ImplementedNIS2
NIS2 in Czechia
Czechia transposed NIS2 through the new Cybersecurity Act. NÚKIB regulates compliance with robust technical guidelines and strict penalties.
Transposition law
Zákon o kybernetické bezpečnosti (New Cybersecurity Act)
In force
1 November 2025
Competent authority
National Cyber and Information Security Agency (NÚKIB)
Max fine (Essential)
CZK 250 million (~€10 million) or 2% of global annual turnover
Max fine (Important)
CZK 175 million (~€7 million) or 1.4% of global annual turnover
Full enforcement
November 2025
Key Deadlines
Act in force
1 November 2025
Competent Authority
National Cyber and Information Security Agency (NÚKIB)
Independent regulator and national CSIRT interface
https://www.nukib.cz ↗NÚKIB is famous for highly detailed technical regulations (Vyhláška o kybernetické bezpečnosti), demanding rigorous security architectures from operators.
Registration Process
Apply via NÚKIB's state database portal with standard identity and operational parameters.
📊 Quick Test
Check NIS2 Scope →Find out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Identify and self-declare scope within 30 days of meeting criteria
- 2Enforce zero-trust access controls for administrative portals
- 3Coordinate high-level vulnerability disclosure
National Additions
★Czechia enforces supply chain checks on high-risk technologies used in public critical sectors
FAQ: NIS2 in Czechia
How does Czechia treat high-risk suppliers?
Under the new law, NÚKIB can restrict or ban specific hardware or software providers from critical national infrastructure.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.