Tue, Mar
40 New Articles

New Czech Cybersecurity Regulation: What You Need to Know

Czech Republic
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Does your business produce computers or other electronic or electrical equipment? Maybe you make machinery and equipment, pharmaceuticals, medical devices or food? Do you have 50 or more employees? Then your company is likely to be subject to the new cybersecurity regulations. The same applies if your activities are in the chemical industry or you provide a variety of digital services – for instance cloud computing, data centre services or online marketplaces.

If your company is part of a group of companies, employees of other companies in the group, even outside the Czech Republic, will also be counted.

New European Regulation

The new cybersecurity legislation will be based on the EU Directive on measures for a high common level of cybersecurity across the Union (the NIS2 Directive) adopted at the end of 2022.

The main change compared to the current Cybersecurity Act is the fundamental expansion of the range and number of companies the new legislation applies to. It’s estimated that instead of the current 150 or so businesses, as many as 6,000 companies will be affected. For them, this will be a regulatory change comparable to the introduction of the GDPR regime five years ago. A fundamental change is also the threat of penalties potentially amounting to millions of euros in cases where a regulated person violates the new rules.

The regulation will also affect many other sectors that are important for the operation of the national economy and society – for example, almost all energy, telecommunications, water and waste management, a range of activities in transport, financial services, healthcare and research and development.

Regulated businesses will have to:

  • once they determine that they’re covered by the new regulation, register as regulated service providers with the National Cyber and Information Security Authority (NÚKIB);
  • identify assets (ie information and data, processes, personnel, and physical assets) that are critical from a cybersecurity perspective;
  • implement appropriate organisational measures, eg establish a security management system and draft security documentation, establish security roles, operate risk, asset and supplier management;
  • implement appropriate technical measures, including access control, detection of cybersecurity events, use of cryptographic algorithms;
  • identify, resolve and report cybersecurity incidents;
  • be subject to regular audits by an authorised inspector (under contract with them) or state control by NÚKIB. A private individual with relevant education and practice in the field of cybersecurity who passes an exam with NÚKIB and is subsequently registered as an inspector may become an authorised inspector. The reasons for introducing this concept are capacity-related. It will not be within the power of NÚKIB to monitor all regulated persons.

Current Situation in the Czech Republic

At the moment, relevant legislation is still under preparation in the Czech Republic. NÚKIB recently published a draft of a new law on cybersecurity and its implementing regulations on its website, which are intended to completely replace the existing legislation. The draft law, which takes into account a number of comments from the expert public, is currently undergoing an inter-ministerial comment procedure and is not expected to be read in the Czech Parliament until the summer of 2023. The new regulation is expected to come into force in the end of autumn or at the beginning of the winter next year.

Does it Affect Me and When?

It’s a good idea to consider in advance whether or not the new regulation will apply to your company. It’s practical to factor in the increased costs of NIS2 implementation, staffing and technical support for the whole process, and possibly also for external expert advisors who can help with this extremely important agenda. So the question to be answered is what part of the new responsibilities is your company able to provide in the long term with its existing in-house teams and where do you need to increase capacity, or what processes can be reasonably outsourced?

By Tomas Scerba, Partner, and Jan Metelka, Associate, DLA Piper

Czech Republic Knowledge Partner

PRK Partners, one of the leading Central European law firms, has been helping clients achieve their business objectives almost 30 years. Our team of lawyers, based in our Prague, Ostrava, and Bratislava offices, has a unique knowledge of Czech and Slovak law and of the business environment. Our lawyers studied at top law schools in the United States, United Kingdom, Switzerland and elsewhere. They also have experience working for leading international and domestic law firms in a number of jurisdictions. We speak your language, too. Our legal team is fluent in more than 15 languages, including all the key languages of the region.

PRK Partners has one of the most experienced legal teams on the market. We are consistently rated as one of the leading law firms in the region. We have received many significant honours and awards for our work. We represent the interests of international clients operating in the Czech Republic in an efficient way, combining local knowledge with an understanding of their global requirements in a business-friendly approach. We are one of the largest law firms in the Czech Republic and Slovakia. Our specialised teams of lawyers and tax advisors advise major global corporations as well as local companies. We provide comprehensive legal advice drawing on our profound knowledge of local law and markets.

Our legal advice delivers tangible results – as proven by our strong track record. We are the only Czech member firm of Lex Mundi, the world's leading network of independent law firms. As one of the leading law firms in the region, we have received many national and international awards, in some cases several years in a row. Honours include the Chambers Europe Award for Excellence, The Lawyer and Czech and Slovak Law Firm of the Year. Thanks to our close cooperation with leading international law firms and strong local players, we can serve clients in multiple jurisdictions around the globe. Our strong network means that we can meet your needs, wherever you do business.

PRK Partners has been repeatedly voted among the most socially responsible firms in the category of small and mid-sized firms and was awarded the bronze certificate at the annual TOP Responsible Firm of the Year Awards.

Our work is not only “business”: we have participated on a longstanding basis in a wide variety of pro bono projects and supported our partners from the non-profit sector (Kaplicky Centre Endowment Fund, Tereza Maxová Foundation, Czech Donors Forum, etc.).

Firm's website: www.prkpartners.com

Our Latest Issue