4 minutes reading
Související témata
Cybersecurity
Technology
Security and Resilience
NIS2
Why is it important to address NIS2?
Cybersecurity in the Czech Republic is currently regulated by Act No. 181/2014 Coll., on Cybersecurity, which imposes obligations only on the existing entities defined by this law. A new law, expected to come into effect in mid-2025, will bring an expansion of regulation to additional sectors and entities. A key concept of the new law is the NIS2 Directive, which came into effect on January 16, 2023.
NIS2 represents an updated version of the European Network and Information Security Directive, originally issued in 2016. Every EU member state is obligated to implement its requirements into their national legislation.
In the Czech Republic, it is anticipated that the requirements and obligations arising from this new directive will be incorporated into the Cybersecurity Act in the first half of 2025.
Cybersecurity is today one of the key topics faced not only by large companies but also by smaller organizations. With the NIS2 Directive, the requirements for IT infrastructure security have become even stricter, and organizations must address challenges related to ensuring operational resilience, data protection, and a swift response to cybersecurity incidents.
At Gatum Group, we actively support the development of cybersecurity.
Colleagues from UnitX, part of Gatum Group, have recently completed a project that enabled clients to successfully meet the new requirements of the NIS2 Directive. The project was approached comprehensively, covering all key aspects of cybersecurity – from initial analysis to the implementation of specific measures.
As part of the project, we implemented a two-factor authentication system, introduced endpoint encryption, and enhanced both the physical and digital security of the IT infrastructure. At the same time, we ensured data backups and created mechanisms for their recovery in the event of any incident.
An integral part of our work was also the setup of processes for reporting cybersecurity incidents to the National Cyber and Information Security Agency (NÚKIB). Thanks to these measures, we helped the organization comply with legislative requirements and strengthen its ability to respond quickly to threats.
Cybersecurity is not just about technology – it also involves working with people and processes. Therefore, we trained the organization’s employees to understand the principles of safe behavior in the digital environment and to know how to act in crisis situations. Additionally, we assisted the organization in identifying and utilizing appropriate funding sources for the implementation of these measures.
Cybersecurity is not a one-time activity but a long-term commitment. We are proud to play a part in helping organizations not only meet legal obligations but also build a safer digital world.
Do you need assistance with implementing NIS2 in your organization? Contact us at mail@gatum.cz and ensure you meet the directive’s requirements.
Do you fall under the NIS2 Directive?
The primary way to determine whether a private or public organization falls under the regulation of the NIS2 Directive is by meeting the following two criteria:
•The organization provides at least one service listed in the annexes of the directive, and
•It qualifies as a medium or large enterprise, meaning it employs 50 or more employees or has an annual turnover or balance sheet total of at least 10 million EUR (approximately 250 million CZK).
More detailed information will soon be available in a case study on our website.
Other articles
Interested in more?
Feel free to discover all our projects and latest news.
