Czech Act 264/2025 Sb. (NIS2) β€” deadline 31 Dec 2026 | Find out if NIS2 applies to you
NIS2 compliance check for Czech companies and international subsidiaries

NIS2 Compliance
Simple. Professional. In English.

We help you meet the requirements of Czech Act 264/2025 Sb. and secure your organisation's cybersecurity β€” available in English for international subsidiaries and English-speaking management.

More than 6,000 companies in the Czech Republic must comply with NIS2. Does your organisation fall under it?

Free compliance check β€” 10 minutes β†’ Our services

Note: the online audit tool is currently in Czech β€” contact us for a guided English walkthrough.

Deadline: 31 Dec 2026 β€” implementation can take 6–18 months

πŸ“œ Act 264/2025 Sb.
πŸ“‹ Decree 409/2025 Sb.
πŸ‡ͺπŸ‡Ί EU Directive 2022/2555
πŸ›οΈ NÚKIB
πŸ‡¬πŸ‡§ Available in English

What is Czech Cybersecurity Act (NIS2)?

πŸ“œ

Act 264/2025 Sb.

The Czech Cybersecurity Act implementing EU Directive NIS2 (EU 2022/2555). In force since November 2025, it affects 6,000+ organisations in the Czech Republic β€” including foreign-owned subsidiaries.

🎯

Who is affected?

Essential and important entities in: energy, healthcare, transport, finance, digital infrastructure, ISPs, water management, public administration and more. International subsidiaries in the Czech Republic are fully subject to the same rules.

βš–οΈ

Penalties up to CZK 250M

Non-compliance can result in fines up to CZK 250 million or 2% of global annual turnover. The Act also introduces direct personal liability for executives. Early preparation is essential.

βœ…

Requirements under Decree 409/2025

Risk management, incident response, supply chain protection, employee training, incident reporting, certified cybersecurity manager and more β€” 13 mandatory security measures in total.

Our services

πŸ”

Gap analysis

We assess where you stand and what needs to be done to achieve NIS2 compliance.

  • βœ“ Current state mapping
  • βœ“ Gap identification against Act 264/2025 Sb.
  • βœ“ Prioritised remediation action plan
πŸ“‹

Compliance advisory

We help you implement all required measures under Decree 409/2025 Sb.

πŸ›‘οΈ

Technical implementation

We deploy technical security measures to protect your infrastructure.

  • βœ“ SIEM, monitoring, SOAR
  • βœ“ Encryption and MFA
  • βœ“ Backup and disaster recovery

Need a certified cybersecurity manager?

Our fractional CISO service at NIS2Manager.cz provides a certified external cybersecurity manager for NIS2 compliance β€” available in English.

Need an in-depth technical audit?

For a detailed security audit of your infrastructure use SecureOn.cz β€” a B2B audit portal for regulated entities (Czech-language service).

Free NIS2 compliance check online

In 10 minutes, find out how your company stands on NIS2 compliance under Act 264/2025 Sb.

AI-powered analysis of your current situation with specific recommendations.

The audit tool is currently in Czech β€” contact us for an English-language guided assessment.

Start free audit β†’

Newsletter

NIS2 Updates in English

Follow changes in NIS2 legislation β€” new NÚKIB decrees, updates to Act 264/2025 Sb. and practical compliance guides. Subscribe for free.

Contact us

Need help with NIS2 compliance? Get in touch for a no-obligation consultation β€” available in English.

By submitting you consent to the processing of your contact details. Your data will not be shared with third parties.

Email: vit.vomacko@letitbee.cz

Phone: +420 775 654 443

Operated by: Let IT Bee, s.r.o. | IČO: 24205095
BΕ™ehovΓ‘ 40/1, 110 00 Prague 1, Czech Republic

Frequently asked questions

Common questions about NIS2, Czech Act 264/2025 Sb. and your obligations.

What is NIS2 and who must comply? +
NIS2 (Network and Information Security Directive 2) is the EU cybersecurity directive, implemented in the Czech Republic as Act No. 264/2025 Sb. Obligations apply to organisations in regulated sectors such as energy, healthcare, transport, finance, digital infrastructure, ISPs, water management and public administration. More than 6,000 companies and institutions in the Czech Republic are affected β€” including foreign-owned subsidiaries registered in the country.
How do I find out if my company is subject to NIS2? +
The basic criteria are: operating in one of the regulated sectors under Annex I or II of Act 264/2025 Sb., and having more than 50 employees or annual turnover above EUR 10 million. The quickest way is our free online audit at check.nis2ok.cz (currently in Czech) or contact us for an English-language assessment.
What are the penalties for non-compliance? +
Failure to comply with Act 264/2025 Sb. can result in fines of up to CZK 250 million or 2% of global annual turnover (whichever is higher). The Act also introduces personal liability for statutory representatives, who may be temporarily removed from their position. NÚKIB can also impose immediate corrective measures.
When is the NIS2 compliance deadline? +
Act 264/2025 Sb. entered into force in 2025. The obligation to register with NÚKIB applies from the effective date; implementation of security measures under Decree 409/2025 Sb. must be completed by the specified deadlines. We strongly recommend starting preparations as soon as possible β€” full implementation can take 6–18 months.
Does NIS2 apply to international subsidiaries in the Czech Republic? +
Yes. Act 264/2025 Sb. applies to all entities registered and operating in the Czech Republic regardless of parent company nationality. A subsidiary of a foreign group that meets the sector and size criteria is fully subject to Czech NIS2 obligations β€” including NÚKIB registration, appointing a certified cybersecurity manager and implementing all required security measures. We provide full compliance support in English.

Next step on your NIS2 compliance journey

Found out that NIS2 applies to you? Continue with the next step.

Assessment

SecureOn.cz β€” Technical security audit

In-depth infrastructure audit, penetration testing and gap analysis. Find the specific technical gaps (Czech-language service).

Implementation

NIS2Manager.cz β€” External CISO (English)

Certified cybersecurity manager as a service β€” gap analysis, documentation, implementation, NÚKIB registration. Available in English.