Czech Act 264/2025 Sb. (NIS2) — deadline 31 Dec 2026 | Get a certified cybersecurity manager
Certified under Act 264/2025 Sb. & ENISA ECSF — service available in English

External CISO for NIS2 Compliance
in the Czech Republic

Czech Act No. 264/2025 Sb. (transposing EU NIS2 Directive) imposes new cybersecurity obligations on thousands of companies operating in the Czech Republic — including international subsidiaries. I handle full compliance: from gap analysis and documentation to NÚKIB registration, as your external or part-time cybersecurity manager, certified under Decree 409/2025 Sb.

Free 30-min consultation Does my company fall under NIS2?
CZK 250M maximum NIS2 penalty
6,000+ companies obligated in the Czech Republic
20+ years of IT experience
Act No. 264/2025 Sb.
Decree 409/2025 Sb.
ENISA ECSF
Accredited certification
Prague & all of Czech Republic

Does Czech Act No. 264/2025 Sb. apply to your company?

The Czech Cybersecurity Act applies to thousands of companies operating in the Czech Republic — including subsidiaries of foreign groups. Find out whether you are a regulated entity and what obligations you have towards NÚKIB (Czech national cybersecurity authority).

Essential Entities (EE)

Large companies in key sectors from Annex I: energy, transport, healthcare, digital infrastructure, banking, water management, public administration and others.

  • 250+ employees or turnover >EUR 50M
  • Stricter security requirements
  • Regular NÚKIB audits

Important Entities (IE)

Medium and large companies in Annex II sectors: postal services, waste management, manufacturing, chemicals, food, digital markets, research and others.

  • 50+ employees or turnover >EUR 10M
  • Mandatory NÚKIB registration
  • Appointing a cybersecurity manager required

Not sure where you stand?

The law is complex and penalties for non-registration or non-compliance reach up to CZK 250 million or 2 % of global annual turnover (essential entities).

Find out for free — 30-min consultation

How I can help

Complete coverage of obligations under Act No. 264/2025 Sb. — from initial analysis to ongoing compliance management. All services available in English.

Most in demand

Cybersecurity Manager as a Service

I act as your certified cybersecurity manager — externally or part-time. You meet the statutory obligation to have an appointed MKB without the cost of a full-time employee. Available in English for international management teams.

Gap Analysis

We assess where your organisation stands against NIS2 requirements under Act 264/2025 Sb. and Decree 409/2025 Sb. You receive a clear English-language report with a prioritised remediation plan.

Security Measures Implementation

Technical, procedural and legal implementation under Decree 409/2025 Sb. — risk management, network security, cryptography, physical security, access management.

Documentation Preparation

Complete preparation of mandatory documentation: Risk Assessment Report, Business Continuity Plan, Incident Management Policy and all other documents required by the Act. Available in English and Czech.

Management & Staff Training

Practical training for management (legal liability, strategy) and staff (phishing, secure behaviour, incident reporting). Conducted in English on request. Meets requirements of Decree 409/2025 Sb.

NÚKIB Audit Preparation

I prepare your company for inspection by the Czech cybersecurity authority (NÚKIB). Internal audit, identification and remediation of gaps before the deadline. No unpleasant surprises.

A certified expert on your side

I am Ing. Vít Vomáčko — an IT professional with over 20 years of experience in information technology and a certified cybersecurity manager under new Czech legislation. I work in both Czech and English.

Act No. 264/2025 Sb. Czech Cybersecurity Act — certified cybersecurity manager (MKB)
Decree No. 409/2025 Sb. Security measures — accredited certification examination passed
ENISA ECSF European Cybersecurity Skills Framework — completed
20+ years in IT Founder of Let IT Bee, s.r.o. — IT outsourcing, infrastructure security

I believe cybersecurity should be understandable to business leaders, not just engineers. I always communicate in the language of your business — whether that is English or Czech — not in IT jargon.

Ing. Vít Vomáčko — External CISO, NIS2 Cybersecurity Manager
Ing. Vít Vomáčko
Cybersecurity Manager (NIS2)
Let IT Bee, s.r.o.
+420 775 654 443 vit.vomacko@letitbee.cz letitbee.cz LinkedIn profile

How it works

A structured approach from first consultation to ongoing NIS2 compliance management.

