Cyber threats in Slovakia and across the European Union are on the rise, becoming increasingly sophisticated. The response must be an effective combination of legislative, organizational, and IT measures to strengthen national security. The recent amendment to the Cybersecurity Act is a partial response to modern threats, introducing a provision for voluntary reporting of cybersecurity incidents.

In line with the NIS2 Directive and the amendment to the Slovak Cybersecurity Act, which entered into force on January 1, 2025, Slovakia now allows voluntary reporting of cyber incidents, threats, and near-misses to the national Computer Security Incident Response Team (CSIRT).

In addition to obligated entities (such as essential service operators), individuals and organizations that are not legally required to report can now do so voluntarily. This is an important step toward the proactive management of cyber risks. It allows not only obligated entities but also other actors to contribute to preventing incidents with potentially serious consequences.

“A significant change introduced by the amendment is the new approach to identifying obligated entities — critical entities and operators of essential services. The biggest shift concerns companies in the energy sector. The importance of secure and reliable energy supply is now clearly reflected in the tightened cybersecurity requirements for this key sector of our economy. However, voluntary reporting offers a way for others outside the legal obligations to get involved,”said Barbora Balunová, attorney at L/R/P.

Under the new legislation, cyber incidents, threats, or near-misses may be voluntarily reported by key and important entities, as well as other individuals and legal entities not otherwise obligated.

“It is important to stress that voluntary reporting does not create legal or administrative obligations for those not classified as essential service providers. In addition to increasing the cybersecurity posture of the reporting organization, such reporting can also support compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) regulations,”explains Adriana Bombalová Balážová, AML specialist at L/R/P.

Interested parties can submit reports via the Unified Cybersecurity Information System. The system is designed to minimize the burden on reporters while ensuring effective international cooperation.

Voluntary reports are processed in the same way as mandatory notifications, helping to improve cybersecurity both nationally and at the EU level.

Read more: Voluntary reporting will also contribute to cybersecurity.