational Uredba NN 135/2024.
How does the Zakon o kibernetičkoj sigurnosti Copilot help?
Copilot helps you interpret the law's provisions — from entity classification under Arts 9-10 and sector mapping via Prilog III, to understanding the incident reporting timeline set out in Uredba NN 135/2024 Arts 66-71. It supports your team in working through requirements and preparing documentation, while final compliance judgements remain with qualified legal or technical advisers.
Which authorities oversee compliance, and how are they distinguished?
SOA (Sigurnosno-obavještajna agencija) is the central state authority for cybersecurity and serves as the single point of contact under Art. 62, with NCSC-HR operating within SOA under Art. 63. Sector-specific supervision and CSIRT responsibilities are allocated to either CSIRT pri SOA or CSIRT pri CARNET depending on the sector, as set out in Prilog III of the law.
Ready to streamline your compliance work?
Built for speed, accuracy, and audit-ready output.