Local presence · Iceland

Cybersecurity services in Iceland

Cybersecurity · NIS2 (EEA) · GDPR · CERT-IS coordination

EEA-grade cybersecurity for Iceland — coordinated with CERT-IS.

From Hafnarfirði, we support Icelandic organisations adopting NIS2 via the EEA framework, complying with Persónuverndarlög (Iceland's GDPR transposition enforced by Persónuvernd), and coordinating with CERT-IS during significant incidents. Iceland's small but highly digital economy faces concentrated risk — a few core banks under FME (Fjármálaeftirlitið) supervision, energy operators on a single-island grid, and a tourism sector dependent on always-on platforms. The EEA NIS2 transposition introduces formal essential and important entity obligations for the first time. We bring Nordic-region delivery experience, EEA data residency, and SOC capacity in Stockholm and Zoetermeer.

Regulatory landscape

Icelandic and EEA frameworks in scope

NIS2 (EEA transposition)

Iceland implements NIS2 via the EEA agreement; essential and important entity obligations enforced by sector authorities.

Persónuverndarlög

Icelandic Data Protection Act (lög nr. 90/2018) enforced by Persónuvernd; 72-hour breach notification.

CERT-IS coordination

Iceland's national CERT under the Electronic Communications Office; incident reporting and threat advisories.

FME guidance

Fjármálaeftirlitið — operational resilience and ICT risk supervision for Icelandic banks and insurers.

EU regulations via EEA

DORA, eIDAS, and broader EU cyber acquis applied through the EEA Joint Committee.

72 hours
GDPR breach notification
Source: Persónuvernd
Concentrated
Domestic ISP/operator population
Source: Fjarskiptastofa
Active since 1994
EEA membership
Source: EFTA
Financial servicesEnergy & geothermalTourism & hospitality techPublic sector

How we engage in Iceland

AI Security & Guardrails

EU AI Act adoption through the EEA agreement, Persónuvernd-aligned data protection guardrails, and ISO 42001 governance for Icelandic AI and analytics projects.

Learn more

Application Security

Application and API security testing for Icelandic SaaS and online banking platforms.

Learn more

Cloud Security

Cloud architecture reviews and EEA data-residency advisory for organisations balancing scale with sovereignty.

Learn more

SOC 24×7

24×7 detection from EEA SOCs with CERT-IS coordination and Icelandic incident reporting flows.

Learn more

GRC

NIS2 readiness, Persónuverndarlög alignment, ISO 27001, and FME-ready resilience programmes.

Learn more

FAQs · Iceland

Is NIS2 already in force in Iceland?
Iceland adopts NIS2 through the EEA framework. Sector authorities are formalising obligations for essential and important entities. Early-readiness work pays off ahead of national-law commencement.
Where does our data sit?
Telemetry and case data remain inside the EEA — primarily processed in our Stockholm and Zoetermeer SOCs. Cross-border transfer outside the EEA only with documented safeguards.
How do you operate alongside Icelandic regulators?
Our SOC drafts incident notifications and evidence packs in English. For Persónuvernd, CERT-IS, or FME submissions that require Icelandic, we coordinate with translation specialists and your local counsel to file on time.

Reach our Iceland advisory team

Whether you are mapping NIS2 obligations, responding to a CERT-IS advisory, or preparing for an FME review, we respond within one business day.

Iceland
Fornubúðir 5, 220 Hafnarfirði,
Hafnarfirði, Iceland
Phone: +354 662 8660
reykjavik@thegatewaydigital.com
I have read, and consented to the Privacy Policy and Terms of Use.*
I consent to receive email updates, newsletters, and other communications from G'Secure Labs.