1

Free consultation (30 min)

We talk by phone or video call. I gather basic information about your company — sector, size, existing security measures. I assess whether the Act applies to you and how urgent the situation is. Conducted in English.

2

Gap analysis

Detailed analysis of your compliance with Act 264/2025 Sb. and Decree 409/2025 Sb. The output is a clear English-language report: what you have in order, what is missing, and what is most critical.

3

Remediation plan

Based on the gap analysis I prepare a realistic implementation plan — with priorities, timelines and cost estimates. Management approves the scope of cooperation and engagement model.

4

Implementation

Systematic implementation of security measures, documentation preparation (risk assessment, business continuity plan, policies), staff and management training, technical infrastructure security.

5

Ongoing management & monitoring

As your cybersecurity manager I continuously monitor legislative changes, report incidents to NÚKIB, update documentation and prepare you for potential inspections. You remain in compliance at all times.

Frequently asked questions

Answers to the most common questions about NIS2 and Czech Act 264/2025 Sb.

The Act applies to companies in regulated sectors (energy, transport, healthcare, banking, digital infrastructure and others) that exceed the size threshold. Foreign-owned subsidiaries registered in the Czech Republic are fully subject to the same requirements as domestic companies. The safest approach is a free consultation — I assess your specific situation at no cost.

Fines under Act 264/2025 Sb. depend on entity category. For essential entities (EE) the maximum is CZK 250 million or 2% of global annual turnover, for important entities (IE) up to CZK 100 million or 1.4% of global annual turnover (whichever is higher). The Act also introduces personal liability for statutory representatives — executives can be fined directly regardless of corporate liability.

It depends on your company's current security posture. Basic compliance (registration, appointing a cybersecurity manager, gap analysis and priority measures) can be achieved within 3–6 months. Full implementation of all security measures under Decree 409/2025 Sb. typically takes 6–18 months.

An external cybersecurity manager is significantly more cost-effective than an in-house employee (average MKB salary in the Czech Republic is CZK 80–120k/month plus social contributions and benefits). You also get broader cross-industry experience, flexible engagement scope and immediate availability. Act 264/2025 Sb. explicitly permits an external cybersecurity manager.

Yes. Consultations, gap analysis reports, documentation, management training, and ongoing cybersecurity management are all available in English. This makes the service particularly suitable for international subsidiaries operating in the Czech Republic, foreign-owned Czech entities, and any organisation whose board or senior management operates in English.

I tailor the engagement exactly to your company's needs — a one-off project (gap analysis, documentation) or an ongoing retainer (cybersecurity manager as a monthly service). Pricing is agreed after the free initial consultation where I determine the actual scope. Contact me for a no-obligation quote.

Newsletter

NIS2 Updates for Cybersecurity Managers

Receive updates on NIS2, Czech Act 264/2025 Sb. and cybersecurity directly to your inbox — new decrees, NÚKIB guidelines and practical compliance tips.

Request a consultation

Request a consultation / demo

Tell me a few details about your company. I will get back to you within 24 hours with next steps — no commitment required.

By submitting you consent to the processing of your contact details for the purpose of preparing a proposal. Your data will not be shared with third parties.

Free 30-minute consultation

30 minutes that give you clarity. You will find out:

  • Whether Act 264/2025 Sb. actually applies to your company
  • What the most critical gaps are in your organisation
  • Concrete first steps toward NIS2 compliance
  • A realistic estimate of the scope and cost of engagement

No commitment. No pressure. Just straightforward information from a certified expert — in English.

Contact me

Phone +420 775 654 443
Email vit.vomacko@letitbee.cz
LinkedIn Ing. Vít Vomáčko
Prague 1 — serving all of Czech Republic

Further steps on the road to NIS2

Where are you on your NIS2 compliance journey?

A cybersecurity manager is a key step. See what else you may need.

Awareness

NIS2OK.cz — Check if NIS2 applies to you

Free online compliance check — find out if your company falls under Czech Act 264/2025 Sb.

Assessment

SecureOn.cz — Technical security audit

Penetration testing, gap analysis and in-depth audit of your infrastructure (Czech-language service).