From Legislation to Practice: Critical Infrastructure and Cybersecurity in 2026

19. februára 2026

The year 2025 was, from the perspective of critical infrastructure, a year of legislative transformation. The year 2026 is the first year of its full-scale application. The difference between these two periods is fundamental – while 2025 was dominated by legal implementation and methodological preparation, 2026 brings a regime of real regulatory responsibility.

The legal framework for cybersecurity in the Slovak Republic is governed by Act No. 69/2018 Coll. on Cybersecurity, as amended by Act No. 366/2024 Coll., which transposed into national law Directive (EU) 2022/2555 of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union (NIS 2). Simultaneously, Act No. 367/2024 Coll. on Critical Infrastructure was adopted, establishing a new resilience framework for critical entities. These two pieces of legislation together form a comprehensive system for managing cyber and physical risks, which has begun to be fully applied in practice.

From Identification to Mandatory Compliance

In 2025, the process of preparing and methodologically implementing measures for the identification of critical entities under the Critical Infrastructure Act was underway. State administration bodies are required to identify critical entities no later than 17 July 2026. Entities falling within the categories defined by the Act will subsequently be required to introduce measures to strengthen the security and resilience of critical infrastructure. These include systematic risk assessment, implementation of security measures, business continuity planning, and the establishment of incident response mechanisms.

The transposition of the NIS 2 Directive significantly expanded the scope of cybersecurity regulation. One of the most notable changes is the shift from the formal existence of documentation to a requirement for demonstrable functionality of security measures. An entity must be able to demonstrate a systematic process of risk identification and assessment, supply chain security management, testing of business continuity plans, and a functional incident response mechanism. This approach aligns with the objective of the NIS 2 Directive – to increase real resilience, not merely formal compliance.

The amended Cybersecurity Act also explicitly enshrines the direct responsibility of statutory bodies for managing cyber risks. Management is required to approve cybersecurity risk management measures and oversee their implementation. Under the Act, this responsibility may be fully reflected within the supervisory and sanctioning mechanisms of the law.

Adopted Strategies and Government Steps

At the beginning of 2026, the Slovak Government adopted two strategic documents as part of the implementation of the Critical Infrastructure Act and the Cybersecurity Act, providing a clear framework for risk management. The Resilience Strategy for Critical Entities of the Slovak Republic analyses the current state and vulnerabilities of critical entities, defines objectives and measures up to 2030, and establishes a coordination framework between central state authorities, local government, and critical entities. The National Cybersecurity Strategy for 2026–2030 places emphasis on the systematic strengthening of national cyberspace resilience, the protection of citizens' rights and security in cyberspace, the protection of the state's critical infrastructure, operators of essential services, and other important assets.

Strategic Significance for Slovakia

Critical infrastructure represents a system of interconnected elements. A failure in the energy sector will affect transport, transport will affect healthcare and food distribution, and digital infrastructure will affect public administration and banks. Cross-sector dependencies increase the risk of cascading effects. The legislative framework creates the conditions for systematic risk management across all critical sectors, raising the security level of processes and strengthening national resilience against hybrid and cyber threats.

Expert Cooperation

The implementation of new obligations requires a combination of legal, technical, and organisational expertise. In this context, the Critical Infrastructure Association of the Slovak Republic (AKI SR) plays a key role as a professional platform connecting regulated entities, security and crisis management experts, public administration representatives, and technology partners. AKI SR provides companies with expert advisory services on identifying and implementing statutory obligations, methodological support for risk assessment and the introduction of measures, coordination and experience sharing between sectors, and up-to-date information on legislation, deadlines, and practical steps. For members, this means access to expert know-how, coordinated procedures, and the ability to respond to legislative changes in real time.

The year 2026 represents for critical infrastructure and cybersecurity a transition from legislative preparation to practical implementation. Organisations will be assessed not only on the formal existence of security documents, but also on their ability to demonstrate their functionality in practice. Preparedness today equals resilience and trustworthiness tomorrow. Coordinated preparation with an expert partner such as AKI SR enables companies to fully ensure compliance with the new statutory obligations.

< Starší príspevok

Novší príspevok >

Artificial Intelligence and Critical Infrastructure: When a Tool Becomes a Threat

3. apríla 2026

Artificial intelligence is changing the rules of the game in critical infrastructure protection. It is no longer merely an aid in defence — it is also becoming a weapon in the hands of attackers. The question is no longer whether AI will enter the critical infrastructure environment, but how quickly we can prepare for this change.

