Expert Statement of the Critical Infrastructure Association of the Slovak Republic (AKI SR) on Act No. 318/2025 Coll. and the implementation of the Cyber Resilience Act (CRA)

25. novembra 2025

The Critical Infrastructure Association of the Slovak Republic considers the adoption of Act No. 318/2025 Coll. to be a fundamental step in the field of cybersecurity of the Slovak Republic. This legal regulation systematically implements the European Cyber Resilience Act for the first time and regulates the way in which digital products – from software, through IoT devices to specialized technologies used in industry – will be placed on the market and controlled from the perspective of cyber resilience.

The Act also changes the position of the National Security Authority, which becomes the market surveillance authority for products with digital elements. This is a significant strengthening of the state's capacities in an area where a clear and unambiguous competence framework has been lacking until now. The NSA will now be able to verify the security properties of digital products, order manufacturers or distributors to eliminate identified deficiencies, if necessary, prohibit the placement of non-compliant technologies on the market and intervene also in the online environment against offers that threaten user security. This is a response to the long-term trend where an increasing number of digital components - including those that later end up in critical systems - are purchased through global online platforms without sufficient control of origin or quality.

The Cyber Resilience Act introduces extensive and previously non-existent obligations for manufacturers and importers of digital products. The manufacturer will bear responsibility for product security throughout its entire life cycle, will have to ensure vulnerability management processes, provide corrective updates, prepare technical documentation for conformity and transparently inform about security incidents. The amendment to the Act translates these rules into the Slovak legal framework and creates a basis for their practical enforcement.

An extremely important innovation is also the digital product passport, which is intended to provide an overview of security properties, technical specifications, compliance with regulations and update history. For critical infrastructure operators, this means a much higher level of transparency in relation to the technologies they use in their key systems. From a long-term perspective, this will also support better risk management and more efficient identification of weaknesses in supply chains.

From the perspective of energy security, transport, healthcare, manufacturing sectors or telecommunications networks, this is a legislative step that clearly moves Slovakia closer to modern European standards of cyber resilience. Critical infrastructure today is exposed to highly sophisticated attacks that often exploit vulnerabilities in common commercial products. While until now it was possible to place on the market even products with minimal security standards, the new legal framework will enable the state to effectively stop such technologies as soon as they appear on the Slovak market.

The Critical Infrastructure Association of the Slovak Republic considers this legislative regulation to be a step in the right direction. At the same time, we perceive the need for the state to prepare clear methodological guidelines for critical infrastructure operators, public authorities and companies that will have to fulfil obligations under the CRA. The introduction of the regulation will also involve the need to strengthen the expert capacities of the NSA, as well as better coordination between individual state authorities.

AKI SR is ready to actively cooperate with the NSA, ministries and the expert community in implementing this legal regulation into practice. We believe that the new framework will contribute to increasing the security of digital technologies used in Slovakia and will strengthen the protection of systems that are necessary for the functioning of society, the economy and the state.

Slovakia and India Strengthen Cooperation in the Protection of Critical Infrastructure: AKI SR and India’s C-DOT Discuss Joint Projects

18. júna 2026
At the international technology fair VivaTech 2026 in Paris, a working meeting was held today between representatives of the AKI SR and the Indian government technology organization Centre for Development of Telematics (C-DOT). The meeting followed ongoing discussions between the two partners and confirmed their shared interest in developing strategic cooperation in the areas of cybersecurity, critical infrastructure protection, and the development of technologies resilient to threats emerging in the quantum era.

Slovensko a India posilňujú spoluprácu v ochrane kritickej infraštruktúry: AKI SR a indický C-DOT rokovali o spoločných projektoch

18. júna 2026
Na pôde medzinárodného technologického veľtrhu VivaTech 2026 v Paríži sa dnes uskutočnilo pracovné stretnutie predstaviteľov Asociácie kritickej infraštruktúry Slovenskej republiky (AKI SR) a indickej vládnej technologickej organizácie Centre for Development of Telematics (C-DOT). Stretnutie nadviazalo na už prebiehajúce rokovania medzi oboma partnermi a potvrdilo spoločný záujem rozvíjať strategickú spoluprácu v oblastiach kybernetickej bezpečnosti, ochrany kritickej infraštruktúry a vývoja technológií odolných voči hrozbám nastupujúcej kvantovej éry.

