The EU Directive NIS2 in the Czech Republic

In today's interconnected world, cyber threats cross national borders and attackers do not wait. That´s the reason the EU has developed a new Directive, NIS2, which introduces new requirements in four key areas to strengthen Europe's resilience to cyber threats.

Compliance with NIS2 will ensure companies work more securely together and are better prepared for cyberattacks. As of January 2025, more than 100,000 organizations will need to comply with NIS2. The Directive is the second version of a European Union directive that aims to ensure a high common level of network and information security across EU Member States. It will set unprecedented security and reporting requirements for operators of essential services and digital service providers to improve overall EU cybersecurity. It goes without saying that the penalties for noncompliance are also unprecedented.

The NIS2 Directive will impact two main categories of entities:

1. Operators of essential services (OES): transport, banking, financial market infrastructures, healthcare, drinking water supply and digital infrastructure. OES are required to put in place appropriate security measures and report serious incidents to national authorities.
2. Digital Service Providers (DSPs): online marketplaces, online search engines and cloud computing services. DSPs are also obliged to comply with the security and incident reporting obligations of the NIS2 Directive.

These entities and their supply chains will be directly affected by NIS2 and will have to ensure compliance with its security and reporting requirements. EU Member States will be responsible for implementing the Directive, enforcing its provisions, and ensuring that OES´ and digital service providers comply with the established cybersecurity standards.

The time has come to prioritize cybersecurity.
This includes investing in proven and reliable technology (e.g. firewalls, end point security), hiring experts or obtaining external professional services from reputable Security Operation Centers (SOC) or Managed Security Service Providers. Employee education and awareness raising are essential to protecting the reputation and assets of a company. Continuous learning benefits not only the company, but also the employees in their personal lives. NIS2 will require companies to meet this requirement, even for management.

The application of NIS2 is expected to have a significant impact on foreign investment in the Czech Republic, making the country a more attractive destination for foreign companies looking to expand their operations. This could lead to an acceleration of jobs and economic growth in the Czech Republic. We need to act now, because the number of cyber-attacks in the Czech Republic alone has doubled in 2023.