The Rules of the Game Change on July 17. For the First Time, the State Will Identify Critical Entities Under New Legislation

8. júla 2026

On July 17, 2026, the deadline will expire by which central state administration bodies must, for the first time, identify critical entities under Act No. 367/2024 Coll. on Critical Infrastructure. This will be the first identification process following the approval of the Strategy for the Resilience of Critical Entities, and at the same time a significant milestone in the implementation of a new system for the protection of critical infrastructure in Slovakia.


Why Is This Date Important?


For organizations that will be designated as critical entities, this will not merely mean formal inclusion on a list. Their status will be accompanied by a whole range of new statutory obligations aimed at ensuring that they are able to withstand security, technological, natural, and hybrid threats, and to ensure the uninterrupted provision of essential services.


Once identified, critical entities will be required to systematically manage their resilience. The law will require them to regularly assess risks, adopt appropriate technical, organizational, and security measures, prepare and continuously update a resilience plan, ensure the continuity of essential service provision, report serious incidents to the competent authorities, regularly verify the effectiveness of adopted measures, and cooperate closely with state administration bodies in the performance of supervision. A significant new obligation will also be the assessment of risks in the supply chain, including the evaluation of suppliers’ risk profiles.


It Is Not Only About Penalties


The new legal framework therefore fundamentally changes the way critical infrastructure security is viewed. It will no longer be sufficient to protect only one’s own organization. Equally important will be the ability to identify and manage risks arising from business partners and suppliers who may significantly affect a critical entity’s ability to provide essential services.


Failure to comply with statutory obligations may lead to sanctions imposed by the competent authorities. However, financial penalties are in reality only a secondary consequence. A far greater risk is a situation in which, due to insufficient risk management or failure to adopt the necessary measures, an organization loses its ability to withstand threats, the provision of an essential service is disrupted or interrupted, or a serious incident occurs with extensive economic, security, or societal consequences. Preventing precisely such situations is the main objective of the new legislation.


“The identification of the first critical entities under the new legislation represents a historic moment in building the resilience of the Slovak Republic. Organizations that will be designated as critical entities will enter an entirely new regime of obligations, the purpose of which is not to create an administrative burden, but to ensure that they are prepared to withstand threats and are able to maintain the provision of essential services even in crisis situations. True resilience, however, is not created by adopting a single document or by formally meeting the requirements of the law. It requires systematic risk management, expertise, and continuous work. This is precisely where we want to be a partner to our members,” said Tibor Straka, President of the Critical Infrastructure Association of the Slovak Republic.


Supply Chains Are Coming Into Focus



One of the most significant changes introduced by the new law is the emphasis on managing risks in supply chains. Critical entities will be required to examine the risk profiles of their suppliers, identify strategic dependencies, and assess the potential impact that the failure of individual partners could have on their ability to provide an essential service. Security is therefore no longer limited to the organization itself, but extends to the entire ecosystem of partners on which its operation depends.


In practice, this means that the new legislation will not affect only critical entities, but to a significant extent also their suppliers. Companies supplying strategic raw materials, information technologies, energy solutions, logistics services, security technologies, industrial equipment, construction works, maintenance services, or professional services will increasingly become subject to security assessments by their customers. The ability to demonstrate reliability, preparedness, and resilience will therefore become an important part of their market position.


For this reason, the Critical Infrastructure Association of the Slovak Republic devotes a significant part of its professional activities to the issue of supply chain resilience. It provides its members with expert support in identifying and assessing geopolitical, hybrid, and cyber threats; monitors legislative and regulatory changes, international sanctions regimes, trade restrictions, risks arising from dependence on foreign suppliers, economic and financial risks, environmental factors, technological vulnerabilities, and disruptions to global supply chains. This support includes expert analyses, methodological assistance, consultations, training, early warnings about emerging threats, and proposals for specific measures that help organizations strengthen their resilience.


