A legislative initiative in the field of artificial intelligence is coming into focus, but this time it is of a national nature. Why do we have it and what does the new Draft Law on Artificial Intelligence contain? How does it relate to Regulation (EU) 2024/1689 of the European Parliament and of the Council of June 13, 2024, laying down harmonized rules on artificial intelligence and amending Regulation (EC) No. 300/2008, (EU) No. 167/2013, (EU) No. 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (the Artificial Intelligence Act) (hereinafter the “AI Act”)? We answer these questions in this article.
The AI Act is a directly applicable EU regulation, so the rules it lays down apply uniformly in all Member States. However, even though it is a directly applicable legal act, this does not mean that there is no need to adopt supplementary laws at the level of individual Member States. It follows directly from the AI Act that certain issues are left to the Member States to regulate themselves at the national level. In particular, the AI Act imposes new obligations on state administration and public sector bodies, typically concerning procedural issues, sanction mechanisms, supervisory authorities, and other institutional issues.
We have partially discussed this topic, particularly with regard to specific supervisory authorities within the Czech Republic, in our article: The second wave of obligations under the AI Act is coming.
According to the second wave of obligations under the AI Act, effective from 2 August 2025, the Czech Republic is required to designate notifying authorities in accordance with the conditions set out in the AI Act. However, the adaptation law is still being prepared. At this moment, the Draft Law on Artificial Intelligence and on the Amendment to Act No. 87/2023 Coll., on market surveillance of products and on the Amendment to certain related laws, as amended (hereinafter the “Draft Law on Artificial Intelligence”) is going through the legislative process. The Draft Law on Artificial Intelligence was prepared by the Ministry of Industry and Trade after consultations with experts. The Ministry has already sent the Draft Law to an inter-ministerial comment procedure and will then submit it to the government. It is expected that the Law could enter into force in 2026.
Below, we will take a closer look at what the current version of the Draft Law on Artificial Intelligence contains.
Certain obligations of operators or specific providers of AI systems
The Draft Law on Artificial Intelligence supplements the obligations under the AI Act with several specific obligations for operators[1] and providers of AI systems. The most significant of these is that providers of certain high-risk AI systems must report additional information about themselves and their AI systems before placing them on the market or putting them into service. This notification is addressed to the competent supervisory authority, and the information covered by this notification obligation is determined based on the information kept in the EU database of AI systems pursuant to Annex VIII of the AI Act.
In addition to the notification obligation, the legislator also imposes certain language requirements on operators and providers. The operator must submit documents to the market surveillance authority to demonstrate the conformity of the AI system in Czech, Slovak, or English. The same applies to providers in the case of a declaration of conformity pursuant to Article 47 of the AI Act and to the notified body in the case of a certificate pursuant to Article 44 of the AI Act.
Establishment of competent national authorities
As mentioned in the introduction, the AI Act requires Member States to designate or establish certain national authorities, specifically at least one notifying authority and at least one market surveillance authority. The Ministry of Industry and Trade has therefore proposed to designate the Czech Office for Standards, Metrology and Testing (hereinafter as the “UNMZ”) as the notifying authority pursuant to Article 70(1) of the AI Act, meaning that it will now monitor compliance with obligations by notified bodies.
In addition to designating a notifying authority, the Draft Law on Artificial Intelligence also designates three market surveillance authorities, each of which will exercise surveillance in predefined areas. The Czech National Bank (hereinafter as the “CNB”) will be responsible for supervising compliance with obligations by persons subject to its supervision, i.e., the financial sector. According to the Draft Law on Artificial Intelligence, the CNB’s competence to exercise supervision can be determined by two criteria: either the person is subject to the CNB’s supervision under the Act on the Czech National Bank[2] or performs activities on the basis of a permit, license, registration, or authorization to operate granted by the CNB.
In addition to the Czech National Bank, the Office for Personal Data Protection (hereinafter as the “Czech DPA”) also supervises the market in terms of compliance with obligations in relation to high-risk AI systems referred to in Article 74(8) of the AI Act. The Czech DPA meets the strict criteria set for market surveillance authorities under this provision of the AI Act.
