🇦🇹Österreich

NIS2 Directive Compliance in Austria

NIS2 expands cybersecurity obligations to essential and important entities across critical sectors. It mandates risk management, incident reporting, and supply chain security.

How does NIS2 apply in Austria?

NIS2 applies in Austria under EU law with the same obligations as across the bloc — maximum fine €10M or 2% of global turnover. The national supervisory authority is the DSB (Datenschutzbehörde), which handles enforcement, complaints, and notifications. Deadline: October 17, 2024 (transposition deadline).

Supervisory authority: DSB (Datenschutzbehörde)
Maximum fine: €10M or 2% of global turnover
Key deadline: October 17, 2024 (transposition deadline)

Supervisory authority	DSB (Datenschutzbehörde)
Maximum fine	€10M or 2% of global turnover
Key deadline	October 17, 2024 (transposition deadline)
Sectors affected	Energy, Transport

Source: DSB (Datenschutzbehörde)Reviewed: 2026-05-11

Deadline

October 17, 2024 (transposition deadline)

Max Fine

€10M or 2% of global turnover

Sectors Affected

Energy, Transport, Healthcare

Key NIS2 Obligations for Austria Businesses

Implement cybersecurity risk management measures
Report significant incidents within 24-72 hours
Assess supply chain security
Ensure management body oversight
Conduct regular security audits

Does NIS2 apply to your Austria business?

Find out in 2 minutes with our free regulation checker.

Check now — free

View full NIS2 compliance guide

For informational purposes only. This is not legal advice — consult qualified legal counsel.

NIS2 Directive Compliance in Austria

How does NIS2 apply in Austria?

Key NIS2 Obligations for Austria Businesses

Does NIS2 apply to your Austria business?

NIS2 in Other Countries