Czech Republic: Draft cybersecurity law

On June 19, 2023, the National Office for Cyber ​​and Information Security (NÚKIB) announced that it had sent the draft law on cybersecurity for interdepartmental comment procedure.

In particular, NÚKIB noted that the comment sites now have until July 19, 2023 to submit their comments. The draft law, which incorporates changes from the Directive on Security of Network and Information Systems (the NIS2 Directive), is expected to come into effect in October 2024, following the transposition period for the NIS2 Directive.

The draft law includes initiatives received during public consultations held from January 26 to March 12, 2023. NÚKIB noted that this allowed the general public to actively participate in the creation of a law that will enhance the cybersecurity of the Czech Republic. The initiatives have been published in anonymized form on the website of the NIS2 Directive along with the current draft law. In addition, NÚKIB highlighted that the website has added two new topics that provide information on the actions required before the new law becomes effective and the anticipated financial costs associated with meeting the security requirements of the NIS2 Directive. On this, NÚKIB provided that an English version of the website will also be launched soon.

NÚKIB emphasized that the draft law on cybersecurity responds to dynamic developments in the security environment, incorporates practical experience from nearly a decade of working with the current law, and includes the NIS2 Directive. As a result of the changes brought about by the NIS2 Directive, NÚKIB noted that the number of legally regulated entities in the Czech Republic is estimated to increase from 400 to over 6,000.

You can read the press release here, access the NIS2 website here, and track and access the draft law here, all only available in Czech.