Prepare your organization for new obligations in the field of cybersecurity
New Cybersecurity Act
New Cybersecurity Act
The New Cybersecurity Act, based on the NIS2 directive, will come into effect in the Czech Republic on November 1, 2025. This legislation introduces stricter requirements for implementing both organizational and technical measures, and increases the accountability of top management. In cases of non-compliance, organizations may face substantial financial penalties, and members of senior management may have their activities suspended until the issue is resolved.
The PwC Cybersecurity team has prepared targeted training sessions that connect theory with practice, guide participants through the legal requirements, and by using real-world examples demonstrate how these challenges are addressed in companies both in the Czech Republic and abroad.
Cyber Security Act courses
- Preparation for the Lower-Level Obligations Regime
- Preparation for the Higher-Level Obligations Regime
Preparation for the Lower-Level Obligations Regime
This training is designed for organizations that fall under the lower-level obligations regime of the new Cybersecurity Act. It focuses on practical preparation for meeting legal requirements, including planning security measures, setting up internal processes, managing suppliers, and incident reporting. Emphasis is placed on the hands-on aspects of implementation from role allocation within the organization to documentation and reporting. The course includes case studies, open discussion, and actionable recommendations to help participants prepare their organizations effectively and confidently.
Who is this course suitable for?
Designated persons under the Act,
Cybersecurity managers and officers,
IT managers and department heads,
Compliance officers,
Risk managers,
Project managers responsible for implementation of the Act,
Other individuals responsible for regulatory compliance.
This course covers:
- Introduction to the topic:
- Context of the NIS2 Directive, Czech legislation, and implementing regulations, origins and key objectives,
- Key concepts and terminology:
- Definitions, core entities, and scope of applicability,
- Detailed overview of legal requirements for lower-level obligation entities, scope and application of obligations,
- Cybersecurity management processes:
- planning, documentation, and process governance,
- Organizational roles and responsibilities, task allocation, designation of responsible persons, reporting,
- Supplier management, identifying critical suppliers, contract modifications,
- Incident identification and reporting (basic principles, timelines, and procedures),
- Real-world examples, case studies and implementation insights,
- Discussion and Q&A session.
Course details:
Time: 1 day
Tutor: Petr Šimsa, Jan Hromádko, Ondřej Linhart
This course currently runs on demand only.
Preparation for the Higher-Level Obligations Regime
This training is designed for organizations that fall under the higher-level obligations regime of the new Cybersecurity Act. It focuses on the full-scale implementation of legal requirements, including asset management, risk governance, business continuity, incident reporting, and communication with regulators. Participants will gain an in-depth understanding of the legislative framework based on the NIS2 Directive, Czech law, and implementing regulations. The training emphasizes practical compliance aspects—from internal process setup to testing, audits, and employee training. A hands-on workshop with real-world scenarios and space for individual questions is included.
Who is this course suitable for?
Individuals directly responsible for implementing the Cybersecurity Act (e.g. designated IT leads or project managers),
Cybersecurity managers and officers,
Cybersecurity auditors,
IT managers and department heads,
Compliance officers,
Risk managers,
Other professionals responsible for legal compliance.
This course covers:
- Introduction to the topic:
- Context of the NIS2 Directive, Czech legislation, and implementing regulations, origins and key objectives,
- Core concepts and terminology:
- Definitions, key entities, and scope of applicability,
- Detailed overview of legal requirements for higher-level obligation entities, scope and application of obligations,
- Asset, risk, and business continuity management:
- Definition of regulated scope, risk management, mitigation measures, recovery planning,
- Supplier management, identifying critical suppliers, contract modifications,
- Incident reporting and regulator communication:
- Procedures, legal aspects, supporting documentation,
- Testing, audits, and ongoing compliance assurance:
- Penetration testing, internal/external audits, monitoring, process updates,
- Employee training and awareness programs:
- Legal obligations toward staff, training delivery, awareness raising,
- Case studies and complex scenario resolution,
- Extended discussion and individual Q&A session.
Course details:
Time: 2 days
Tutor: Petr Šimsa, Jan Hromádko, Ondřej Linhart
This course currently runs on demand only.
Do you have specific needs or need to train an entire team? We are happy to organize in-company training tailored to your requirements.
Tutors
Petr Šimsa
Petr Šimsa is a senior manager with 9 years of experience in cybersecurity and compliance. He focuses on implementing security systems according to NIS2 and ISO 27001, data protection, and cyber risk management. He holds the NIS2 Lead Implementer and ISO 27001 Senior Lead Implementer certifications.
Jan Hromádko
Jan Hromádko leads NIS2 implementations for PwC clients. In addition, he is a consultant in the field of information and data security management systems, designing changes based on NIS2 / ISO 27001 / Swift CSCF requirements. He holds the NIS2 Lead Implementer certification.
Ondřej Linhart
Ondřej Linhart is a senior manager with 11 years of experience in cybersecurity and compliance. He specializes in the implementation and analysis of security systems according to NIS2, ISO 27001, TISAX, and CSMS, as well as cyber risk management. He holds the CISSP and ISO 27001 Lead Auditor certifications.
❮
❯
Petr Šimsa
Petr Šimsa is a senior manager with 9 years of experience in cybersecurity and compliance. He focuses on implementing security systems according to NIS2 and ISO 27001, data protection, and cyber risk management. He holds the NIS2 Lead Implementer and ISO 27001 Senior Lead Implementer certifications.
Jan Hromádko
Jan Hromádko leads NIS2 implementations for PwC clients. In addition, he is a consultant in the field of information and data security management systems, designing changes based on NIS2 / ISO 27001 / Swift CSCF requirements. He holds the NIS2 Lead Implementer certification.
Ondřej Linhart
Ondřej Linhart is a senior manager with 11 years of experience in cybersecurity and compliance. He specializes in the implementation and analysis of security systems according to NIS2, ISO 27001, TISAX, and CSMS, as well as cyber risk management. He holds the CISSP and ISO 27001 Lead Auditor certifications.
