Act No. 205 / 2017 Coll.
Act amending Act No. 181 / 2014 Coll., on Cyber Security and on Change of Related Laws (Cyber Safety Act), as amended by Act No. 104 / 2017 Coll., and certain other laws
Valid
Law
Effective from 01.08.2017
Contents
ČÁST DRUHÁ
Čl. III
ČÁST TŘETÍ
Čl. IV
ČÁST ČTVRTÁ
Čl. V
ČÁST PÁTÁ
Čl. VI
ČÁST ŠESTÁ
Čl. VII
ČÁST SEDMÁ
Čl. VIII
ČÁST OSMÁ
Čl. IX
ČÁST DESÁTÁ
Čl. XI
ČÁST JEDENÁCTÁ
Čl. XII
ČÁST DVANÁCTÁ
Čl. XIII
ČÁST TŘINÁCTÁ
Čl. XIV
㤠33a
㤠36a
㤠45a
㤠53
㤠137
㤠137a
㤠138b
㤠158
Čl. XV
ČÁST ČTRNÁCTÁ
Čl. XVI
Zobrazeno prvních 200 z celkem 224 ustanovení tohoto předpisu.
Zobrazit celý předpis →
Pro stažení celého znění použijte tlačítko Stáhnout výše.
205
THE LAW
of 7 June 2017
amending Act No. 181 / 2014 Coll., on Cyber Security and on the Amendment of Related Acts (Cyber Security Act), as amended by Act No. 104 / 2017 Coll., and certain other laws
Parliament has decided on this law of the Czech Republic:
Amendment to the Freedom of Information Act
In Article 11 (4) of Act No. 106 / 1999 Coll., on Free Access to Information, as amended by Act No. 159 / 2000 Coll., Act No. 61 / 2006 Coll., Act No. 254 / 2008 Coll., the finding of the Constitutional Court, published under No. 123 / 2010 Coll., Act No. 181 / 2014 Coll., Act No. 301 / 2016 Coll. and Act No. 368 / 2016 Coll., point (f) is deleted.
Point (g) shall be renumbered as point (f).
Amendment of the Act on the Establishment of Ministries and other Central Authorities of the Czech Republic
In Article 2 of Act No. 2 / 1969 Coll., on the establishment of ministries and other central authorities of the Czech Republic, as amended by Act No. 60 / 1988 Coll., Act No. 288 / 1990 Coll., Act No. 575 / 1990 Coll., Act No. 173 / 1991 Coll., Act No. 359 / 1992 Coll., Act No. 474 / 1992 Coll., Act No. 21 / 1993 Coll., Act No. 250 / 1994 Coll., Act No. 89 / 1995 Coll., Act No. 219 / 2002 Coll., Act No. 517 / 2002 Coll., Act No. 95 / 2005 Coll., Act No. 57 / 2006 Coll., Act No. 365 / 2000 Coll., Act No. 458 / 2000 Coll., Act No. 458 / 2000 Coll., Act No. 517 / 2002 Coll., Act No. 95 / 2005 Coll.
"16. National Bureau of Cyber and Information Security. ';
Amendment of the law laying down certain additional conditions for the performance of certain functions in state bodies and organisations
In Article 1 (2) of Act No. 451 / 1991 Coll., laying down certain additional conditions for the performance of certain functions in the state bodies and organisations of the Czech and Slovak Federal Republic, the Czech Republic and the Slovak Republic, as amended by Act No. 250 / 2014 Coll., the words "the National Office for Cyber and Information Security 'are inserted after the words" the National Security Office'.
Amendment of the Civil Service Act
In Article 2 (2) of Act No. 234 / 2014 Coll., on Civil Service, as amended by Act No. 131 / 2015 Coll., Act No. 137 / 2016 Coll., Act No. 190 / 2016 Coll., Act No. 195 / 2016 Coll., Act No. 302 / 2016 Coll., Act No. 319 / 2016 Coll. and Act No. 66 / 2017 Coll., the words ", National Office for Cyber and Information Security 'are inserted after the words" Military Intelligence'.
