Pursuant to Art. 16a (1) TKG 2003, operators of public communications networks must take appropriate measures to ensure the integrity of their networks and to ensure the continued availability of the services provided through these networks. Pursuant to Art. 16a (2) TKG 2003, operators of public communications networks or services, taking into account the state of the art, must ensure, by appropriate technical and organizational measures, a level of security suitable for controlling network security risks. In particular, the measures must be capable of avoiding or minimizing the impact of security breaches on users and interconnected networks.
These provisions transpose provisions of EU law into Austrian law. To clarify these provisions, ENISA, together with the Member States of the EU, drafted the document Technical Guideline for Minimum Security Measures, which divides the measures to be taken into different areas and subdivisions. Operators are advised to use this document when selecting their security measures. The document can be found in the following for download.
Pursuant to Art. 16a (9) TKG 2003, the Federal Minister of Transport, Innovation and Technology, after consulting the regulatory authority, determines the more detailed provisions on the implementation of Art. 16a, taking into account the relevant international regulations. Since the Technical Guideline for Minimum Security Measures aims at harmonizing the level of security and is supported by the EU Member States, it is to be expected that the content of the document will be taken into account in a Regulation of the regulatory authority pursuant to Art. 16a (9) TKG 2003.