The Czech National Cyber and Information Security Agency recently published a Bill for a new Cybersecurity Act, which includes the reasoning and implementing regulation for a new regulatory framework, and opened public consultation on the draft legislation. Stakeholders and the general public have until 26 February 2023 to review the Bill and implementing regulation and provide suggestions and comments on the newly proposed regulatory framework.
This cybersecurity Bill was drafted in response to the 14 December 2022 adoption of Directive (EU) 2022/2555 of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union (NIS2).
NIS2 aims to achieve a high common level of cybersecurity across the EU and replaces existing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (NIS).
NIS2 both maintains and extends NIS.
In the Czech Republic, NIS was implemented with the passage of Act No. 181/2014 Coll. on Cybersecurity, as amended. However, the scope of the changes provided by NIS2 have prompted Czech lawmakers to fully replace the Cybersecurity Act and adopt a new Act. This new legislation will both implement NIS2 and adopt additional changes resulting from practical experience surrounding the application of the original Cybersecurity Act.