ISMS Copilot
ZInfV-1

ZInfV-1 Copilot

Navigate Slovenia's NIS 2 transposition with clarity and confidence

Start Free TrialSee it in action

What the ZInfV-1 Copilot Can Do

Identify whether your organisation qualifies as an essential or important subject under Art. 7

Map your sector against Annex 1 and Annex 2 to confirm scope

Understand the 24-hour, 72-hour, and one-month incident notification steps under Art. 30

Navigate risk management and security measure obligations under Art. 21 and 22

Interpret supervisory powers and penalty exposure under Art. 52 and 53

Track transitional implementation timelines for existing and newly obligated entities under Art. 62

About ZInfV-1 Copilot

ZInfV-1 (Uradni list RS 40/2025) is Slovenia's transposition of the EU NIS 2 Directive, setting cybersecurity obligations for essential and important entities across critical sectors. The ZInfV-1 Copilot helps you understand the law's requirements, identify where your organisation fits, and work through incident notification and risk management obligations.

Who it's for

NIS 2

Parent EU directive — transposed into Slovenia's national law.

NIS 2 Germany

Sister national transposition of NIS 2.

NIS 2 Belgium

Sister national transposition of NIS 2.

Frequently Asked Questions

What is ZInfV-1?

ZInfV-1 (Zakon o informacijski varnosti, Uradni list RS 40/2025) is the Slovenian law that transposes EU Directive 2022/2555 (NIS 2) into national legislation, replacing the former ZInfV. It establishes cybersecurity obligations for essential and important entities, defines the national supervisory structure under URSIV, and sets rules for incident notification, risk management, and enforcement.

How does the ZInfV-1 Copilot help?

The Copilot helps you interpret the law's requirements in plain language — from understanding the entity classification criteria in Art. 7 and the sector lists in Annexes 1 and 2, to working through the staged incident notification procedure in Art. 30 and the penalty framework in Art. 52–53. It is a drafting and analysis aid, not a substitute for legal advice.

What are the incident notification deadlines under ZInfV-1?

Art. 30(1) requires entities to send an early notification to the competent CSIRT within 24 hours of detecting a significant incident, followed by a full incident notification within 72 hours, and a final report no later than one month after submitting that notification. Trust service providers face a shorter 24-hour deadline for the full notification under Art. 30(2).

Ready to streamline your compliance work?

Built for speed, accuracy, and audit-ready output.

Try ISMS Copilot 2.0