This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
NIS 2
According to estimates, the new and stricter EU directive on cyber security, NIS 2 (Network and Information Security), will affect at least six thousand entities in the Czech Republic. It imposes extensive obligations on them, failure to comply will mean the threat of fines in the range of tens of millions of crowns. The requirements from NIS 2 will be transposed in the Czech Cybersecurity Act in 2024, when it is expected the implementing decree to the Cybersecurity Act will be issued. We can assist you with ensuring your company complies.
Which entities will have obligations from NIS 2.
The primary way to determine whether a private or public organization falls under the regulation of the Directive is to meet both of the following rules:
- the organization provides at least one of the services listed in the annexes to the Directive and at the same time
- is a medium-sized or large enterprise, i.e. employs 50 or more employees, or has an annual turnover or annual balance sheet of at least €10 million (roughly CZK 250 million)’.
The Directive is designed so that it ensures comprehensive coverage of all sectors and services that are essential for key societal and economic activities within the EU internal market. It is divided into two categories..
Essential entities:
- energy (electricity, district heating and cooling, oil, gas and hydrogen)
- transport (air, rail, water and road)
- banking and financial market infrastructures
- healthcare and pharmaceutical manufacturing, including vaccines and critical medical devices
- drinking water and wastewater
- digital infrastructure, Internet exchange nodes, DNS service providers, Internet top-level domain (TLD) registries
- cloud computing service providers, data centre service providers, content delivery networks
- trust service providers and public electronic communications networks and electronic communications services
- public administrations
- space
Important entities:
- postal and courier services
- waste management, chemicals
- foodstuffs
- manufacturers of other medical devices, computers and electronics, machinery and motor vehicles
- digital providers (online marketplaces, internet search engines and social networking service platforms)
Thus, it is most commercial entities!
Basic points for meeting the requirements of the European directive NIS 2.
- all hardware and software used in your company must be mapped and described.
- conducting regular checks on new software updates that the company uses.
- carrying out a risk analysis of the risks associated with the hardware and software your company uses.
- compile a Register of Legislation that impacts the company.
- the amount of risk your business is exposed to in the area of Digital Risk Management should be mapped and described.
- carry out regular reviews of all NIS 2 requirements (an Internal NIS 2 Audit).
How we work:
Approval of the quotation, conclusion of a consultancy agreement and conclusion of an NDA.
- Receiving all documentation from the client (studying and preparing for the initial physical compliance audit).
- Scheduling and carrying out the physical audit at the client’s premises (headquarters, branches, etc.).
- Preparing the NIS 2 Compliance Audit Report. Consultation on minor issues.
- Submitting the NIS 2 Compliance Audit Report.
- Proposing a timetable for meeting the requirements and findings from the NIS 2 Compliance Audit Report.