4. 9. 2025

In November 2025, a new Czech Cybersecurity Act will enter into force. It aims to increase security requirements for entities in cyberspace, better protect important institutions and companies against electronic attacks, and introduce unified rules for handling threats in the digital environment. Act No. 264/2025 Coll. replaces the existing legislation from 2014 and incorporates the rules set out by the European Union (NIS2 Directive). From now on, cybersecurity obligations will apply not only to operators of critical infrastructure but also healthcare sector, transport, universities, cloud service providers, and public authorities. Organizations are required to register with the Czech National Cyber and Information Security Agency within 60 days after the Act enters into force and implement the necessary security measures within one year. For breaches of the rules, sanctions may be imposed, including a fine of up to 2 percent of the organization's worldwide turnover.