ISMS Copilot
NISG 2026

NISG 2026 Copilot

Navigate Austria's NIS 2 transposition with confidence

Start Free TrialSee it in action

What the NISG 2026 Copilot Can Do

Identify whether your organisation qualifies as a wesentliche or wichtige Einrichtung under § 24

Understand the ten risk management areas required by § 3. Hauptstück NISG 2026

Navigate the 24-hour, 72-hour, and one-month incident reporting obligations

Map supply chain security requirements to your existing vendor management practices

Interpret management-body accountability and training obligations under NISG 2026

Compare NISG 2026 obligations with parallel requirements under DSGVO and DORA

About NISG 2026 Copilot

The NISG 2026 (BGBl. I Nr. 94/2025) is Austria's national transposition of the NIS 2 Directive, applying to essential and important entities operating in Austria. ISMS Copilot helps you work through the law's requirements — from entity classification and risk management to incident reporting and supervision obligations.

Who it's for

NIS 2

The parent EU directive — NISG 2026 transposes the obligations into Austrian law.

ISO 27001

The recognised pathway for the article 30-equivalent Austrian risk-management measures.

NIS 2 Germany

Sister transposition under § 30 BSIG — useful for groups operating across the DACH region.

Frequently Asked Questions

What is NISG 2026?

The Netz- und Informationssystemsicherheitsgesetz 2026 (NISG 2026), published as BGBl. I Nr. 94/2025, is Austria's national law transposing the EU NIS 2 Directive (2022/2555). It replaces the earlier NISG 2018 and introduces updated obligations for essential and important entities covering risk management, incident reporting, supervision, and enforcement.

How does the NISG 2026 Copilot help?

The Copilot helps you interpret the specific provisions of NISG 2026 — such as the entity classification criteria in § 24, the ten risk management areas, and the tiered reporting deadlines — so your team can work through compliance tasks with relevant legal context at hand.

Which entities need to register, and with whom?

Entities that fall within scope as wesentliche or wichtige Einrichtungen are required to register electronically via the portal of the Bundesamt für Cybersicherheit (Cybersicherheitsbehörde) at nis.gv.at; the registration deadline under NISG 2026 is 31 December 2026.

Ready to streamline your compliance work?

Built for speed, accuracy, and audit-ready output.

Try ISMS Copilot 2.0