Zero Trust in the Supply Chain of Critical Infrastructure: When Trust Must Be Verified

18. júna 2026
The weakest point of an organization has long ceased to be its own technology. Increasingly, it is becoming a supplier who has access to systems, data, or ensures the operation of critical services.

Zero Trust v dodávateľskom reťazci kritickej infraštruktúry: keď dôvera musí byť overená

18. júna 2026
Najslabším miestom organizácie už dávno nemusí byť jej vlastná technológia. Čoraz častejšie sa ním stáva dodávateľ, ktorý má prístup k systémom, údajom alebo zabezpečuje prevádzku kritických služieb.

Introducing Critical Infrastructure Sectors: Digital Infrastructure

15. júna 2026
The Critical Infrastructure Association of the Slovak Republic continues its presentation of individual critical infrastructure sectors. This time, the focus is on an area that forms the digital backbone of modern society and ensures the continuous flow of information, data, and electronic services – the Digital Infrastructure sector.

Predstavujeme sektory kritickej infraštruktúry: Digitálna infraštruktúra

15. júna 2026
Asociácia kritickej infraštruktúry Slovenskej republiky pokračuje v predstavovaní jednotlivých sektorov kritickej infraštruktúry. Tentoraz sa zameriavame na oblasť, ktorá tvorí digitálnu kostru modernej spoločnosti a zabezpečuje nepretržitý tok informácií, dát a elektronických služieb – sektor Digitálna infraštruktúra.

Introducing Essential Services of Critical Infrastructure: Operation, Maintenance and Development of the Electricity Transmission System

12. júna 2026
The Critical Infrastructure Association of the Slovak Republic continues its series of articles introducing the essential services defined by Act No. 367/2025 Coll. on Critical Infrastructure. Following our previous articles on electricity supply and the operation, maintenance and development of the electricity distribution system, we now turn our attention to the service that ensures the safe and reliable transmission of electricity across the entire territory of the Slovak Republic – the operation, maintenance and development of the electricity transmission system.

Predstavujeme základné služby kritickej infraštruktúry: Prevádzka, údržba a rozvoj elektrizačnej prenosovej sústavy

12. júna 2026
Asociácia kritickej infraštruktúry Slovenskej republiky pokračuje v sérii článkov, v ktorej postupne predstavujeme základné služby definované zákonom č. 367/2025 Z. z. o kritickej infraštruktúre. Po predstavení dodávky elektriny a prevádzky, údržby a rozvoja elektrizačnej distribučnej sústavy sa tentokrát pozrieme na službu, ktorá zabezpečuje bezpečný a spoľahlivý prenos elektrickej energie naprieč celým územím Slovenskej republiky – prevádzku, údržbu a rozvoj elektrizačnej prenosovej sústavy.

Critical Infrastructure Doesn't Start at the Power Plant. It Starts in the Supply Chain.

10. júna 2026
Imagine a situation where equipment that ensures the supply of electricity, the production of drinking water, or the operation of a hospital fails. The failure itself may not be the biggest problem. A much greater challenge can be discovering that the replacement part is manufactured on the other side of the world and its delivery will take several months. It is in situations like these that the true importance of resilient supply chains becomes clear.

Kritická infraštruktúra sa nezačína v elektrárni. Začína sa v dodávateľskom reťazci.

10. júna 2026
Predstavme si situáciu, že dôjde k poruche zariadenia zabezpečujúceho dodávku elektriny, výrobu pitnej vody alebo fungovanie nemocnice. Samotná porucha nemusí znamenať najväčší problém. Oveľa väčšou výzvou môže byť zistenie, že náhradný diel sa vyrába na druhom konci sveta a jeho dodanie potrvá niekoľko mesiacov. Práve v takýchto situáciách sa ukazuje skutočný význam odolnosti dodávateľských reťazcov.