On May 23, 2025, the National Assembly of the Republic of Slovenia adopted the new Information Security Act (ZInfV-1), marking a significant step towards a comprehensive and systemically regulated protection of the digital environment in Slovenia.
The text of the law was prepared by the Government Information Security Office (URSIV) and was adopted upon the proposal of the government. The Act not only represents a national upgrade of cybersecurity but also transposes the European Directive (EU) 2022/2555 (NIS 2) into Slovenian legislation.
What does ZInfV-1 introduce?
ZInfV-1 comprehensively regulates the field of information and cybersecurity in Slovenia. Its main goal is to establish an effective national information security system, which includes:
• a competent national authority for guidance and supervision,
• a body for managing major incidents and crises,
• a single point of contact for cooperation with EU institutions and CSIRT teams,
• incident response teams (CSIRTs), which will be formally integrated into the system for technical assistance and response.
The Act also establishes the obligation to adopt a national Cybersecurity Strategy, regulates the field of cyber defense, the cooperation of competent authorities, information sharing, and ICT security certification.
Who is obligated to act?
The Act defines obligated entities, which typically include subjects from the public or private sector as outlined in the annexes to the law. However, some are included based on their role in critical infrastructure, regardless of the annexes. In accordance with the NIS 2 Directive, the scope of sectors and companies required to ensure a high level of cybersecurity has also been expanded.
Key obligations of these entities include:
• implementing risk management measures,
• mandatory reporting of significant incidents,
• using a digital platform for self-registration and incident notification,
• increased accountability of company leadership in managing information security.
What does the Act mean for companies?
ZInfV-1 will significantly impact the Slovenian economy, encouraging companies to:
• improve security measures to protect networks and information systems,
• increase preparedness for cyber threats,
• reduce business and financial risks from potential attacks,
• facilitate cross-border business within the EU through harmonized rules and standards.
Thus, the Act is not merely a set of additional obligations but also a competitive advantage—compliance with the law will be a sign of reliability and trustworthy business practices.
A boost for development, innovation, and new jobs
ZInfV-1 also promotes the development of security technologies and innovation. The growing demand for security solutions will:
• drive growth in Slovenian ICT companies,
• enable regional development in the field of digital security,
• create new jobs for cybersecurity professionals,
• strengthen investments in knowledge and digital skills.
ZInfV-1 is a strategically important piece of legislation that strengthens the foundation for a secure, trustworthy, and digitally resilient society. It is more than just a technical regulation—it is a necessary investment in the future that benefits the state, businesses, and all users of digital services.
