NIS2 | NISG 2026
With the NIS2 Directive (EU) 2022/2555 and Austria’s Network and Information Systems Security Act 2026 (NISG 2026), regulatory requirements for cyber security are changing fundamentally. Organizations within the scope of the legislation are required to implement appropriate technical and organizational measures, manage cyber risks in a structured manner, establish incident reporting processes, and demonstrate the effectiveness of their security measures. Governance structures and management accountability are also becoming increasingly important.
But how far has NIS2 implementation in Austria really progressed?
The CERTAINITY NIS2 Sensor 2026, conducted in cooperation with the Austrian market research institute IMAS, is based on a survey of 300 Austrian organizations with more than 50 employees that fall within the scope of the Directive.
The study provides a comprehensive assessment of the current implementation status of NIS2 and NISG 2026 in Austria. It examines how organizations perceive the regulation, where they currently stand in implementation, and which challenges and strategic implications are shaping their efforts.
Key findings on NIS2 implementation in Austria:
- 88% of organizations are familiar with the NIS2 Directive
- Only 51% correctly assess whether they are within its scope
- The average implementation level of NIS2 requirements is approximately 30%
- 71% report high implementation costs
- 72% believe that NISG 2026 will improve cyber security
- Nearly half of all organizations have postponed implementation so far
The findings reveal a significant gap between awareness, regulatory requirements, and actual implementation.


