The number of cyber-attacks is increasing rapidly every year in all EU Member States. The activity of attackers is amplified with the increasing pace of digital transformation and the continuous development of new advanced technologies. We have seen a significant increase in attacks during the Covid-19 pandemic or during the Russian-Ukrainian conflict. Therefore, in an effort to strengthen the overall level of cybersecurity in all Member States, the European Union has come up with an amendment to the already applied NIS law in the form of a successor to NIS2. 

The changes introduced by NIS2 are substantial and will have an impact on companies that have not been subject to the existing regulations. Therefore, the NCIS has approached this task by preparing a completely new law on cyber security and its decrees.

What is NIS2?

The NIS2 regulation was created as a response by the European Union to the deepening of the existing NIS (Network and Information Security) framework adopted in 2016.

NIS2 significantly expands the scope of the existing legislation and presents a new solution to strengthen and secure European cyberspace.

The Czech Republic has a distinct advantage over some Member States as it has implemented and well-developed the Cyber Security Act (CSA). The new legislation is currently being drafted and should be approved in 2024.

Who will be covered by the law?

  • An estimated minimum of 6,000 businesses organisations
  • Overall, the following sectors are particularly affected:
EnergyChemical industry
TransportFood industry
HealthcarePublic administration
Digital infrastructureManaged ICT service providers
Financial markets infrastructure Research and other sectors.
  • The exact classification of the company in the relevant regime is set out in the Regulated Services Ordinance.

The BDO approach

BDO can assist your organisation with the implementation of the measures under the NIS2 regulation. We will create a gap GAP analysis of your existing measures and NIS2 requirements, design a project plan for implementation including prioritization of each measure. Not sure if NIS2 applies to you? We will provide you with a consultation.

Main contacts