The IT Security Act applies to operators of critical infrastructures, such as energy, health, transport and finance, and obliges them to implement appropriate security measures and report security incidents.