Key point: Austrian companies must adapt their screening processes to meet the requirements of NIS2 and DORA to ensure compliance.
The regulations NIS2 and DORA require Austrian companies to review their existing screening processes. These must be adapted to the new legal requirements to ensure compliance.
The NIS2 Directive (Network and Information Security) and the DORA Regulation (Digital Operational Resilience Act) pose concrete requirements for Austrian companies. Both regulatory frameworks address critical infrastructures and the financial sector ecosystem with enhanced security standards.
For CISOs, this means a fundamental review of existing screening and identification processes. While NIS2 takes effect gradually from autumn 2024, DORA has already set binding deadlines for financial institutions. Companies must clarify under which category (critical infrastructure, important service, or financial enterprise) they fall, as this entails different compliance obligations.
Practical implementation requires an inventory of current IT security measures, an analysis of governance structures, and an assessment of third-party dependencies. In Austria, authorities such as RTR-GmbH (for telecommunications/critical infrastructure) and the FMA (for the financial sector) are responsible for oversight and can impose fines.
Source: news.google.com · Published 16 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.