Menu

The new law on cyber security: what does it bring and when will it come into force?

1 min

On 4 August 2025, a new Act No.264/2025 Coll., on Cyber Security, was published in the Collection of Laws, which comes into force on 1 November 2025.

This Act represents a major step in the field of cyber protection and also implements the European NIS2 Directive into the Czech legal system.

What does the law mean for companies and organisations?

The new legislation will affect a significantly wider range of entities than the existing 2014 law, regulating organisations operating in key sectors such as energy, healthcare, ICT, transport, food, public administration, and others. The Act introduces two regimes of obligations - higher and lower - depending on the importance of the services provided.

The main obligations of regulated entities include:

  • implementing security measures,
  • announcement of services provided and contact persons,
  • reporting cyber incidents within 24 hours,
  • cooperation with NUCIB and compliance with its countermeasures

The NIS2 Directive: a European framework for cyber security

The NIS2 Directive, which was adopted at EU level in 2023, aims to harmonise the level of cyber security across Member States. It introduces stricter rules on risk management, incident reporting, management accountability and penalties of up to €10 million or 2% of global turnover.

How are the other EU countries doing?

By mid-2025,16 EU and EEA member states had fully implemented the NIS2 Directive, while the others are in the preparatory phase or in the legislative process. The Czech Republic is among the countries currently implementing the directive; see the effective date of the ZoKB in November 2025, as described above. Countries that have already adopted the measures include, for example, Belgium, Finland, Denmark, Cyprus, Italy, Lithuania, and Malta; conversely, countries such as Germany, France, Sweden, Austria, Spain, the Netherlands, and others are in the preparation phase.

In this context, the European Commission has already called on Member States that have not yet adopted the Directive to do so as soon as possible.

What else to read

See more news from the world of IT and ITS

NIS2 and IT audit: A practical workshop with a cyber security expert

Looking for a partner for your IT?

Do not hesitate to contact us.

Michal Šon

Michal Šon

Director of Key Accounts

Anna Říhová

Anna Říhová

Business Development Manager

Jan Šafrata

Jan Šafrata

Business Development Manager

Sign up for our newsletter