The last of the three designated market surveillance authorities is the Czech Telecommunication Office (hereinafter as the “CTO”), which supervises compliance with obligations in areas not covered by the CNB or the Czech DPA. Its jurisdiction is thus residual and ensures that there are no gaps in jurisdiction. In addition to market surveillance, the CTO is also the single point of contact for communication with authorities pursuant to Article 70(1) of the AI Act and acts as the competent authority for receiving notifications of serious incidents related to AI systems pursuant to Article 73(10) of the AI Act. Last but not least, as the general supervisory authority and single point of contact, the CTO should also prepare a report on penalties pursuant to Article 99(11) of the AI Act.
Since Article 74(1) of the AI Act expressly stipulates that Regulation (EU) 2019/1020[3] applies to AI systems falling within its scope, the Act on Market Surveillance of Products[4] also applies to the procedures of national market surveillance authorities. However, this does not affect the powers, tasks, competences, and independence of the CNB, nor the CNB’s obligation to maintain confidentiality regarding all information obtained in connection with the performance of its activities.
Certain powers of market surveillance authorities
The above-mentioned market surveillance authorities confirm, in accordance with Article 36(9) of the AI Act, that high-risk AI systems covered by temporary validity certificates of conformity do not pose a risk to health, safety, or fundamental rights. This confirmation also extends the validity of the relevant certificates. The specific market surveillance authority is competent to issue the confirmation to the providers it supervises. At the same time, the individual market surveillance authorities must exchange information with each other to ensure a coordinated approach; in particular, the CTO and the Czech DPA are obliged to inform the other market surveillance authorities of the initiation of an inspection or proceedings under this Draft Law.
Each market surveillance authority may also request an opinion from the National Cyber and Information Security Agency (NÚKIB) or the Office for Personal Data Protection (Czech DPA) in connection with proceedings under the AI Act or this Draft Law, which must be issued without delay.
In connection with the possibility of entrusting market surveillance authorities with the power to issue enforcement measures in the form of warnings pursuant to Article 99(1) of the AI Act, the institution of notification of a breach of obligation is introduced. If an operator or notified body breaches an obligation under the AI Act in a less serious manner, the market surveillance authority will have the option of calling on it to remedy the breach within a reasonable period of time, which may not be less than 15 days. If the called-on person remedies the breach within the time limit and notifies the market surveillance authority of this fact, they will avoid proceedings for an administrative offense, as the market surveillance authority will dismiss the case by a decision and only note this decision in the file.
Public Defender of Rights
According to Article 77(2) of the AI Act, the Czech Republic is obliged to compile, maintain, publish, and notify the European Commission of a list of bodies protecting fundamental rights that meet the criteria set out in Article 77(1) of the AI Act. Although the Czech Republic has already compiled the list and notified the European Commission, the Public Defender of Rights will take over the fulfilment of these obligations in the future. However, in the explanatory memorandum[5] to the Draft Law on Artificial Intelligence, the legislator emphasizes that this does not mean that the Public Defender of Rights is the competent authority under the AI Act.
Establishment of a regulatory sandbox for artificial intelligence
One of the most important new features of the Draft Law on Artificial Intelligence is the establishment of a regulatory sandbox pursuant to Article 57(1) of the AI Act. The founder of this sandbox is the Czech Office for Standards, Metrology and Testing, but the operator will be the Czech Standardization Agency. The operation of the regulatory sandbox will consist of setting the conditions for its operation and ensuring specific tasks and actions related to this operation. Since, according to the AI Act, related EU tertiary legislation is to ensure that access to the regulatory sandbox is free of charge for small, medium-sized, and start-up enterprises, it is necessary to allocate funds for this in public budgets. This will be taken care of by the Ministry of Industry and Trade when preparing the budget for the given year.
