Czech Republic

YK v. The High State Prosecutor's Office in Prague)

Lawyer appeared before the Supreme Administrative Court. Fabricated: Case Law | Court found several referenced decisions do not exist (fabricated case citations).

YK v. The High State Prosecutor's Office in Prague)

Fabricated: Case Law | Court found several referenced decisions do not exist (fabricated case citations). || False Quotes: Case Law | Court verified quoted excerpts and concluded none of the cited passages appear in the referenced decisions (misattributed/false quotations).

YK v. The High State Prosecutor's Office in Prague)

Recommendation on the Status of Data Protection Officers

On 12 August 2024, the Czech Office for Personal Data Protection published its Recommendation on the Status of Data Protection Officers. Specifically, the Office responds to a trend in both public and private sector institutions which sees the outsourcing of personal data protection officer duties. In its Recommendation, the Office calls on organisations to carefully weigh up their options and not to underestimate the difficulty and complexity of the data protection officer's tasks. Additiona...

Joint Statement on E-Commerce Applications

On 20 August 2024, the National Cyber and Information Security Agency (NÚKIB) and the Office for Personal Data Protection issued a joint statement on e-commerce applications which require non-standard permissions and may collect excessive user personal data. The authorities warn users to be careful when granting permissions beyond those needed for the proper functioning apps. Further, the authorities advise users to read privacy policies before granting permissions and point to the existence ...

Office for the Protection of Personal Data Methodology for Camera Systems

On 8 February 2024, the Office for the Protection of Personal Data announced the adoption of a methodology for the design and operation of camera systems from the perspective of processing and protection of personal data. The methodology applies to both recording and online camera systems involved in personal data processing. It aims to guide administrators, processors of personal data, and camera system suppliers in their obligations. While it is not a substitute for compliance with the Gene...

UOOU investigation into Avast for alleged illegal sales of user data

On 15 April 2024, the Czech Office for Personal Data Protection (UOOU) imposed a fine of CZK 351 million on Avast Software for the unauthorised processing of personal data of its antivirus program and browser extensions users during part of 2019. Avast was found to have transmitted the pseudonymised Internet browsing history of approximately 100 million users to Jumpshot under the pretence of trend analysis. However, the data was not adequately anonymised, leading to potential re-identificati...

Czech government designation of digital services coordinator under Digital Services Act

On 17 February 2024, the Czech government implemented an order implement the DSA and to designate the Czech Telecommunications Office (CTU) as the Digital Services Coordinator. This decision is in line with the new European rules under the Digital Services Act, which requires member states to appoint national Digital Services Coordinators by 17 February 2024. The CTU will be responsible for supervising and enforcing these new rules. In addition to overseeing the Digital Services Act, the CTU ...

Memorandum of Understanding for Cybersecurity Cooperation between Czech Republic and Israel

On 16 January 2024, the National Cyber and Information Security Authority (NCIS) of the Czech Republic and the Israel National Cyber Directorate (INCD) signed a Memorandum of Understanding (MoU) to strengthen cooperation in the field of cybersecurity. The MoU aims to enhance the cyber resilience of both countries through the exchange of best practices, effective sharing of information and experience, and the provision of internships.

Warning Against the Use of TikTok on Devices Accessing Critical Information Infrastructure

On 8 March 2023, the National Cyber and Information Security Agency (NÚKIB) of the Czech Republic issued a warning regarding the potential cyber security threat associated with the installation and use of TikTok, a user-generated content platform for short videos, on devices that access information and communication systems of critical information infrastructure, essential services, and important information systems. The agency has assessed this threat as "high", with a likelihood of occurren...

Czech Republic-Slovakia MoU on Cybersecurity

On 8 February 2023, the National Cyber and Information Security Agency of the Czech Republic and the National Security Office of Slovakia signed a Memorandum of Understanding (MoU) on cybersecurity. The MoU outlines 17 different areas of cooperation in the form of sharing information, know-how and experience, support in conducting training and education of employees, as well as maintaining and communicating in the case of active cyber threats. Furthermore, the MoU establishes mutual assistanc...

UOOU public lawsuit against AVAST regarding alleged violations of data transfer requirements

On 16 March 2023, the Czech Data Protection Authority (UOOU) issued a ruling in a public lawsuit against AVAST, alleging violations of data transfer requirements. The UOOU penalized AVAST for allegedly unlawfully sharing personal data of its customers with a third-party company, which contradicted the GDPR. AVAST, a company that offers antivirus programs and browser extensions, collected the browsing history of internet users who installed and used their products. This data was then transferr...

