ImplementedNIS2
NIS2 in Austria
Austria transposed NIS2 via the Netz- und Informationssystemsicherheitsgesetz 2024 (NISG 2024). The Federal Ministry of the Interior (BMI) is the primary supervisory authority.
Transposition law
Netz- und Informationssystemsicherheitsgesetz 2024 (NISG 2024)
In force
1 October 2025
Competent authority
Federal Ministry of the Interior (BMI)
Max fine (Essential)
€10 million or 2% of global annual turnover
Max fine (Important)
€7 million or 1.4% of global annual turnover
Full enforcement
October 2026
Key Deadlines
Law in force
1 October 2025
Registration deadline
1 January 2026
Full enforcement
1 October 2026
Competent Authority
Federal Ministry of the Interior (BMI)
Primary NIS2 competent authority and national CSIRT coordinator
https://www.bmi.gv.at ↗The BMI, in cooperation with sectoral regulators, leads audits and proactive compliance checks for Essential Entities and reactive enforcement for Important Entities.
Registration Process
Entities must register online on the designated portal of the Federal Ministry of the Interior using their corporate registry ID (Firmenbuchnummer).
📊 Quick Test
Check NIS2 Scope →Find out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Self-registration via the BMI portal within 3 months of becoming in-scope
- 2Proportionate risk management measures (Article 21 alignment)
- 324-hour early warning to the national CSIRT for major incidents
- 4Management training and accountability
National Additions
★Austria places a high focus on transport infrastructure security
★Additional physical parameters introduced for the energy and grid sectors
FAQ: NIS2 in Austria
Who is the contact point for incident reporting in Austria?
Incident reports must be sent to the national CSIRT designated under the BMI framework.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.