Regulatory, ESG, Cybersecurity, Data Privacy

On August 19, 2025, a completely new Act 266/2025 Coll., on the resilience of critical infrastructure entities and on amendments to related acts (hereinafter referred to as the “ZoKI”) entered into force. This Act removes the issue of critical infrastructure from the current Crisis Act and introduces a separate legal regulation of the resilience of critical entities. The new regulation responds in particular to the requirements of Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC (hereinafter referred to as the “CER”), which it transposes into the Czech legal order. The aim of the ZoKI is to strengthen the resilience of basic services necessary for the functioning of the state and thus prepare the Czech Republic for current threats, such as cyber attacks or sabotage of critical systems.

On 26 February 2025, the European Commission published two new legislative proposals, called Omnibus I and Omnibus II. The proposals, which are to affect several European regulations related to sustainability and ESG, aim to reduce the administrative burden on companies, improve sustainability rules and free up investment. The omnibus packages are intended to ease the administrative burden on small and medium-sized enterprises (SMEs) the most. What specific measures has the European Commission proposed? The following article explains this.

With increasing digitalization, the need for personal data protection is becoming increasingly important. In order to respond effectively and quickly to personal data breaches, the General Data Protection Regulation[1] (hereinafter referred to as the “GDPR”) has established the obligation to notify breaches to the supervisory authority. This role is performed by the Office for Personal Data Protection (hereinafter referred to as the “OPO”).

The draft law on cyber security (parliamentary press no. 759) is a transposition of the European security directive NIS 2. In addition to implementing the European regulation into the Czech legal system, its main purpose is to set at least a basic level of cyber security in organizations that provide their services in sectors important for the functioning of the state, such as energy, state administration, the food industry or healthcare.