Skip to content
SynergyBit
Other compliance

nZKB – compliance with the new Czech Cybersecurity Act

We guide you through the obligations of the new Czech Cybersecurity Act (NIS2 transposition).

The new Czech Cybersecurity Act (nZKB) transposes the EU NIS2 Directive into Czech law and significantly expands the range of organisations that must meet cybersecurity obligations. Many companies now fall under the regulation without realising it.

We help you find out whether and under which regime you fall under the nZKB, and guide you through implementing the obligations – from risk management and security measures to incident reporting to NÚKIB. We know the act and its implementing decrees.

What you get

Regulation and regime assessment

Determining whether you provide a regulated service and classifying you into the higher- or lower-obligation regime under the nZKB.

Gap analysis and risk management

Comparing your state with the act and decrees, and assessing and managing cybersecurity risks.

Security measures

Implementing organisational and technical measures, policies and roles per the nZKB implementing decrees.

Incident reporting and registration

Setting up the process for reporting cybersecurity incidents to NÚKIB, registration and communication with the authority.

How it works

  1. 01

    Impact assessment

    We determine whether you fall under the nZKB and under which regime, and identify the gaps.

  2. 02

    Plan and implementation

    We build a compliance plan and implement risk management, measures and reporting processes.

  3. 03

    Operation and audit

    We prepare you for an audit and set up sustainable operation and improvement.

Outcomes for you

  • Certainty about whether and how the nZKB applies to you
  • Security measures implemented per the decrees
  • Working incident reporting to NÚKIB
  • Readiness for inspection and audit

Frequently asked questions

How do we know whether we fall under the nZKB?
It depends on the sector, the size of the organisation and the type of service provided. The new act significantly expanded the range of obliged entities compared with the previous act. We assess this for you and determine the obligation regime (higher/lower).
How does the nZKB relate to NIS2?
The nZKB is the Czech transposition of the EU NIS2 Directive. The obligations derive from NIS2 and are specified in the act and the NÚKIB implementing decrees.
Does it relate to the CRA or ISO 27001?
Yes. nZKB measures largely rely on risk management and processes that ISO 27001 also covers; with the CRA they meet on product security. We can align them so the work is not done twice.

Related services

Back to services

MDR – medical devices

Advisory and preparation for Regulation (EU) 2017/745 (MDR): classification, technical documentation, clinical evaluation, QMS and the path to CE marking.

Learn more

IVDR – in vitro diagnostics

Advisory and preparation for Regulation (EU) 2017/746 (IVDR): classification into classes A–D, technical documentation, performance evaluation, QMS and the path to CE marking.

Learn more

ISO 27001 – information security management

We help you implement an information security management system (ISMS) per ISO/IEC 27001 – from risk assessment to certification audit readiness.

Learn more

Start with CRA before the deadline catches up with you

A free consultation will quickly show you where you stand and the shortest path to compliance.

Book a consultation