NIS2 is here. Are you ready?

Since August 2025, a new Czech Cybersecurity Act has brought thousands of new organisations into scope. We'll help you figure out whether you're one of them, what exactly you need to comply with, and how to get there.

Free consultation Am I in scope?

Who is affected

The new Czech Cybersecurity Act, which implements the EU NIS2 Directive, significantly expands the circle of obliged entities. If your organisation falls under one of the eighteen sectors and also meets the size threshold (typically a medium enterprise, i.e. 50+ employees or annual revenue/balance above approximately €10M), you are very likely in scope.

Quick scope check

You're probably in scope if:

  • You operate critical infrastructure — energy, water, transport, healthcare, finance, digital infrastructure, public administration
  • You're a digital service provider — cloud, data centre, CDN, DNS, trust services, B2B marketplace, search engine
  • You're a manufacturer or distributor — chemicals, pharmaceuticals, food, medical devices, electronics, machinery, automotive
  • You provide postal or courier services, or handle waste management
  • You're a research organisation, managed service provider or public administration

And: you have 50+ employees or annual turnover above €10M.

This is not a legal interpretation. Contact us for an official assessment of your situation.

What this actually means

Entities in scope must within 12 months of notification implement minimum security controls, establish risk management, report incidents to the regulator within strict deadlines (24 hours early warning, 72 hours incident report) and be able to demonstrate compliance to auditors. Top management bears personal liability — and fines reach up to CZK 250 million.

Why us

Because we've been running ISO/IEC 27001 ISMS in production for 27 years, we hold the certification ourselves (it's not just a sticker on the website), and we can deliver the technical side under one roof — from firewalls to identity management to SOC. No hand-offs between five subcontractors.

Our approach

  1. Initial consultation

    Free, 60 minutes. We review whether you fall within scope and in which regime (lower / higher obligations).

  2. Gap analysis

    We compare your current state against NIS2 and ZKB requirements. Output: a concrete, prioritised list of gaps.

  3. Remediation plan

    A roadmap — what to do in-house, what to outsource, what to buy. With realistic time and budget estimates.

  4. Implementation

    Technical controls (identity, network, endpoints, monitoring) and process side (ISMS, policies, training, incident response).

  5. Audit & ongoing support

    Preparation for regulator audit, periodic reviews and long-term support after go-live.

Book a consultation

We'll get back to you within 24 hours. No sales pressure — just a frank conversation about where you are and what's ahead.