Umelá inteligencia a kritická infraštruktúra: keď sa nástroj stane hrozbou

3. apríla 2026

Umelá inteligencia mení pravidlá hry v ochrane kritickej infraštruktúry. Už nie je len pomocníkom pri obrane, stáva sa aj zbraňou v rukách útočníkov. Otázka už neznie, či sa AI dostane do prostredia kritickej infraštruktúry, ale ako rýchlo sa na túto zmenu dokážeme pripraviť.

Predstavujeme sektory kritickej infraštruktúry: Doprava

2. apríla 2026

Oblasť kritickej infraštruktúry v Slovenskej republike upravuje zákon č. 367/2024 Z. z. o kritickej infraštruktúre a o zmene a doplnení noektorých zákonov, ktorý definuje jednotlivé sektory, podsektory a základné služby nevyhnutné pre fungovanie štátu.

Introducing Critical Infrastructure Sectors: Transport

2. apríla 2026

The area of critical infrastructure in the Slovak Republic is regulated by Act No. 367/2024 Coll. on Critical Infrastructure and on Amendments and Supplements to Certain Acts, which defines individual sectors, subsectors, and essential services necessary for the functioning of the state.

Ambassador of India and the Diplomatic Sector Support Partnership in Critical Infrastructure and Quantum Technologies

30. marca 2026

The Critical Infrastructure Association of the Slovak Republic has entered into negotiations on international cooperation with the Republic of India in the field of critical infrastructure protection and the development of post-quantum cryptography. This step reflects the growing importance of technological security and the need to prepare for the advent of quantum technologies, which will fundamentally impact current cryptographic standards. In this context, a significant meeting took place at the Embassy of the Republic of India in Slovakia, attended by H.E. Apoorva Srivastava, Ambassador of the Republic of India to the Slovak Republic, Rastislav Chovanec, State Secretary of the Ministry of Foreign and European Affairs of the Slovak Republic, and Tibor Straka, President of The Critical Infrastructure Association of the Slovak Republic. The delegation also included the Chairman of its Supervisory Board and a representative of member company Decent Cybersecurity s. r. o., Matej Michalko. The discussion focused primarily on opportunities for the development of bilateral cooperation in the areas of critical infrastructure, cybersecurity, and the implementation of post-quantum cryptographic solutions. India is among the countries that systematically invest in the development of cryptography and quantum technologies. This is evidenced by its strategic initiative, the National Quantum Mission, which aims to build a comprehensive national quantum technology ecosystem. It is precisely in this area that The Critical Infrastructure Association of the Slovak Republic sees significant potential for cooperation and the involvement of Slovak technology entities. One such entity is Decent Cybersecurity s. r. o., a company with a long-standing focus on research and implementation of solutions for critical infrastructure, defence systems, and telecommunications networks. The company specialises primarily in the practical implementation of new cryptographic algorithms into modern hardware and software architectures, which makes it well-suited for participation in international post-quantum security projects. From the perspective of the Slovak Republic, cooperation with India represents a significant opportunity for the development of technological diplomacy and the strengthening of strategic partnerships. As one of the fastest-growing digital economies in the world, India plans extensive investments in quantum research and technological infrastructure. The involvement of Slovak companies in these initiatives could substantially support the export of innovative solutions and strengthen technological ties between the two countries. The aim of this initiative is to establish a stable technological partnership between Slovak and Indian institutions, overseen by The Critical Infrastructure Association of the Slovak Republic. An important role is also played by the diplomatic support of the Ministry of Foreign and European Affairs of the Slovak Republic, which can significantly facilitate the establishment of contacts with relevant partners in India. This initiative also fits within the broader context of strengthening technological relations between the European Union and India. Slovakia's active involvement in this process could contribute to reinforcing its position within the European technology ecosystem and increasing its international competitiveness. At the meeting, both sides expressed a clear interest in developing mutual cooperation and identified significant potential for future joint projects. The partners agreed that the combination of expert capacities, technological innovation, and diplomatic support creates a solid foundation for a long-term strategic partnership that can deliver tangible results in the areas of security, innovative development, and economic cooperation. Both sides will continue their expert-level communication, aimed at building a stable platform for a long-term and functional partnership between India and Slovakia in the fields of critical infrastructure and post-quantum cryptography.

