ImplementedNIS2
NIS2 in Croatia
Croatia transposed NIS2 through the Zakon o kibernetičkoj sigurnosti. ZSIS coordinates the cybersecurity framework across all sectors.
Transposition law
Zakon o kibernetičkoj sigurnosti (Cybersecurity Act)
In force
15 February 2024
Competent authority
Information Systems Security Bureau (ZSIS)
Max fine (Essential)
€10 million or 2% of global annual turnover
Max fine (Important)
€7 million or 1.4% of global annual turnover
Full enforcement
October 2024
Key Deadlines
Law in force
15 February 2024
Full enforcement
17 October 2024
Competent Authority
Information Systems Security Bureau (ZSIS)
Central competent authority for NIS2 oversight
https://www.zsis.hr ↗Croatia employs ZSIS to manage proactive audits and cross-sector cyber intelligence, with severe penalties for non-compliance starting immediately.
Registration Process
Register through the ZSIS secure portal with verified operational metrics.
📊 Quick Test
Check NIS2 Scope →Find out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Registration with ZSIS within designated timeframes
- 2Mandatory multi-layered infrastructure encryption
- 3Incident notification within 24 hours to the national CSIRT
National Additions
★Strong mandates for critical industrial automation networks (OT security)
★Public administration bodies are strictly supervised
FAQ: NIS2 in Croatia
Who is the primary CSIRT in Croatia?
The National CERT (cert.hr) managed under CARNET operates as the national point for incident triage.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.