In progressNIS2
NIS2 in Bulgaria
Bulgaria is transposing NIS2 through amendments to the national Cybersecurity Act. The Ministry of Electronic Governance acts as the primary coordinator.
Transposition law
Cybersecurity Act Amendment (draft)
In force
Pending
Competent authority
Ministry of Electronic Governance
Max fine (Essential)
€10 million or 2% of global annual turnover
Max fine (Important)
€7 million or 1.4% of global annual turnover
Full enforcement
June 2026
Key Deadlines
Enforcement target
1 June 2026
Competent Authority
Ministry of Electronic Governance
National NIS2 competent authority and cybersecurity coordinator
https://egov.bg ↗Bulgaria utilizes a centralized competent authority model under the Ministry, working alongside sectoral CSIRTs for incident handling and proactive auditing.
Registration Process
Registration procedures will be hosted on the single administrative services portal of Bulgaria upon enactment.
📊 Quick Test
Check NIS2 Scope →Find out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Registration with the national cybersecurity registry
- 2Adoption of rigorous risk management controls based on ISO 27001
- 3Symmetrical incident reporting to the national CERT within 24 hours
National Additions
★Specific requirements for government digital services and integration with public infrastructure portals
FAQ: NIS2 in Bulgaria
What is the primary reporting center in Bulgaria?
The Bulgarian National CERT (cert.bg) coordinates security incident response across public and private sectors.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.