Financial Crime World

Cybercrime and Financial Institutions in Slovakia: Understanding the New Regulations

Slovakia has recently introduced new regulations aimed at ensuring the cybersecurity of essential services, including financial institutions. The Cyber Security Act, which came into force in November 2019, sets out minimum requirements for operators of these services to ensure the security of their IT systems and networks.

Who Does the Act Apply To?

The Act applies to a wide range of sectors, including:

  • Banking
  • Electronic communications
  • Energy
  • Healthcare
  • Transport
  • Post
  • Industry
  • Information and telecommunications technologies
  • Water
  • Air

In the context of financial institutions, the Act requires operators to take specific measures to protect against cyber threats.

Obligations Under the Act

One of the key obligations under the Act is to carry out a cybersecurity audit within two years of registration with the National Security Authority (NSA). The audit must be carried out by an accredited auditor who will evaluate compliance with adopted security measures and other obligations under the Act. The results of the audit must be presented to the NSA within 30 days of completion.

Additionally, operators are required to:

  • Report any substantial cybersecurity incidents to the NSA through a uniform cybersecurity information system
  • Notify providers listed above about any reported incidents
  • Inform law enforcement authorities if a crime related to a cyber attack was committed

Consequences of a Cybersecurity Incident in Healthcare

The Act sets out specific criteria for healthcare providers, including:

  • Minimum number of emergency beds
  • Status of highly specialized traumatology care centers
  • Provision of laboratory services

The consequences of a cybersecurity incident in healthcare can include:

  • An economic loss higher than 0.1% of GDP
  • An economic loss or material damage of more than EUR 250,000 suffered by at least one user
  • More than 100 injured persons requiring medical treatment
  • The loss of one life

Penalties for Non-Compliance

The NSA also carries out inspections and imposes sanctions for minor or other administrative offences. The penalties for non-compliance can be significant, ranging from EUR 300 to 1% of overall annual turnover for the preceding financial year, but no more than EUR 300,000.

If you have any further questions or concerns regarding these regulations, please do not hesitate to contact Peter Kováč and Lukáš Mrázik at [insert law firm name].