Cyber and information security

← Back to services

Cyber and information security

We provide comprehensive legal services in the field of cyber security and information security. In today’s digital world, data is one of the most valuable assets of both private companies and public administration organizations. Protecting this data is essential not only for successful business, but also for the effective and secure functioning of public institutions. European and Czech legislation impose a number of obligations relating, for example, to IT infrastructure security, regular risk assessment, the introduction of internal procedures for incident response, and the reporting of cyber-attacks. The scope of obligated entities has recently been significantly expanded to include organizations that were not previously subject to any legislative obligations.
We provide our clients with practical and functional tailor-made solutions, which we adapt to the individual needs of each client in cooperation with our colleagues who are experts in technical and subsidy issues.

The basis is a thorough legal analysis of the impact of the legislation (NIS2 Directive, DORA Regulation, Critical Infrastructure Act, Cybersecurity Act and its implementing regulations) and a gap analysis to help map the threats in the client’s existing environment. Based on the findings, we provide legal and technical consultations for the implementation of key security measures in cooperation with the client’s expert representatives.

We help clients integrate cyber and information security systems into their organizations and human resource management so that employees are not only informed but also actively contribute to the protection of sensitive data, information, and systems. We are able to incorporate the proposed measures into contracts concluded with suppliers and ensure that the client’s supply chain complies with the requirements of cyber legislation. We also provide analyses and implementation steps for suppliers who offer and provide goods or services.

We represent clients before public authorities in connection with obligations arising from cyber legislation (including the designation of regulated services) or in the administration of selection and tendering procedures in the field of cyber security.

We are also able to perform subsidy screening and apply for subsidies on behalf of clients to strengthen cybersecurity in their organizations.

List of services

Legal analysis of the impact of the NIS2 Directive and the Cybersecurity Act
Assistance with the preparation of security documentation, setting up security processes, conducting cybersecurity audits or gap analyses
Analysis of warnings and other measures issued by the National Cyber and Information Security Agency (NÚKIB), including their implementation in the client’s organization (in internal regulations, contracts with suppliers, public procurement)
Support in implementing measures in accordance with the Critical Entities Resilience Directive (CER) and the Digital Operational Resilience Regulation (DORA)
Transfer of cyber and information security requirements to contractual documentation with suppliers, adjustment of conditions for secure data handling, contractual assurance of liability in accordance with legislative requirements
Support in integrating the cybersecurity system into human resources management, including security trainin
Representation before public authorities (NÚKIB) in connection with obligations arising from cyber legislation (including the designation of regulated services).
Administration of selection and tendering procedures, including consideration of risk analysis results in contractual and tendering conditions
Support for suppliers offering their services to public procurement contractors in the field of cybersecurity.
Ad hoc legal and technical consultations on the implementation of key security measures, including mediation of the analysis of existing processes, applications, and personnel and organizational security
Legal assistance in fulfilling obligations related to the use of cloud computing services, both for providers and customers, including registration in the cloud computing list
Setting up legal measures to be taken into account in contracts with suppliers and ensuring that the supply chain complies with cyber legislation requirements
Identification of suitable sources of grant funding, including the possible preparation of documentation for drawing on grant funds earmarked for cyber security

In this area, we have already addressed

Consulting in the area of cybersecurity

Continuous provision of ad hoc legal advice on issues related to the provision of cybersecurity services for clients and legal entities established by the region.

Vulnerability detection and management system

Consultation, setting of tender and contractual conditions for the implementation of a vulnerability detection and management system, including service, technical, and expert support.

Strengthening cybersecurity in hospital facilities

Preparation of tender documentation, contractual arrangements, and comprehensive administration of tender procedures for several hospital facilities, including consideration of requirements arising from risk analyses.

HW appliance solution using advanced methods of detection, analysis, filtering, and blocking of malicious content, network monitoring

Representation of the region in repeated cases involving the implementation of measures aimed at strengthening cybersecurity, using subsidy resources.

Consulting in the area of cybersecurity with the establishment of a contractual relationship

Representation of the client in securing a comprehensive in-house cybersecurity solution in connection with the impact of new legislation.

Regional monitoring center

Preparation of tender and contractual conditions, including comprehensive administration of the management of cybersecurity monitoring center (SOC) services for the region’s technology center systems.