On August 1, 2017, Act No. 205/2017 Coll. took effect, amending the Cybersecurity Act (Act No. 181/2014 Coll. on Cybersecurity and the Amendment of Related Acts) in line with Act. 104/2017 Coll. and other legislation. The amendment aims to introduce European Parliament and Council Directive 2016/1148 of July 6, 2016 into Czech law. That directive concerns steps to ensure highly secure shared network and information systems across the European Union.
The amendment to the Cybersecurity Act should also significantly expand the group of entities that are required to tackle cybersecurity issues and prevent security risks. This duty will now extend to those in important sectors including utilities, banking, transport, water supply, health services and other key "essential services". It will also bind the providers of digital services including platforms for e-business, Web search engines and cloud computing. Among the main obligations facing these entities are the monitoring of intranet and information systems, the assessing of security attacks and the prompt reporting of those attacks to relevant authorities. A breach of these duties may lead to a fine of up to five million Czech crowns.
Another key change under the amendment is the creation of the new National Cyber and Information Security Agency in Brno. The National Cyber and Information Security Agency will be the central authority responsible for cybersecurity and certain areas of classified information protection under the Act on the Protection of Classified Information and Security Capacities. The agency will also handle cybersecurity monitoring.
Other changes under the amendment aim to enhance cybersecurity in the Czech Republic and to strengthen information system security more generally. Along with the Cybersecurity Act, the amendment also affects the Freedom of Information Act, the Competence Act, the State Services Act, the Act on Public Administration Information Systems, the Construction Act and several other statutes.