Adam Kučinský


NIS2 Directive and its impact on the Czech Republic 

At the end of December 2022, the Directive of the European Parliament and of the Council (EU) 2022/2555 of 14 December 2022 on measures to ensure a high common level of cybersecurity in the Union and amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972 and repealing Directive (EU) 2016/1148 (NIS2 Directive) was published. This directive can be described as revolutionary in terms of the scope of requirements and, in particular, the scope of obliged people. The directive significantly expands the requirements for the scope of regulated services and entities, i.e. entities to which member states must impose obligations to secure their ICT and report cybersecurity incidents. According to preliminary estimates by the National Cyber and Information Security Agency (NÚKIB), the requirements of the directive, after its implementation into the legal system of the Czech Republic, will affect approximately 6,000 organizations and companies. In late January 2023, just a month after the publication of the directive, NÚKIB presented a specific proposal for a new law on cybersecurity and related implementing regulations and opened public consultations on the implementation of the directive's requirements and amendments to the national regulatory framework for the public. This post will outline both the requirements of the NIS2 directive and the proposed changes to the regulatory framework for cybersecurity in the Czech Republic. 

Adam Kučínský

Adam Kucinsky deals mainly with information security management, crisis management and the problematics of protection of key information and communication systems of the Czech Republic in public and private sector. 

As the Director of the Department of Cybersecurity Regulation at the National cyber and information security agency, he leads a team of specialists performing the main activities of implementing and supervising the Act on Cyber Security, setting regulatory requirements and preparing legislation and security standards in the field of cyber security. 

In addition, they have been cooperating as an external lecturer with universities and other educational institutions for several years, and they also lectures the issue of cyber security at conferences.