Skip to content

The NIS2 Directive

The NIS2 Directive significantly expands EU cybersecurity requirements, affecting over 6,000 organizations in the Czech Republic. We help you meet these obligations through expert guidance on incident response, resilience, and key security controls. Demand for NIS2 expertise is high—get in touch to secure your engagement.

The NIS2 Directive is a cornerstone of the EU’s cybersecurity framework, introducing stricter and more comprehensive security obligations for organizations across critical and essential sectors. Building on the original 2016 NIS Directive, the updated regulation came into force in 2023 and significantly raises the bar for cybersecurity resilience. 

In response, the Czech National Cyber and Information Security Agency (NÚKIB) has prepared a new Cybersecurity Act (NZKB) and implementing regulations to ensure full alignment with NIS2 requirements at the national level. 

The scope of regulated entities will expand dramatically—from around 450 organizations under the previous framework to more than 6,000 companies and institutions across the Czech Republic. 

This represents a major shift toward unified, stronger cybersecurity standards across Europe’s digital ecosystem.

NIS2

Who is affected?

An organisation falls under NIS2 if it meets both
of the following conditions:

  • It operates in a sector or provides a service listed in the Directive (e.g. energy, healthcare, transport, postal services, manufacturing, financial services)
  • It qualifies as a medium or large enterprise, with 50+ employees or annual turnover or balance sheet total exceeding €10 million
NIS2 introduces extensive obligations, with significant financial penalties for non-compliance—reaching tens of millions of CZK. In the Czech Republic, NIS2 requirements will be implemented through the Cybersecurity Act during 2024, with ultimate accountability resting with the organization’s top management.
Maximise your compliance with NIS2 and the Czech Cybersecurity Act

Assess your current posture

  • Conduct a comprehensive review of cybersecurity across technology, people, and processes

  • Identify security gaps and areas for improvement

  • Define clear, actionable remediation steps

Align with NIS2 requirements

  • Compare your current state against NIS2 obligations

  • Deliver targeted recommendations to achieve full compliance

Implement security measures

  • Design and implement technical controls such as SIEM, VMDR, PAM, and more

  • Support organizational and process improvements where technology alone is not sufficient

  • Deliver employee training focused on current cyber risks

Ensure ongoing protection

  • Provide continuous security monitoring and incident response through a dedicated CSIRT capability
Contact us
Linkedin