According to estimates, the new and stricter EU directive on cyber security, NIS 2 (Network and Information Security), will affect at least six thousand entities in the Czech Republic. It imposes extensive obligations on them, failure to comply will mean the threat of fines in the range of tens of millions of crowns. The requirements from NIS 2 will be transposed in the Czech Cybersecurity Act in 2024, when it is expected the implementing decree to the Cybersecurity Act will be issued. We can assist you with ensuring your company complies.

Which entities will have obligations from NIS 2.

The primary way to determine whether a private or public organization falls under the regulation of the Directive is to meet both of the following rules:

  • the organization provides at least one of the services listed in the annexes to the Directive and at the same time
  • is a medium-sized or large enterprise, i.e. employs 50 or more employees, or has an annual turnover or annual balance sheet of at least €10 million (roughly CZK 250 million)’.

The Directive is designed so that it ensures comprehensive coverage of all sectors and services that are essential for key societal and economic activities within the EU internal market. It is divided into two categories..

Essential entities:

  • energy (electricity, district heating and cooling, oil, gas and hydrogen)
  • transport (air, rail, water and road)
  • banking and financial market infrastructures
  • healthcare and pharmaceutical manufacturing, including vaccines and critical medical devices
  • drinking water and wastewater
  • digital infrastructure, Internet exchange nodes, DNS service providers, Internet top-level domain (TLD) registries
  • cloud computing service providers, data centre service providers, content delivery networks
  • trust service providers and public electronic communications networks and electronic communications services
  • public administrations
  • space

Important entities:

  • postal and courier services
  • waste management, chemicals
  • foodstuffs
  • manufacturers of other medical devices, computers and electronics, machinery and motor vehicles
  • digital providers (online marketplaces, internet search engines and social networking service platforms)

Thus, it is most commercial entities!

Basic points for meeting the requirements of the European directive NIS 2.

  • all hardware and software used in your company must be mapped and described.
  • conducting regular checks on new software updates that the company uses.
  • carrying out a risk analysis of the risks associated with the hardware and software your company uses.
  • compile a Register of Legislation that impacts the company.
  • the amount of risk your business is exposed to in the area of Digital Risk Management should be mapped and described.
  • carry out regular reviews of all NIS 2 requirements (an Internal NIS 2 Audit).

How we work:

Approval of the quotation, conclusion of a consultancy agreement and conclusion of an NDA.

  • Receiving all documentation from the client (studying and preparing for the initial physical compliance audit).
  • Scheduling and carrying out the physical audit at the client’s premises (headquarters, branches, etc.).
  • Preparing the NIS 2 Compliance Audit Report. Consultation on minor issues.
  • Submitting the NIS 2 Compliance Audit Report.
  • Proposing a timetable for meeting the requirements and findings from the NIS 2 Compliance Audit Report.
Interesting links:
Switch The Language

    SUSS Consulting s.r.o. has been operating on the market since 1997 and is an experienced consulting organization that offers a wide range of services to its customers. The main activity of the company is the implementation of quality systems and possible preparation of clients for certification according to international standards. We also deal with process mapping and subsequent – process analysis, in order to simplify processes, reduce costs and increase efficiency in companies.

    Company headquarters

    Vinohradská 939/39
    120 00 Prague 2


    tel.: +420 241 411 300
    fax: +420 241 410 678


    IČ: 251 33 781
    DIČ: CZ251 33 781

    Company is registered at the Municipal Court in Prague, Section C, Insert 52502.