Amendment of the Act on Information Systems of Public Administration
Act No. 365 / 2000 Coll., on Information Systems of Public Administration and on the amendment of certain other laws, as amended by Act No. 517 / 2002 Coll., Act No. 413 / 2005 Coll., Act No. 444 / 2005 Coll., Act No. 70 / 2006 Coll., Act No. 81 / 2006 Coll., Act No. 110 / 2007 Coll., Act No. 269 / 2007 Coll., Act No. 130 / 2008 Coll., Act No. 190 / 2009 Coll., Act No. 223 / 2009 Coll., Act No. 227 / 2009 Coll., Act No. 298 / 2016 Coll., Act No. 263 / 2011 Coll., Act No. 18 / 2012 Coll., Act No. 167 / 2012 Coll., Act No. 64 / 2014 Coll.
1. In Article 1, at the end of paragraph 2, the dot is replaced by a comma and the following point (d) is added:
"(d) National Office for Cyber and Information Security.";
2. In Paragraph 12 (3), the words "National Security Authority 'are replaced by the words" National Office of Cybersecurity and Information Security'.
Amendment of the Labour Inspection Act
In Article 6 (2) of Act No. 251 / 2005 Coll., on Labour Inspection, as amended by Act No. 264 / 2006 Coll., Act No. 362 / 2007 Coll., Act No. 341 / 2011 Coll., Act No. 350 / 2011 Coll., Act No. 365 / 2011 Coll., Act No. 367 / 2011 Coll., Act No. 64 / 2014 Coll. and Act No. 88 / 2016 Coll., the words ", National Office for Cyber and Information Security 'are inserted after the words" The Office for Foreign Relations and Information'.
Amendment of the Crisis Act
In Article 33 (4) of Act No. 240 / 2000 Coll., on Crisis Management and on the Amendment of Certain Laws (Crisis Act), as amended by Act No. 320 / 2002 Coll., Act No. 430 / 2010 Coll. and Act No. 64 / 2014 Coll., the words ", National Office for Cyber and Information Security 'shall be inserted after the words" National Office for Cyber and Information Security';
Amendment of the Act on archiving and file service and amending certain laws
In Article 53 (1) of Act No. 499 / 2004 Coll., on Archiving and File Service and on the amendment of certain laws, as amended by Act No. 413 / 2005 Coll., Act No. 444 / 2005 Coll., Act No. 190 / 2009 Coll. and Act No. 167 / 2012 Coll., the words ", National Office for Cyber and Information Security 'are inserted after the words" National Security Office'.
Amendment to the Police Act of the Czech Republic
In Article 78 (1) of Act No. 273 / 2008 Coll., on the Police of the Czech Republic, as amended by Act No. 105 / 2013 Coll., Act No. 273 / 2013 Coll. and Act No. 303 / 2013 Coll., the words ", National Office for Cyber and Information Security 'are inserted after the words" National Security Office'.
Amendment to the Employment Act
In Section 138 of Act No. 435 / 2004 Coll., on Employment, as amended by Act No. 382 / 2005 Coll., Act No. 413 / 2005 Coll., Act No. 444 / 2005 Coll., Act No. 136 / 2014 Coll. and Act No. 250 / 2014 Coll., the words ", National Office for Cyber and Information Security 'are inserted after the words" National Security Office'.
Amendment to the Act on the protection of classified information and on security competence
Act No. 412 / 2005 Coll., on the protection of classified information and security competence, as amended by Act No. 119 / 2007 Coll., Act No. 177 / 2007 Coll., Act No. 296 / 2007 Coll., Act No. 32 / 2008 Coll., Act No. 124 / 2008 Coll., Act No. 126 / 2008 Coll., Act No. 250 / 2008 Coll., Act No. 458 / 2011 Coll., Act No. 135 / 2009 Coll., Act No. 308 / 2013 Coll., Act No. 181 / 2014 Coll., Act No. 250 / 2014 Coll., Act No. 204 / 2015 Coll., Act No. 375 / 2015 Coll., Act No. 135 / 2016 Coll., Act No. 308 / 2016 Coll., Act No. 303 / 2013 Coll., Act No. 181 / 2014 Coll.