The operation of the regulatory sandbox and participation in it will be based on a private law contract. This will ensure a higher degree of flexibility, which will enable easier and, for the time being, more precisely regulated functioning of the sandbox. However, it is important to note that participation in the regulatory sandbox will not be mandatory, i.e., submitting an offer to participate in the regulatory sandbox will not give rise to a claim for the conclusion of a participation contract. Precise, transparent, and non-discriminatory criteria for selecting participants in the regulatory sandbox should be defined in the sandbox conditions issued by the operator, i.e., the Czech Standardization Agency.
Last but not least, the legislator has excluded the application of Section 63 of the Act on Research, Development, Innovation, and Knowledge Transfer[6], as the provisions of this section would conflict with the requirements imposed on the regulatory sandbox by the AI Act.
Ensuring the preservation of documentation after the cessation of the AI system provider
The AI Act already imposes an obligation on providers of high-risk AI systems to preserve specified documentation. However, it is also necessary to cover cases where the provider or its authorized representative ceases to exist (or dies). The Draft Law on Artificial Intelligence takes this into account and entrusts certain persons (most often liquidators or insolvency administrators) with the safekeeping of this documentation after the cessation of the provider. These authorized persons must also inform the relevant market surveillance authority of the method of safekeeping.
Certain procedural issues and regulation of offenses
In addition to the above, the Draft Law on Artificial Intelligence also regulates specific procedural issues in connection with high-risk AI systems. Among other things, it determines who is a party to proceedings for authorization to place on the market or put into service without conformity assessment, proceedings for approval of testing of these AI systems, or other proceedings, and sets specific deadlines for decisions.
At the same time, the Draft Law on Artificial Intelligence defines the facts of administrative offenses for which the upper limit of the fine is set directly in Article 99 of the AI Act, as well as administrative offenses for which the AI Act does not set an upper limit for fines, and administrative offenses consisting of violations of the proposed regulation. Last but not least, the Draft Law also establishes the jurisdiction of national authorities to hear offenses, which is derived from their jurisdiction to supervise the market. Furthermore, in the case of offenses consisting of a breach of the obligation to provide information by a notified body, the Czech Office for Standards, Metrology and Testing is proposed as the authority competent to deal with the offense.
For offenses listed in this Draft Law, a uniform special limitation period of 5 years is set, with liability for the offense expiring no later than 8 years after it was committed.
Conclusion
In summary, the Draft Law on Artificial Intelligence is in fact only a necessary adaptation to the directly effective AI Act. At the same time, however, it introduces significant innovations, such as a regulatory sandbox, or addresses additional obligations of AI system operators and other entities, thus partially supplementing the framework established by the AI Act.
However, it remains to be seen what comments will arise after the inter-ministerial comment procedure and in what form the Draft Law on Artificial Intelligence will pass through the Czech Parliament. In the near future, it will be crucial for all providers or operators of AI systems to monitor the development of this Draft Law in order to prepare for the changes in time.
If you have any questions about the legal regulation of AI or other areas of EU regulation and compliance, we at PEYTON legal are here to help.
[1] The operator of an AI system is understood to be the provider, product manufacturer, deployer, authorized representative, importer, or distributor within the meaning of Article 3(8) of the AI Act, i.e., it is in fact a superordinate term for the category of obligated entities under the AI Act.
[2] Act No. 6/1993 Coll., on the Czech National Bank, as amended.
[3] Regulation (EU) 2019/1020 of the European Parliament and of the Council of 20 June 2019 on market surveillance and compliance of products and amending Directive 2004/42/EC and Regulations (EC) No 765/2008 and (EU) No 305/2011.
[4] Act No. 87/2023 Coll., on market surveillance of products and amending certain related acts (Act on Market Surveillance of Products), as amended.
[5] Explanatory memorandum to the draft law on artificial intelligence and amending Act No. 87/2023 Coll., on market surveillance of products and amending certain related laws, as amended.
[6] Act No. 328/2025 Coll. on research, development, innovation, and knowledge transfer.
Mgr. Jakub Málek, managing partner – malek@plegal.cz
JUDr. Tereza Pechová, junior lawyer – pechova@plegal.cz
Rozálie Polášková, legal assistant – polaskova@plegal.cz
30. 10. 2025