Operators of Essential Services

 According to Act No. 69/2018 Coll on cybersecurity the essential service is a service recognized in the list of essential services and

  1. is depending on networks and information systems and is carried out at least in one sector or subsector,
  2. is an information system of public administration, or
  3. is an element of critical infrastructure.

The Authority shall add an essential service to the list of essential services and its operator to the registry of essential services operators

  1. on the basis of the notification of a service operator,
  2. on the basis of an initiative of a central body, if an excess of the identification criteria of the operated service was reached,
  3. on the basis of own initiative if they learned on the excess of identification criteria and there was not made any step in accordance to previous items.

Impact identification criteria taking into account especially

  • Number of users using essential service
  • Dependency of other sectors of the essential service
  • Effect the cybersecurity incidents might have as to the extend, lasting time on economic and social activities and interests of the state or on the state security
  • The market share of the service operator
  • Geographical extension as to the area possibly affected by cybersecurity incident
  • Importance of the essential service operator as to the maintenance of providing service continuity

Specific sectorial identification criteria are taking into account criteria given by general binding regulation issued by the Authority.

The service operator is obliged to notice the Authority the excess of the impact criteria at least within 30 days since the excess discovery. They notice the Authority the specific sector criteria excess within the same period and even in case the impact criteria excess was not recognised.

Date of the first publication , Last update