ImplementedNIS2
NIS2 in Estonia
Estonia transposed NIS2 via the Küberturvalisuse seadus. RIA enforces advanced cyber protocols across the highly digitized nation.
Transposition law
Küberturvalisuse seadus (Cybersecurity Act amendment)
In force
17 October 2024
Competent authority
Estonian Information System Authority (RIA)
Max fine (Essential)
€10 million or 2% of global annual turnover
Max fine (Important)
€7 million or 1.4% of global annual turnover
Full enforcement
October 2024
Key Deadlines
Law in force
17 October 2024
Competent Authority
Estonian Information System Authority (RIA)
Central supervisory authority and national CERT-EE host
https://www.ria.ee ↗RIA monitors compliance through automated telemetry and regular digital audits, emphasizing integration with e-state platforms.
Registration Process
Register via the RIA portal using digital ID or e-Residency signatures.
📊 Quick Test
Check NIS2 Scope →Find out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Verify alignment with Estonian IT baseline security standard (E-ITS)
- 2Prompt incident submission to CERT-EE within 24 hours
- 3Mandatory penetration testing for high-value government integrations
National Additions
★Estonia mandates the E-ITS framework, which is a localized version of German BSI IT-Grundschutz
FAQ: NIS2 in Estonia
What is E-ITS?
E-ITS is the official Estonian IT baseline security standard aligned directly with ISO 27001 principles.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.