1. At the beginning of Title VI, the following Section 33a is inserted:
State administration in the field of the protection of classified information under this Title shall be carried out by the National Cyber and Information Security Office, unless otherwise provided for in this Act. ';
2. in Articles 34 (2), 35 (2), 37 (2) and (4), 45 (2), 46 (17), 69 (1) (e), (g) and (i) and 153 (1) (s), (t) and (v), the word "the Office" shall be replaced by "the National Office for Cyber and Information Security."
3. in Articles 34 (5), 43 (2), 43a (2), 45 (5), 46 (17), 48 (5), 49 (6), 50 (5), 51 (5) and 67 (1) (d), the word "the Office" shall be replaced by "the National Office for Cyber and Information Security."
4. in Articles 35 (2), 39 (1) and (2), 42 (2), 45 (6), 46 (5) (d) and 18, 48 (1) and (2), (4) (d) and (6), 49 (1) and (3) and (5) (b), 50 (1), (2), (4) (d) and (6), 51 (1) and (2) and (4) (d), and 148 (1) (j), the word "the Office" shall be replaced by "the National Office for Cyber and Information Security."
5. At the beginning of Title VIII, the following Section 36a is inserted:
State administration in the field of the protection of classified information under this Title shall be carried out by the National Cyber and Information Security Office, unless otherwise provided for in this Act. ';
6. in Articles 37a (3), 39 (1) to (3), 42 (3) and (4), 43a (1), 45 (3) and (4), 48 (3), (5) and (6), 49 (2), (4), (6), (7) and (9), 50 (3), (5), 51 (3) and (5) and 69 (1) (f) and (h), the word "Office" shall be replaced by the words "National Office for Cybersecurity and Information Security."
7. In Paragraph 38 (1) (c), the words "or service 'are inserted after the word" production'.
8. At the beginning of Title IX, the following Section 45a is inserted:
State administration in the field of the protection of classified information under this Title shall be carried out by the National Cyber and Information Security Office, unless otherwise provided for in this Act. ';
9. in Articles 46 (1) and (2) and 52 (5) and (6), the words "or the National Office for Cyber and Information Security" shall be inserted after the words "the Office."
10. in Articles 46 (10) and 52 (4) (d), the words "or the National Office for Cyber and Information Security" shall be inserted after the word "Authority."
11. in Article 46 (11) and (12):
"(11) The Office shall decide on the expiry of the certificate in the cases referred to in Paragraph 47 (4) (b). The National Cyber and Information Security Authority shall decide on the expiry of the certificate in the cases referred to in Sections 48 (4) (d), 49 (5) (b), 50 (4) (d) and 51 (4) (d). The appeal lodged against a decision of the Office or the National Office for Cyber and Information Security on the expiry of the certificate shall not have suspensory effect. An appeal shall not be admissible against a decision of the National Office for Cyber and Information Security on the expiry of the information system certificate and the cryptographic device certificate.
(12) If the certificate has expired pursuant to § 48 (4) (b) and (d), § 49 (5) (b), § 50 (4) (b) and (d) or § 51 (4) (b) and (d), the holder of the certificate shall, within 5 days of the date of receipt of the notification by the National Office for Cyber and Information Security, submit the certificate to the National Office for Cyber and Information Security. If the certificate has expired pursuant to § 47 (4) (b), the holder of the certificate shall submit the certificate to the Office within 5 days of receipt of the notification. ';
12. In Paragraph 46, at the end of paragraph 14, the sentence "The Authority may conclude an agreement with a State authority or an entrepreneur pursuant to Paragraph 52 on the provision of business to issue an opinion under the first sentence. '
13. in Paragraph 46 (15):
"(15) In order to perform the sub-tasks of verification of competence referred to in points (b) to (e) of paragraph 1, the National Cyber and Information Security Authority may conclude a contract with a State authority or an entrepreneur pursuant to Paragraph 52 to ensure such activities; This shall not apply if it is about the verification of the competence of the information system, cryptographic device or workstation or the shielding chambers to be operated by the intelligence services. ';
14. in Paragraph 46 (16), the words "in the Bulletin of the Office" shall be replaced by the words "and the National Office for Cyber and Information Security in the relevant Journal."