Draft Cybersecurity Law on Vetting Mechanism for Important Infrastructure Suppliers

On 23 September 2022, the Czech National Cyber and Information Security Agency (NÚKIB) announced that it had been tasked with drafting a cybersecurity bill creating a vetting mechanism for important communication and information infrastructure suppliers. The mechanism would allow the state to exclude high-risk suppliers from strategically important infrastructure based on criteria like foreign state influence and potential for disruptive misuse of technology. The draft bill is expected to be ...

Guide on asset and risk management based on Decree No. 82/2018 outlining security measures

On 22 August 2022, the National Cyber and Information Security Agency (NÚKIB) released a guide on asset and risk management under Decree No. 82/2018 Coll. of 21 May 2018 on Security Measures, Cybersecurity Incidents, Reactive Measures, Cybersecurity Reporting Requirements, and Data Disposal. The first section of the guide presents the legal framework and lists the obligations of entities storing data, including their responsibility to implement preventive security measures. The second section...

Data Protection measures in Czechia Electronic Communications Act amendment

On 1 January 2022, the amendment to the Electronic Communications Act enters into force. The amendment establishes that the use of cookies and tracking technologies used to identify users by websites or applications operators will be possible only on the basis of the explicit consent by the user (opt-in principle). The obligation will not apply to necessary cookies or to additional services requested by the user. These modifications mirror the EU rules on privacy requirements for electronic c...

Act on Cybersecurity (Zákon o kybernetické bezpečnosti), No. 264/2025 Sb.

AI law in Czech Republic: Act No. 264/2025 Sb. modernises Czech cybersecurity law by transposing the EU NIS2 Directive into national law. It expands the scope of regulated entities across critical sectors, establishes a self‑identification and registration regime through NÚKIB, imposes risk‑management and incident‑reporting obligations, and creates enforcement measures including administrative fines and coercive penalties....

Committee for Artificial Intelligence (Výbor pro umělou inteligenci) — governmental coordinating body (MPO)

AI law in Czech Republic: The Committee for Artificial Intelligence (Výbor pro umělou inteligenci) is an inter‑sectoral coordinating body convened by the Czech Ministry of Industry and Trade (MPO) to align national AI policy, support implementation of the EU AI Act, and coordinate stakeholders across government, industry and research. It operates as a policy and coordination forum rather than a primary enforcement regulator, providing recommendations, preparing implementation steps and advising on national AI strategy and action plans....

Draft Adaptation Act to Implement the EU Artificial Intelligence Act (Adaptační návrh zákona o umělé inteligenci) — draft national AI law

AI law in Czech Republic: A concise, minimalist draft adaptation law prepared by the Czech Ministry of Industry and Trade (MPO) to implement the EU Artificial Intelligence Act (Regulation (EU) 2024/1689). The draft defines national institutional roles (notifying authority, market surveillance bodies), creates a national regulatory sandbox and sets procedural, language and reporting details needed for domestic enforcement while largely relying on the EU Regulation for substantive rules....

Action Plan of the National Artificial Intelligence Strategy 2030 (NAIS) for 2025 (Implementační plán programu Digitální Česko / Akční plán NAIS 2025)

AI law in Czech Republic: The Action Plan (Akční plán NAIS 2025) is the 2025 implementation package of the Czech National Artificial Intelligence Strategy 2030 (NAIS), adopted as part of the Implementační plán programu Digitální Česko and approved by the Government of the Czech Republic on 2 April 2025. It allocates circa CZK 19 billion to project-level initiatives across seven strategic AI priority areas (research & innovation, education, labour-market skills, legal & ethical aspects, security, industry, and public administration) and sets a governance, monitoring and funding framework to accelerate trusted AI adoption in the public and private sectors....

National Artificial Intelligence Strategy of the Czech Republic (2019)

AI law in Czech Republic: The National Artificial Intelligence Strategy (NAIS) adopted by the Government of the Czech Republic in May 2019 sets out national priorities to develop AI research, foster industry adoption, ensure ethical and secure AI, and position the Czech Republic as a European AI hub. It establishes coordination mechanisms, short-, medium- and long-term objectives and tools across seven priority chapters ranging from research concentration and financing to legal/ethical aspects and international cooperation....