Austria Bulgaria Czech Republic Hungary Romania Slovak Republic Startpage

CERHA HEMPEL and Austrian Standards develop the first NIS-2 certificate for management bodies

From October 2024, the management bodies of major or important institutions, as seen from the perspective of IT security, will be required to take part in cyber security training. This is of particular importance as the Network and Information System Security Act 2024 (NISG 2024) expressly stipulates that the members of management bodies are to be held personally liable in the event of a culpable breach of the new legal provisions.

From October 2024, the management bodies of major or important institutions, as seen from the perspective of IT security, will be required to take part in cyber security training. This is of particular importance as the Network and Information System Security Act 2024 (NISG 2024) expressly stipulates that the members of management bodies are to be held personally liable in the event of a culpable breach of the new legal provisions.

In light of this, CERHA HEMPEL and the certification body of Austrian Standards have incorporated the technical, organizational and legal requirements into a standard that for the first time enables the personal certification of members of management bodies. Managing directors, board members and supervisory board members who hold this certification can therefore demonstrate that they have the necessary knowledge of the legal, organizational and technical risk measures that need to be adopted to protect an institution effectively against cyber threats. The certification can also serve as proof of compliance with the new regulatory training obligation and in so doing minimize the liability risk for those certified.

CERHA HEMPEL played a key role in developing the new certification programme.

"Collaborating with Austrian Standards was especially important to us as a law firm because our experience in ongoing NISG proceedings has been that cyber security is perceived as an exclusively technical issue. However, legal and organizational obligations are often neglected when regulatory obligations are implemented, frequently resulting in administrative penal proceedings. The new certificate ensures that due account is taken of these aspects, which are so relevant to legal practice, in training courses",said CERHA HEMPEL partner Hans Kristoferitsch and attorney Boris Treml. "The new IT security certification for members of management bodies is the perfect addition to our portfolio. We'd like to thank CERHA HEMPEL for being professional and a pleasure to work with at all times", said Veronika Hofer, Senior Portfolio Manager Certification. Peter Jonas, Director Certification: "Certificates issued by Austrian Standards are recognized as proof of competence in accordance with ISO/IEC 17024. They demonstrate that a person has passed an independent examination and has achieved a high level of professionalism in a specific subject area."