15. in Paragraph 50 (4), the word "or" shall be deleted at the end of (c).
16. In Paragraph 50 (4), the dot at the end of point (d) is replaced by "or 'and the following point (e) is added:
"(e) a notification by the State authority or the holder of the certificate of the cancellation of the cryptographic centre."
17. in Article 52 (1) and (3) (b), the words "14 a" are inserted after the words "and Article 46 (2)."
18. in § 52 (4) (f), "§ 46 (15)" is replaced by "§ 46 (14)";
19.
Authorisation provisions
Implementing legislation provides for:
(a) the particulars of the application for certification of a technical device, the documentation necessary to carry out the certification of a technical device, the rules for determining the period of validity of the technical device certificate, the rules and the method of use of the technical device after the expiry of its certificate and the model of the technical device certificate;
(b) the particulars of the application and the repeated application for certification of the information system, the certification of the cryptographic device, the certification of the cryptographic workplace and the certification of the shielding chamber, and the documentation necessary to carry out the certification of the information system, the certification of the cryptographic device, the certification of the cryptographic workplace and the certification of the shielding chamber;
(c) the manner and conditions for carrying out the certification of the information system, the certification of the cryptographic device, the certification of the cryptographic workplace and the certification of the shielding chamber and their repetition and content of the certification report referred to in Article 46 (13);
(d) models of the information system certificate, the cryptographic device certificate, the cryptographic workplace certificate and the shield chamber certificate;
(e) the details of the request for verification of the capability of electrical and electronic equipment, a secure area or an object to protect against leakage by compromising radiation and the way in which they are assessed; and
(f) the particulars of the application by the State authority or the entrepreneur to conclude the contract pursuant to § 52. ';
20. in Paragraph 65 (3), the word "State" shall be deleted;
21. In Article 69 (1) (j), the words "the registration of cryptographic material, the registration of cryptographic protection workers, the register of operational operation of the cryptographic device, the register of couriers of cryptographic material" shall be deleted.
22. in Paragraph 69 (1), the dot is replaced by a comma at the end of point (s) and the following point (t) is added:
"(t) keep records of cryptographic material, records of cryptographic protection workers, records of operational operation of the cryptographic device and records of couriers of cryptographic material.";
23. in § 75a (2) (b), § 143 (2) and § 144 (1), the words "under the law governing State control 45)" shall be replaced by the words "under the control rules."
footnote 45 is deleted, including the footnote reference.
