6. Registration
and communication with NUKIB

In addition to purely legislative changes, the NIS2 Directive and its implementation in the Czech legal system will also bring practical changes in the area of registration of regulated organisations and their communication with NUKIB.

Proposal of National Regulation

The obligation to register or report the necessary data and incidents is already included in the currently effective Act on Cyber Security. The proposed Act on Cyber Security builds on this and regulates in more detail what data must be reported in specific situations, how and within what timeframes.

The primary tool for all communication between regulated service providers and NUKIB will be the NUKIB Portal, a unified platform mentioned in the previous topics. The intention is that this system will allow for the easy performance of all the standardised tasks envisaged by the proposal, including, but not limited to, registration of relevant organisations, reporting of contact details of authorised representatives of those organisations and subsequent incident reporting, reporting on countermeasures or corrective measures or reporting of specific suppliers, if relevant to a particular entity. The basic principle of the proposed solution is a maximum automation within the self-service platform leading to a reduction of the administrative burden both on the side of regulated organizations and on the side of NUKIB.

The details of the functioning of this platform and the requirements on the reports and other filings are regulated by the draft Decree on the NUKIB Portal issued based on the Act on Cyber Security.

Alternative means and methods of the submission of specific filings are defined in relevant provisions, therefore, possible unavailability of the NUKIB Portal cannot lead, for example, to the impossibility of reporting an incident.

Once the NUKIB Portal is connected to the General Registers, the performance of selected actions will be subject to the authentication of relevant persons by means of electronic identification and through a qualified electronic identification system, for example via BankID and the National Point for Identification and Authentication (NIA).

As part of the further development of the platform, closer cooperation and communication is expected in the future, for example with conformity assessment bodies in the context of cybersecurity certifications.

In addition to communication by regulated service providers via the NUKIB Portal, voluntary reporting of incidents, threats and vulnerabilities by non-regulated entities will also be enabled via the NUKIB website, in accordance with the requirements of the NIS2 Directive.

The following topic is not anymore focused on the basic requirements and obligations of regulated organisations and but on the control of their fulfilment.

Continue by clicking on the blue arrow on the right side or select one of the other topics in the index below.

Topic index
  1. General information about the future national regulation
  2. Who is affected by the new obligations
  3. Differentiation of regulated entities
  4. Obligation to implement security measures
  5. Incidents and how to report them
  6. Registration and communication with NUKIB
  7. Methods of ensuring compliance
  8. Sanctions and enforcement measures
  9. National and international cooperation
  10. Other national regulation specifics
  11. How to prepare for the new legislation
  12. Financial aspects of the new Act on Cyber Security