The approaching deadline of July 17, 2026, therefore represents more than merely meeting a statutory deadline. It marks the beginning of a new stage in the protection of critical infrastructure in Slovakia, in which the resilience of organizations will increasingly depend on their ability to anticipate risks, manage them in a timely manner, and build secure and reliable supply chains. In an environment where security threats are constantly evolving, cooperation, the sharing of expert knowledge, and timely access to information will be among the decisive factors in successfully addressing new challenges.

 


8. júla 2026
Už 17. júla 2026 uplynie lehota, do ktorej majú ústredné orgány štátnej správy po prvýkrát identifikovať kritické subjekty podľa zákona č. 367/2024 Z. z. o kritickej infraštruktúre. Pôjde o prvú identifikáciu po schválení Stratégie odolnosti kritických subjektov a zároveň o významný míľnik pri zavádzaní nového systému ochrany kritickej infraštruktúry na Slovensku.
6. júla 2026
We continue our series of expert articles dedicated to the individual sectors of critical infrastructure under Act No. 367/2024 Coll. on Critical Infrastructure. Today we take a closer look at the public administration sector. 
6. júla 2026
Pokračujeme v sérii odborných článkov, venovaných jednotlivým sektorom kritickej infraštruktúry podľa zákona č. 367/2024 Z. z. o kritickej infraštruktúre. Dnes sa pozrieme na sektor verejnej správy.
3. júla 2026
Another article in the series in which we present the essential services of critical infrastructure under Act No. 367/2024 Coll. on Critical Infrastructure. 
3. júla 2026
Ďalší článok zo série, v ktorej predstavujeme základné služby kritickej infraštruktúry podľa zákona č. 367/2024 Z. z. o kritickej infraštruktúre.
30. júna 2026
The strategic partnership between the Critical Infrastructure Association of the Slovak Republic and the Indian government organization Centre for Development of Telematics (C-DOT) has generated significant media attention in India as well. The topic of cooperation in quantum technologies, digital security, and critical infrastructure protection has appeared in several Indian media outlets and on professional platforms.
30. júna 2026
Strategické partnerstvo medzi Asociáciou kritickej infraštruktúry Slovenskej republiky a indickou vládnou organizáciou Centre for Development of Telematics (C-DOT) vyvolalo výrazný mediálny ohlas aj v Indii. Téma spolupráce v oblasti kvantových technológií, digitálnej bezpečnosti a ochrany kritickej infraštruktúry sa objavila vo viacerých indických médiách a na odborných platformách.
25. júna 2026
The Slovak Republic and the Republic of India are expanding cooperation in the field of digital security and advanced cryptographic technologies. On the occasion of the visit of the Prime Minister of the Republic of India, Narendra Modi, to Slovakia, the Critical Infrastructure Association of the Slovak Republic (AKI SR) and the Indian government organization Centre for Development of Telematics (C-DOT) signed a Memorandum of Understanding, which establishes a foundation for the joint development and implementation of quantum-safe technologies and the protection of critical infrastructure.
25. júna 2026
Slovenská republika a Indická republika rozširujú spoluprácu v oblasti digitálnej bezpečnosti a pokročilých kryptografických technológií. Asociácia kritickej infraštruktúry Slovenskej republiky (AKI SR) a indická vládna organizácia Centre for Development of Telematics (C-DOT) podpísali pri príležitosti návštevy predsedu vlády Indickej republiky Narendru Modiho na Slovensku Memorandum o porozumení, ktoré vytvára základ pre spoločný vývoj a implementáciu kvantovo bezpečných technológií a ochranu kritickej infraštruktúry.
24. júna 2026
The recent disruption to rail operations in Germany, which was related to a problem in the GSM-R communication system, is an important warning for the whole of Europe. It shows that the security and continuity of critical infrastructure today does not depend only on physical assets, tracks, stations, vehicles, or technical equipment. Equally important are communication, data, control, and information systems, without which safe and reliable operations cannot be ensured.