24. § 137, including the title reads:
Office
Office
(a) decide on the application of a natural person, the application of an entrepreneur and the application for a document and on the revocation of the certificate of a natural person, the certificate of an entrepreneur and the document, except in the cases provided for in this Law [Sections 140 (1) (a) and 141 (1)], and issue a certificate of a natural person pursuant to Section 56a;
(b) exercise control in the field of protection of classified information and security competence (§ 143) and methodological activity, except in the cases provided for by this law (§ 143 (5));
(c) carry out the tasks of protecting classified information in accordance with the obligations arising from the membership of the Czech Republic in the European Union, the North Atlantic Treaty Organisation and the international treaties by which the Czech Republic is bound;
(d) maintain a central register and approve the establishment of registers in the authorities of the State and for entrepreneurs;
(e) in the cases provided for, authorises the provision of classified information in international contact;
(f) for the courier transport of classified information of classification grade Confidential, secret or confidential information provided in international relations, other than classified information provided pursuant to Paragraph 78 (1), shall be issued by the person responsible or the security director, upon written request, and, where justified, shall carry them,
(g) carry out certification of the technical device;
(h) issue safety standards;
(i) imposes administrative penalties for failure to comply with the obligations laid down by this law;
(j) decide on other matters and carry out other tasks on the section for the protection of classified information and security competence provided for by this law; and
(k) issue the Bulletin of the Office, which it publishes on its website. ';
25. The following Section 137a is inserted after Section 137:
National Cyber and Information Security Authority
National Cyber and Information Security Authority in the field of competence conferred upon it by this Act
(a) provide for specific competence examinations and issue certificates of specific competence;
(b) carry out tasks in accordance with the obligations arising from the membership of the Czech Republic in the European Union, the North Atlantic Treaty Organisation and the international treaties by which the Czech Republic is bound in the selected areas of the protection of classified information;
(c) carry out a methodological activity;
(d) ensure the activities of the National Centre for Communication Security, the National Centre for the Distribution of Cryptographic Material, the National Centre for the Measurement of Compromise Radiation and the National Centre for the Security of Information Systems which are part of it;
(e) carry out certification of the information system, cryptographic means, cryptographic workplaces and shielding chambers and approve the communication system security project;
(f) provide research, development and production of national cryptographic resources;
(g) develop and approve national cryptographic algorithms and develop national cryptographic protection policy;
(h) identify compromising radiations where classified information is present or will occur;
(i) establish, in cooperation with the intelligence services and the police, whether there is an unlawful use of technical means to obtain information in the area of the case to threaten or leak classified information;
(j) issue safety standards;
(k) imposes administrative penalties for failure to comply with the obligations laid down by this law;
(l) decide on other matters and carry out other tasks on the classified information protection section provided for by this law. ';
26. in Article 138 (1) (b), the words "the registration of cryptographic protection workers, couriers of cryptographic material and the registration of natural persons holding a certificate of special competence" shall be deleted;
27. in Article 138 (1), point (c) is deleted;
Points (d) to (m) shall be renumbered (c) to (l).
28. In Article 138 (1) (h), the words "information systems, cryptographic devices, cryptographic workplaces, shielding chambers, to train cryptographic protection personnel to be of special expertise and to detect the possibility of compromising radiation where classified information is to be present and to produce cryptographic devices," shall be deleted.
29. In Paragraph 138, the following paragraph 3 is added:
"(3) In carrying out the tasks provided for in this Act, the National Office for Cyber and Information Security shall be entitled to the activities referred to in paragraph 1 (a), (c), (g) and (i) and shall be entitled to:
(a) keep a register of natural persons holding a certificate of special competence, a record of breaches of the protection of classified information, and a record of cryptographic protection personnel and couriers of cryptographic material;
(b) conclude a contract with a State authority or an entrepreneur to carry out sub-tasks in the certification of information systems, cryptographic devices, cryptographic workplaces, shielding chambers, to train the special competence of cryptographic protection workers and to identify the possibility of compromising radiations where classified information is to occur and to produce cryptographic devices; and
(c) maintain the certification file of the information system, cryptographic device, cryptographic work and shielding chambers, keep a list of controlled cryptographic items and keep documentation for carrying out the activities referred to in Article 45. ';
30. In Paragraph 138a, at the end of paragraph 1, the dot is replaced by a comma and the following point (g) is added:
"(g) the record of the establishment of the data box and the identifier of the data box, if the data box is made available.";
31. In Paragraph 138a, the following paragraph 5 is inserted after paragraph 4:
"(5) The Office shall be provided for the exercise of its powers under this Law from the basic register of legal persons, natural persons engaged in business and public authorities:
(a) the trading firm or the name of the legal person or the name or, where appropriate, the names and surnames of the natural person involved;
(b) the date of origin or the date of registration in accordance with specific legislation;
(c) the date of expiry or the date of deletion from the register under specific legislation;
(d) legal form,
(e) a record of the establishment of the data box and the identifier of the data box, if the data box is made available;
(f) the statutory authority expressed as a reference link to the population register or to the person register or by the name or, where applicable, names, surnames and residence with a foreign natural person;
(g) legal status,
(h) the address of the legal person's registered office or the address of the place of business of the natural person in the form of a reference link (address location code) to the reference address in the territorial identification register. ';
Paragraphs 5 and 6 shall become paragraphs 6 and 7.
