New legislation
As of 1 November 2025, a new law on cyber security is in force, which transposes the requirements of the European NIS Directive2 into Czech law. The new legislation affects thousands of businesses and public institutions across key sectors and significantly increases management responsibility for ensuring cyber security.
Act No. 181/2025 Coll., on Cyber Security, which replaced the existing legislation from 2014, expands the range of regulated entities. It now also applies to medium and large enterprises with more than 50 employees or an annual turnover of more than EUR 10 million, if they operate in sectors important for the functioning of the state and society. It is estimated that up to 10,000 entities will be obliged to manage cyber risks.
The law places direct responsibility for ensuring cyber security on the management of organisations. Companies and institutions must conduct risk analysis, implement technical and organisational measures, regularly train employees and report security incidents. Each regulated entity is obliged to designate a responsible person and there is also a new obligation to self-identify with the NCIB, which subsequently decides on registration as a provider of a regulated service.
Although we are still awaiting the specific obligations in practice – the relevant implementing decrees are to be issued by the NUCIB at the end of the year – it is already possible to start preparations now. Heavy fines of up to CZK 250 million or 2% of turnover and personal liability of management members underline the seriousness of the new regime.
Our team of experienced attorneys will help you solve any legal issue. Within 24 hours we’ll evaluate your situation and suggest a step-by-step solution, including all costs. The price for this proposal is only CZK 690, and this is refunded to you when you order service from us.
In person and online. Just choose the appropriate service or opt for an independent consultation when you are unsure.
