Sun, May
62 New Articles

Czech NIS2 Implementation: Engage a Diverse Group of Professionals, Not Just IT Guys

Czech NIS2 Implementation: Engage a Diverse Group of Professionals, Not Just IT Guys

Czech Republic
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Anticipated completion of the European NIS2 Directive's integration into Czech law is set for late 2024, facilitated by the new Czech Cybersecurity Act (CSA) and associated decrees. This legislative shift will impact an estimated 6,000 to 10,000 Czech companies, formerly exempt from cybersecurity regulations, necessitating the adoption of measures for compliance. Since the CSA is a complex legal regulation, it is advisable to engage a spectrum of experts, extending beyond IT to include legal and compliance professionals, in this transformative process.

The spectrum of potentially affected companies generally encompasses medium to large enterprises across 60 services and almost 20 sectors. These services span from ICT and digital services providers to traditional sectors such as energy, transport, healthcare, water supply, automotive and food processing.

Compliance Measures

Companies falling under the regulation are mandated to adhere to several sets of measures. The first set encompasses organizational and operational measures, ensuring a baseline of cybersecurity, defining security roles, establishing incident-handling processes, maintaining documentation, and managing suppliers and access. The second set involves technical measures, such as using cryptographic algorithms and ensuring service availability. The extent of obligations depends on whether the entity falls under a lower or higher obligations regime, as defined by the law.


Companies failing to comply with the stipulated obligations may face substantial penalties, including fines of up to EUR 10 million or 2% of the net worldwide annual turnover.

Moreover, managers, including executive directors or Board of Directors members, bear the direct accountability of closely overseeing the implementation, given the CSA's proposal of personal liability. The National Cyber and Information Security Agency (NÚKIB) may conduct cybersecurity inspections, potentially resulting in the prohibition of individuals from exercising management positions. According to the CSA and NIS2 Directive, top management must regularly undergo cybersecurity training.

Implementation and Expert Engagement

Implementing the CSA necessitates a meticulous evaluation of regulatory applicability, definition of specific obligations, and execution of required measures. A recommended approach is to involve a team of legal and IT experts for effective implementation, covering aspects like supplier management, corporate governance, risk analysis, documentation modification, process management, incident reporting, and training.

By Jaroslav Tajbr, Partner, Eversheds Sutherland

Czech Republic Knowledge Partner

PRK Partners, one of the leading Central European law firms, has been helping clients achieve their business objectives almost 30 years. Our team of lawyers, based in our Prague, Ostrava, and Bratislava offices, has a unique knowledge of Czech and Slovak law and of the business environment. Our lawyers studied at top law schools in the United States, United Kingdom, Switzerland and elsewhere. They also have experience working for leading international and domestic law firms in a number of jurisdictions. We speak your language, too. Our legal team is fluent in more than 15 languages, including all the key languages of the region.

PRK Partners has one of the most experienced legal teams on the market. We are consistently rated as one of the leading law firms in the region. We have received many significant honours and awards for our work. We represent the interests of international clients operating in the Czech Republic in an efficient way, combining local knowledge with an understanding of their global requirements in a business-friendly approach. We are one of the largest law firms in the Czech Republic and Slovakia. Our specialised teams of lawyers and tax advisors advise major global corporations as well as local companies. We provide comprehensive legal advice drawing on our profound knowledge of local law and markets.

Our legal advice delivers tangible results – as proven by our strong track record. We are the only Czech member firm of Lex Mundi, the world's leading network of independent law firms. As one of the leading law firms in the region, we have received many national and international awards, in some cases several years in a row. Honours include the Chambers Europe Award for Excellence, The Lawyer and Czech and Slovak Law Firm of the Year. Thanks to our close cooperation with leading international law firms and strong local players, we can serve clients in multiple jurisdictions around the globe. Our strong network means that we can meet your needs, wherever you do business.

PRK Partners has been repeatedly voted among the most socially responsible firms in the category of small and mid-sized firms and was awarded the bronze certificate at the annual TOP Responsible Firm of the Year Awards.

Our work is not only “business”: we have participated on a longstanding basis in a wide variety of pro bono projects and supported our partners from the non-profit sector (Kaplicky Centre Endowment Fund, Tereza Maxová Foundation, Czech Donors Forum, etc.).

Firm's website: www.prkpartners.com

Our Latest Issue