Financial Crime World

Czech Republic Takes Bold Steps to Enhance Financial Institution Security Measures

The Czech Republic has made significant strides in strengthening its financial institution security measures with the introduction of a new Act on Cybersecurity and the Digital Operational Resilience Act (DORA). The Act, currently in an advanced stage of the legislative process, is expected to enter into force by the second half of this year.

Broadened Scope of Cybersecurity Regulation

Under the new Act, the scope of cybersecurity regulation will be significantly broadened to cover new sectors and expand existing ones. This means that up to 10,000 Czech entities, mainly from large and medium-sized enterprises, will become regulated providers, requiring them to follow a new self-identification procedure with the supervisory authority, the National Cyber and Information Security Agency (NCISA).

Core Obligations

Regulated providers will be subject to five core obligations:

  • Registration with and data reporting to NCISA
  • Implementation and enforcement of security measures
  • Reporting of cybersecurity incidents
  • Implementation of countermeasures
  • Determining the scope of cybersecurity management

New Requirements

The Act introduces new requirements for:

  • Supply chain security
  • Increased management accountability
  • Revamped training requirements for responsible persons and employees in the field of cybersecurity

Stricter Sanctions

The Act also includes stricter sanctions, including GDPR-like fines based on a percentage of global turnover, as well as increased powers for NCISA to conduct rigorous inspections and dawn raids.

Regulated Sectors

The regulated sectors include:

  • Energy
  • Transport
  • Banking
  • Financial market infrastructure
  • ICT service management
  • Space
  • Manufacturing
  • Digital providers
  • Research

Recommendations for Compliance

In light of these changes, Czech companies are advised to stay abreast of the legal developments and perform a preliminary assessment to determine whether they will be affected by the new rules. Compliance with the Act’s obligations is expected to demand significant resources, and companies are recommended to allocate sufficient time and obtain technical and legal advisory support in a timely manner.

Conclusion

As the Czech Republic continues to prioritize cybersecurity regulation, it is essential for financial institutions to stay ahead of the curve and ensure they are prepared for the changes ahead. With the introduction of these new measures, the country is taking bold steps towards enhancing its financial institution security and protecting against potential cyber threats.