Act No. 226 / 2022 Coll.
Act amending Act No. 181 / 2014 Coll., on Cyber Security and on Change of Related Laws (Cyber Safety Act), as amended
Valid
Law
Effective from 06.08.2022
Text versions:
06.08.2022
05.08.2022
226
THE LAW
of 20 July 2022
amending Act No. 181 / 2014 Coll., on Cyber Security and the Amendment to Related Acts (Cyber Security Act), as amended
Parliament has decided on this law of the Czech Republic:
Act No. 181 / 2014 Coll., on Cyber Security and on the amendment of related laws (Cyber Security Act), as amended by Act No. 104 / 2017 Coll., Act No. 183 / 2017 Coll., Act No. 205 / 2017 Coll., Act No. 35 / 2018 Coll., Act No. 111 / 2019 Coll., Act No. 12 / 2020 Coll. and Act No. 261 / 2021 Coll., is amended as follows:
1. Paragraph 1 (2), including footnotes 6 and 17, reads as follows:
"(2) This law implements the relevant European Union6), building on the directly applicable European Union17), and governing the security of electronic communications networks and information systems.
6) Directive (EU) 2016 / 1148 of the European Parliament and of the Council of 6 July 2016 on measures to ensure a high common level of network and information systems security in the Union.
17) Regulation (EU) 2019 / 881 of the European Parliament and of the Council of 17 April 2019 on ENISA ("the European Union Agency for Cyber Security"), on the certification of cyber security of information and communication technologies and repealing Regulation (EU) No 526 / 2013 ("the Cybersecurity Act"). '.
2. In Section 22, at the end of point (x), the dot is replaced by a comma and the following point (y) is added:
"(y) is the body of certification of cyber security under Article 58 of the Cybersecurity Act 17)."
3. The following Section 22b is inserted after Section 22a, including the title:
Authorisation of conformity assessment bodies under the Cyber Safety Act
(1) Where a directly applicable European Union regulation, issued on the basis of a cyber-safety act, establishes specific or additional requirements for conformity assessment bodies in order to ensure their technical competence to assess the requirements for cyber-security, the Authority shall, in accordance with Article 58 (7) (e) of the Cybersecurity Act, establish the specific or additional requirements for conformity assessment bodies in order to ensure their technical competence to evaluate the requirements for cyber-security, in accordance with Article 58 (7) (e) of the Cybersecurity Act. 17) decide on requests to authorise a conformity assessment body and where an authorised conformity assessment body infringes the requirements of the Cybersecurity Act 17) or a directly applicable European Union regulation issued on the basis of an act on cyber security, suspension of enforceability, amendment or revocation of authorisation decisions.
(2) The conformity assessment body in the application for authorisation referred to in paragraph 1 shall demonstrate compliance with specific or additional requirements laid down by a directly applicable European Union regulation, issued on the basis of a cybersecurity act.
(3) In the decision suspending the authorisation decision referred to in paragraph 1, the Office shall set a time limit for redress. Where a conformity assessment body provides a remedy, it shall notify the Authority without undue delay. If the Office finds that the remedy is sufficient, it shall revoke the decision suspending the authorisation decision. Where an authorised conformity assessment body fails to remedy it within the time limit set, the Authority shall decide to amend or revoke the authorisation decision.
(4) The Office shall take a decision in the procedure for the application for authorisation referred to in paragraph 1 no later than 120 days after the initiation of the procedure, in exceptional cases within 180 days. "
4. In Paragraph 25, the following paragraphs 11 to 13 are inserted after paragraph 10:
"(11) The manufacturer or supplier of products, services or processes issuing the EU declaration of conformity shall commit an infringement by:
(a) issue an EU declaration of conformity, although the conditions laid down in the Cybersecurity Act are not met for its issue 17),
(b) does not retain documents and information pursuant to Article 53 (3) of the Cybersecurity Act 17),
(c) not submit an EU declaration of conformity to the Office and to ENISA pursuant to Article 53 (3) of the Cybersecurity Act (17); or
(d) does not provide information on cyber security to the extent and in the manner referred to in Article 55 of the Cybersecurity Act. 17).
(12) The holder of a European Cyber Safety Certificate shall commit an offence by not informing the relevant conformity assessment bodies of any subsequent identified vulnerability or irregularity.
(13) A natural person, legal or business, commits an offence by:
(a) abuse the mark or designation of the European Cyber Safety Certification System, the European Cyber Safety Certificate, the EU Declaration of Conformity or any other document under the Cyber Safety Act 17),
(b) falsifies or amends the European Cyber Safety Certificate, the EU Declaration of Conformity or any other document under the Cyber Safety Act 17),
(c) carry out conformity assessment activities under the Cybersecurity Act 17) to the level of the guarantee "high," even though it is not authorised to do so under Article 56 (6) of the Cybersecurity Act 17),
(d) as a conformity assessment body authorised under Article 60 (3) of the Cybersecurity Act 17) issue a European Cyber Safety Certificate for a Product, Process or Service which does not meet the criteria contained in a directly applicable European Union Regulation issued under the Cyber Safety Act,
(e) carry out a conformity assessment activity reserved for the directly applicable European Union Regulation, issued on the basis of an act on cyber security to an authorised conformity assessment body, without authorisation; or
(f) acts as an accredited conformity assessment body without accreditation under Article 60 (1) of the Cybersecurity Act 17) or outside the scope of this accreditation. ';
Paragraph 11 shall become paragraph 14.
5. in Article 25 (14) (a), the word "or" shall be replaced by a comma and the words "or paragraphs 12 or 13 shall be added at the end of the letter."
6. In Article 25 (14) (b), the words "(f) or 'are replaced by the words" (f)' and the words "or paragraph 11 'are added at the end of the text of the letter.
Efficacy
This Act shall take effect on the day following its publication.
Pekarová Adamová v. r.
Zeman v. r.
Fiala v. r.
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Act No. 226 / 2022 Coll., amending Act No. 181 / 2014 Coll., on Cyber Security and on Changes to Related Acts (Cyber Security Act), as amended |
|---|---|
| Regulation Type | Law |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 05.08.2022 |
|---|---|
| Effective from | 06.08.2022 |
| Effective until | - |
| Status | Valid |
Parliamentary Paper:
Paper No. 131
Public Contracts 5
Smlouva 2024-14S o poskytování licence, implementace a servisních služeb
Slezská nemocnice v Opavě, příspěvková organizace
DS Soft Olomouc, spol. s r.o.
20.12.2024
Notifications
GAP analýza kybernetické bezpečnosti
Město Mnichovo Hradiště
Zymestic Solutions, a.s.
75 625 CZK
07.11.2024
Smlouva o poskytování licence, implementace a servisních služeb
Zdravotní ústav se sídlem v Ostravě
DS Soft Olomouc, spol. s r.o.
1 146 354 CZK
15.07.2024
Notifications
Rámcová smlouva o spolupráci
Fakultní nemocnice Olomouc
Oscillator Labs s.r.o.
22.11.2023
Notifications
Rámcová smlouva o spolupráci
Fakultní nemocnice Olomouc
Bindworks s.r.o.
11.07.2023
Notifications
Source:
Hlídač státu
(CC BY 3.0 CZ)
The regulation text is for informational purposes only.
Comments 0