New obligations for search engines, cloud services, and online markets

On 1 August 2017, an amendment to Act no. 181/2014 Sb., on Cyber-Security came into effect. This amendment, prepared by the National Security Office, transposes into Czech law Directive (EU) 2016/1148 of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.

A significant change already implemented by the amendment is the establishment of the National Office for Cyber and Information Security in Brno. This office will function as a central administrative authority for cyber-security and selected areas for the protection of classified information under the Act on the Protection of Classified Information and Security Compliance.

In addition, the amendment introduces a new category of providers of digital services, which includes, for example, search engines, cloud services, and online markets (if they do not meet the European definition of a small enterprise or micro-enterprise).

On the effective date of the amendment, providers of digital services were required to implement a high common level of security of network and information systems. For providers of basic services, the National Office for Cyber and Information Security determines which of them will be subject to the new regulations. Since the organisation will be selected by the newly established office, the required security measures must be implemented within one year in accordance with law, which will be demanding with respect to time, personnel, and of course finances. Penalties for not complying with the requirements could be as high as CZK 5,000,000.

However, all providers of digital services were obliged to provide their contact information to the office within 30 days of the act coming into effect. This deadline expired on 31 August 2017.

Stuchlíková & Partners is prepared to provide its clients with all services relating to the amendment.