Notification of a Regulated Service Under the Cybersecurity Act: Have You Already Fulfilled Your Obligation?

The Cybersecurity Act has introduced new obligations for many organizations. One of them is the notification of a regulated service to the state. As recently highlighted by the National Cyber and Information Security Agency (NÚKIB), most affected entities fulfilled this obligation by the end of the year. However, some organizations still have not submitted the notification, even though the legal deadline has already passed. The good news is that the notification can still be submitted (and should be done without unnecessary delay).

What Is a Regulated Service Notification and Who Does It Apply To?

A regulated service notification is a legal obligation for organizations that provide services or operate systems falling under the Cybersecurity Act. This does not apply only to large corporations — the obligation may also affect medium-sized organizations, IT service providers, digital solution providers, or selected operational activities. If you are unsure whether the law applies to your organization, NÚKIB provides an official online calculator that can help assess your situation within a few minutes.

How to Submit the Notification

The regulated service notification is submitted online through the NÚKIB Portal. The process is fully digital and allows the state to maintain an overview of entities subject to cybersecurity obligations.

The Notification Is Only the First Step. What Comes Next?

Practical experience shows that one of the most common mistakes is viewing the notification as “the completion of the entire obligation.” In reality, it is only the beginning. Real cybersecurity depends on:

• clearly defined processes,
• responsibilities,
• technical measures,
• and above all, the human factor.

Employees are often the weakest link in security — not because they intentionally take risks, but because they do not understand the threats and proper procedures.

Practical Implementation and Employee Training

This is exactly where the regulation makes sense. The goal of the law is not to punish organizations, but to increase their real resilience against cyber threats. Effective implementation therefore includes:

• regular employee training,
• understanding threats in everyday work,
• the ability to respond correctly to incidents,
• building a long-term security culture.

A modern approach to training does not need to be boring or overly formal — quite the opposite. Interactive and understandable formats significantly increase employee engagement and provide real value for organizations.

Summary

✔️ If you have not yet submitted the regulated service notification, do so as soon as possible. ✔️ If you have already fulfilled the notification requirement, focus on the practical implementation of the law’s requirements. ✔️ Cybersecurity is not a one-time task, but a long-term process. Submitting the notification is one thing. Ensuring effective cybersecurity in practice is another.