Czech Republic: NÚKIB publishes draft Law on Cybersecurity
The National Cyber and Information Security Agency ('NÚKIB'), announced, on 26 January 2023, that it is in the process of transposing the Directive on Security of Network and Information Systems ('the NIS2 Directive'). In particular, the NÚKIB highlighted that the changes brought about by the NIS2 Directive were so fundamental that the NÚKIB decided to prepare the draft Law on Cybersecurity and Other Related Regulations. Furthermore, the NÚKIB added that it had announced, on 30 August 2022, that it had launched a website to provide information on the NIS2 Directive and its changes.
Moreover, the NÚKIB stated that the draft Law on Cybersecurity was published for public consultation until 26 February 2023. In specific, the NÚKIB noted that the proposals are not final and will be changed based on public suggestions and the standard legislative process.
More specifically, the draft Law on Cybersecurity incorporates the relevant regulations of the NIS2 Directive, follows on from the directly applicable Regulation of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on Information and Communications Technology Cybersecurity Certification and Repealing Regulation (EU) No. 526/2013 (Regulation (EU) 2019/881) ('the Cybersecurity Act') and regulates the provision of cybersecurity in the Czech Republic. Further to this, the draft Law on Cybersecurity consolidates previous fragmented regulations for several types of mandatory entities into one regulated service provider.
You can read the press release here and access the website here, and the draft Law on Cybersecurity here, all only available in Czech.