Czech Republic Information Technology:New Cybersecurity Legislation

The Czech government has made significant progress in strengthening the country’s cybersecurity posture.  The National Office for Cyber and Information Security (NUKIB), established in 2016, is the key player in protecting Czech cyberspace.  In response to the requirements of the European Union’s Network and Information Systems 2 (EU NIS2) Security Directive, NUKIB has prepared a draft Cybersecurity Act aimed at strengthening the country’s cybersecurity framework, which is expected to come into force in the fall of 2024.

A draft Cybersecurity Act will expand the number of regulated entities from 400 to an estimated 6,000 to 15,000; and includes a mechanism for supply chain security of ICT infrastructure.  The Act is likely to prompt newly regulated entities to increase investment in cybersecurity, creating opportunities for cybersecurity suppliers and service providers, particularly in the energy, banking, defense and healthcare sectors.  U.S. IT companies have a strong global reputation for innovation, quality, and after-sale service, and are well-positioned to compete in the Czech Republic’s cybersecurity market.

The activities of state-sponsored cyber actors and cybercriminal groups pose the greatest threat to Czechia’s cybersecurity.  The most common attacks include phishing, spear-phishing, vishing, fraudulent emails, and availability attacks. 

For more information, contact Office.Prague@trade.gov or Veronika.Novakova@trade.gov at the U.S. Commercial Service of the U.S. Embassy in Prague.