National Cyber and Information Security Agency

Regulation Department

The Regulation Department deals with matters regulated by Act No 181/2014 Coll. on Cyber Security. It communicates with regulated entities, whether in relation to their regulation or in providing methodological support. Additionally, the department participates in the preparation of legislation on cyber security and plays a crucial role in identifying and protecting critical information infrastructure, important information systems, and essential services’ information systems within the Czech Republic. The department also hold the post of national authority of cybersecurity certification in compliance with The EU Cybersecurity Act.

PRIVATE SECTOR REGULATION UNIT

Ensures the identification of operators of essential services. Applies, preserves and interprets Decree No 437/2017 Coll., on the Criteria for the Determination of an Operator of Essential Service. Ensures the identification of critical information infrastructures in the private sector. Provides interpretation and support in private sector regulation. Communicates with the relevant controllers.

PUBLIC SECTOR REGULATION UNIT

Ensures the identification of important information systems. Applies, preserves and interprets Decree No 317/2014 Coll., on Important Information Systems and their Determination Criteria. Ensures the identification of critical information infrastructures in the public sector. Provides interpretation and support in public sector regulation. Communicates with the relevant controllers.

INFORMATION TEcHNOLOGY SUPPLIER REGULATION UNIT

Provides assessment of cloud computing offers in accordance with the Public Administration Information Systems Act and the Act on Cyber Security. Applies, preserves and interprets the so-called Cloud Decree. Consults impacts of systems disruption for the purposes of cloud computing processes in public authorities. Provides interpretation and support in regulation of cloud computing services used by public authorities. Communicates with the relevant controllers.

EUROPEAN CERTIFICATION WORKING GROUP

In its role as the national cybersecurity certification body, the Working Group oversees and enforces compliance with the rules included in European cybersecurity certification schemes. It is responsible for authorising conformity assessment bodies (CAB) and delegating the issuing of EU cybersecurity certificates where appropriate. Resolve complaints related to EU cybersecurity certificates. Represents the Czech Republic within the European Cybersecurity Certification Group. Provides interpretation and support in the field of EU cybersecurity certifications. Communicates with relevant stakeholders.

For more information on EU cybersecurity certifications, please visit the EU Cybersecurity Certification website (in czech language).
If you have any questions or suggestions regarding EU cybersecurity certifications, please contact ncca@nukib.cz

In case of any questions or suggestions, particularly related to the identification of critical information infrastructure elements or operators of essential services; methodical support in the identification of important information systems or digital service providers; interpretation of the Act on Cyber Security and the implementation of cybersecurity legislation; as well as questions concerning supporting materials related to the law, please contact:

Secretariat of the Regulation Department

Cell: 00420 541 110 632

Email: regulace@nukib.cz

Audit Department

The Audit Department supervises the compliance of regulated entities with the requirements of the Act on Cyber Security. It is involved, together with the Regulation Department, in the preparation of legislation on cyber security and provides methodological support to regulated entities. In addition, the Audit Department cooperates with other audit authorities whose activities in cyber security overlap.

News

NÚKIB Representatives Co-Organized a Cyber Security Exercise in Albania

On 3 April 2024, a cyber exercise was held in Tirana, Albania, which was designed as an interactive, non-technical tabletop exercise aimed at high-level decision-makers, including security and strategic communication experts. The National Cyber and Information Security Agency (NÚKIB) was represented by Irena Adler Pavelková and Miroslava Čavojská from the Exercise Unit, who were directly involved in the preparation of the exercise scenario, its presentation, and moderation of the discussion among the participants. The exercise was organized within the framework of the EU Cybersecurity Capacity Building in the Western Balkans, which the Estonian governmental organization e-Governance Academy led in cooperation with the Dutch non-profit organization CILC.

In collaboration with colleagues from the Albanian National Authority for Electronic Certification and Cyber Security (AKCESK), a scenario was prepared for participants from various government institutions and bank representatives, including the Bank of Albania. The scenario focused on the escalating cyber crisis in the banking sector and highlighted the multidimensional nature of cyber threats. One of the objectives of the simulation was to discuss Albania's new cybersecurity legislation and to focus on cooperation and crisis communication between the institutions involved. The cyber exercise was also attended by the Deputy Prime Minister of Albania, Bellinda Balluku, who expressed her support for the project while emphasizing the importance of cyber security and increasing the resilience of the whole society in cyberspace.

Celá zpráva 2024-04-09