Veľvyslankyňa Indie a rezort diplomacie podporujú partnerstvo v oblasti kritickej infraštruktúry a kvantových technológií

30. marca 2026

Asociácia kritickej infraštruktúry Slovenskej republiky vstúpila do rokovaní o medzinárodnej spolupráci s Indickou republikou v oblasti ochrany kritickej infraštruktúry a rozvoja postkvantovej kryptografie. Tento krok reflektuje rastúci význam technologickej bezpečnosti a potrebu pripraviť sa na nástup kvantových technológií, ktoré zásadne ovplyvnia súčasné kryptografické štandardy. V tejto súvislosti sa na pôde Veľvyslanectva Indickej republiky na Slovensku uskutočnilo významné stretnutie za účasti J.E. Apoorva Srivastava, veľvyslankyne Indickej republiky v Slovenskej republike, štátneho tajomníka Ministerstva zahraničných vecí a európskych záležitostí Slovenskej republiky Rastislava Chovanca a prezidenta Asociácie kritickej infraštruktúry Slovenskej republiky Tibora Straku . Súčasťou delegácie AKI SR bol aj predseda jej dozornej rady a zástupca členskej spoločnosti Decent Cybersecurity s. r. o. Matej Michalko. Diskusia sa zamerala najmä na možnosti rozvoja bilaterálnej spolupráce v oblasti kritickej infraštruktúry, kybernetickej bezpečnosti a implementácie postkvantových kryptografických riešení. India patrí medzi krajiny, ktoré systematicky investujú do rozvoja kryptografie a kvantových technológií. Dôkazom je aj jej strategická iniciatíva National Quantum Mission, ktorej cieľom je vybudovať komplexný národný ekosystém kvantových technológií. Práve v tejto oblasti vidí AKI SR významný priestor pre spoluprácu a zapojenie slovenských technologických subjektov. Jedným z nich je spoločnosť Decent Cybersecurity s. r. o. , ktorá sa dlhodobo venuje výskumu a implementácii riešení pre kritickú infraštruktúru, obranné systémy a telekomunikačné siete. Spoločnosť sa špecializuje najmä na praktickú implementáciu nových kryptografických algoritmov do moderných hardvérových a softvérových architektúr, čo ju predurčuje na zapojenie do medzinárodných projektov v oblasti postkvantovej bezpečnosti. Z pohľadu Slovenskej republiky predstavuje spolupráca s Indiou významnú príležitosť pre rozvoj technologickej diplomacie a posilnenie strategických partnerstiev. India ako jedna z najrýchlejšie rastúcich digitálnych ekonomík sveta plánuje rozsiahle investície do kvantového výskumu a technologickej infraštruktúry. Zapojenie slovenských spoločností do týchto iniciatív by mohlo výrazne podporiť export inovatívnych riešení a posilniť technologické väzby medzi oboma krajinami. Cieľom iniciatívy je vytvorenie stabilného technologického partnerstva medzi slovenskými a indickými inštitúciami, ktoré bude zastrešovať Asociácia kritickej infraštruktúry Slovenskej republiky. Dôležitú úlohu pritom zohráva aj diplomatická podpora Ministerstva zahraničných vecí a európskych záležitostí SR, ktorá môže výrazne napomôcť pri nadväzovaní kontaktov s relevantnými partnermi v Indii. Táto iniciatíva zároveň zapadá do širšieho kontextu posilňovania technologických vzťahov medzi Európskou úniou a Indiou. Aktívne zapojenie Slovenska do tohto procesu by mohlo prispieť k posilneniu jeho pozície v rámci európskeho technologického ekosystému a zvýšiť jeho medzinárodnú konkurencieschopnosť. Na stretnutí obe strany vyjadrili jasný záujem o rozvoj vzájomnej spolupráce a identifikovali významný potenciál pre budúce spoločné projekty. Partneri sa zhodli, že prepojenie odborných kapacít, technologických inovácií a diplomatickej podpory vytvára pevný základ pre dlhodobé strategické partnerstvo, ktoré môže priniesť konkrétne výsledky v oblasti bezpečnosti, inovatívneho rozvoja a ekonomickej spolupráce. Obe strany budú pokračovať v odbornej komunikácii, smerujúcej k vybudovaniu stabilnej platformy pre dlhodobé a funkčné partnerstvo Indie a Slovenska v oblasti kritickej infraštruktúry a postkvantovej kryptografie.

Critical Infrastructure and GPS: It’s Not Just About Navigation

25. marca 2026

For most people, GPS (Global Positioning System) is synonymous with car or smartphone navigation. It helps us find our way, avoid traffic jams, and discover new places. However, very few realise that the Global Positioning System provides precise time and location data upon which the functioning of modern society depends.

Kritická infraštruktúra a GPS: nejde len o navigáciu

25. marca 2026

Pre väčšinu ľudí je GPS (Global Positioning System) synonymom navigácie v aute alebo v mobile. Pomáha nám nájsť cestu, vyhnúť sa zápcham či objaviť nové miesta. Len málokto si však uvedomuje, že globálny satelitný systém určovania polohy (GPS) poskytuje údaje o presnom čase a presnej polohe, na ktorých stojí fungovanie modernej spoločnosti.

Introducing Critical Infrastructure Sectors: Energy

21. marca 2026

Predstavujeme sektory kritickej infraštruktúry: Energetika