top of page
Search

OT systems and NIS2

  • jctibor
  • Jul 25
  • 1 min read

Updated: Jul 26



ree

With the new Cyber Security Act transposing the NIS2 Directive likely to come into force on 1 November 2025, a new legal obligation arises for many organisations to ensure an adequate level of protection not only for ICT systems, but also for operational technologies (OT) such as SCADA, PLC, DCS, sensors, robotic systems and other industrial controllers.


OT systems differ from ICT systems in their longer device life cycle, low tolerance for outages and latency, the use of proprietary communication protocols, an emphasis on continuity and physical security of operation, and they were not expected to be connected to the Internet.


However, as OT systems are increasingly interconnected with ICT infrastructure in practice, they logically become vulnerable to cyber threats.


Not only because of the obligations arising from the new Cyber Security Act, it is therefore necessary to implement appropriate security measures in the area of OT systems, such as (i) a complete inventory of OT devices, including the protocols and firmware versions used, (ii) network segmentation, i.e. physical or virtual OT vs ICT zoning, (iii) access control, i.e. at least multi-factor authentication, (iv) continuous monitoring and detection of anomalies and, of course, (v) preparation of an adequate response to cyber incidents and events.

 
 

Contact us

Do you wish to cooperate? Contact us by phone or email.

Capital city of Prague, Czech Republic

CTIBOR LEGAL v.o.s., advokátní kancelář

The Flow Building

Václavské náměstí 2132/47

110 00 Praha

Czech Republic

IČO (ID No.) 17851165  |  DIČ (VAT No.) CZ17851165 

Inscripted in the Commercial Register held by Municipal Court in Prague, File Nr. A 80114

office@ctiborlegal.cz  |  +420 227 023 217

  • LinkedIn

© CTIBOR LEGAL v.o.s.,

Law Office

Created inelizatelier.

bottom of page