State administration
Yes. The new Cybersecurity Act was signed by the president on June 26, 2025, and will take effect on November 1, 2025. It implements the NIS2 Directive and significantly expands the scope of regulated entities.
This means the law will affect thousands of institutions: government offices, public service organizations, hospitals, schools, regional governments, municipalities, and other public bodies.
Once in effect, regulated entities will have 60 days to report their regulated services and will then be required to meet specific obligations—such as:
-
Cyber risk management
-
Systems security
-
Incident response
-
Event reporting
We highly recommend familiarizing yourself with the law’s requirements in advance.
You can find clear and detailed guidance at the NÚKIB portal: Guide to the New Cybersecurity Act | NÚKIB Portal
EZÚ offers practical support to organizations subject to the new Cybersecurity Act, effective November 1, 2025. We can assist you with:
-
Mapping your current state (pre-screening, GAP analysis)
-
Training employees
-
Conducting a pre-audit of your preparedness
We can provide certification either independently or as part of an integrated system with your existing ISO/IEC 27001 implementation.
With our guidance, you can efficiently navigate the entire process—from initial steps to final compliance verification.
With the introduction of the new Cybersecurity Act (based on NIS2), there is now a strong connection between ISVS requirements and cybersecurity regulations.
In practice, if an ISVS also falls under the scope of the Cybersecurity Act (e.g., it ensures the provision of essential services), then the certification process must also reflect the cybersecurity requirements from that law.
Even today, ISVS certification routinely includes evaluating areas such as:
-
Access management
-
Backups
-
Change management
-
Incident response
-
Operational security
These areas overlap with the requirements of NIS2 and the Cybersecurity Act.
Therefore, we recommend planning ISVS certification in the context of broader cybersecurity requirements and ideally linking it with a compliance assessment based on ZoKB/NIS2.
ISVS certification (Information System of Public Administration) is a legally defined process designed to verify whether a given information system meets the requirements established by legislation—specifically Act No. 365/2000 Coll. on information systems of public administration and Decree No. 529/2022 Coll.
Certification is mandatory for:
-
Public authorities that operate or manage ISVS
-
System suppliers who develop, implement, or operate information systems intended for public administration