32. In Paragraph 138a (6), "paragraphs 2 to 4 'is replaced by" paragraphs 2 to 5'.
33. in Paragraph 138a, the following paragraph 8 is added:
"(8) The National Bureau of Cyber and Information Security shall be provided with the data referred to in paragraphs 1, 2 (a), (c), (d), (f), (m) and (n), 3 (a), (b), (e) to (g), (j), (k) and (r) to (t), 4 (a), (b), (d) and (e) and 5. ';
34. After Paragraph 138a, the following Section 138b is inserted:
Cooperation between the Office and the National Office for Cyber and Information Security
The National Bureau of Cyber and Information Security shall, without undue delay, transmit to the Office a notification which it has received pursuant to Articles 34 (5), 43 (2) or 69 (1) (f) and (h). ';
35. the heading of Part Six reads:
"CONTROL."
36. in Paragraph 143 (1):
"(1) The Office in the field of the protection of classified information and security competence shall check compliance with legislation in this field by the authorities of the State, legal persons, natural persons engaged and natural persons (" controlled persons ")."
37. in Article 143 (2) to (4), the words "State surveillance" shall be replaced by "controls."
38. In Section 143 (5), the words "State surveillance 'are replaced by the words" Control'.
39. In Article 143, the following paragraph 6 is added:
"(6) In the case of an inspection which interferes with the scope of the protection of classified information, the administration of which under this law is carried out by the National Bureau of Cyber and Information Security, its representative shall be invited to the inspection. ';
40. in Article 145 (5), the comma at the end of point (e) is replaced by a dot and point (f) is deleted;
41. in Article 146 (1), the words "or in the context of an administrative procedure for issuing measures under the Cybersecurity Act" shall be deleted.
42. In Article 146 (2), the words "or under the Cybersecurity Act 'are deleted.
43.In Article 153 (1), the word 'or' shall be deleted at the end of point (dd).
44. In Article 153 (1), at the end of point (ee), the dot is replaced by "or 'and the following point (ff) is added:
"(ff) does not keep any of the records provided for in Paragraph 69 (1) (t). ';
45. in Paragraph 153 (2) (b), "(n) or (o)" is replaced by "(n), (o) or (ff)."
46. At the end of the text of § 156, the words "except for infringements under § 148 (1) (f) to (h) and (j), § 149 (1) (g) to (k), § 153 (1) (b), (s) to (z) and (ff) and § 154 (1) (e), which it negotiates and for which fines are levied by the National Office for Cyber and Information Security 'shall be added.
47. Paragraph 158, including the title, reads:
Contents
ČÁST DRUHÁ
Čl. III
ČÁST TŘETÍ
Čl. IV
ČÁST ČTVRTÁ
Čl. V
ČÁST PÁTÁ
Čl. VI
ČÁST ŠESTÁ
Čl. VII
ČÁST SEDMÁ
Čl. VIII
ČÁST OSMÁ
Čl. IX
ČÁST DESÁTÁ
Čl. XI
ČÁST JEDENÁCTÁ
Čl. XII
ČÁST DVANÁCTÁ
Čl. XIII
ČÁST TŘINÁCTÁ
Čl. XIV
㤠33a
㤠36a
㤠45a
㤠53
㤠137
㤠137a
㤠138b
㤠158
Čl. XV
ČÁST ČTRNÁCTÁ
Čl. XVI
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Act No. 205 / 2017 Coll., amending Act No. 181 / 2014 Coll., on Cyber Security and on Changes to Related Laws (Cyber Safety Act), as amended by Act No. 104 / 2017 Coll., and certain other laws |
|---|---|
| Regulation Type | Law |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 14.07.2017 |
|---|---|
| Effective from | 01.08.2017 |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0