On 4 August 2025, the new Cybersecurity Act (CSA) was published in the Collection of Laws, which implements the European NIS2 Directive into the Czech law. The new rules will take effect on 1 November 2025.
The CSA significantly expands the range of entities covered by the regulation – it will now apply to many companies in the energy, transport, ICT, healthcare, food, finance and other sectors.
CSA brings:
- mandatory self-assessment and registration with the Czech Cyber Security Authority,
- requirement to modify internal processes and regulations,
- personal liability of members of executive bodies (including the possibility of banning them from holding office),
- significant financial penalties – up to CZK 250 million. or 2% of turnover.
The obligations will apply from 1 November 2025. It is therefore advisable to start preparations as soon as possible.
➡ In our overview we summarise who is affected by the CSA, how to proceed with self-assessment and registration, what all will need to be adapted and what penalties there are if you fail to comply with the new rules.
Our compliance team Jakub Málek, Martin Heinzel and Tereza Pechová will help you to assess the impact of the new regulation, set up internal documentation and implement the necessary measures.
Click on the image below for more information.
6. 8. 2025