Providers of Digital Services

Legal entity or a natural person (an entrepreneur) providing digital service. Other identification criteria are personnel capacities of at least 50 employees and annual turnover or overall annual balance of over EUR 10,000,000.

Types of digital services

  • Online marketplace,
  • Internet searching engine,
  • Service in the area of cloud computing.

Provider of digital service is obliged notice the Authority within 30 days from the beginning of providing the digital service:

  • Name and seat
  • Contact details
  • Provided service
  • Name, seat and contact details on the representative

On the basis of the notification the Authority add the service to the list of digital services and its provider to the registry of digital service providers. The Authority may do so also on the basis of its own information, than the Authority notice the information to the provider.

The provider is obliged to notice data changes within 30 days since their creation.

Requirements of the digital service provider

Up to 6 months since the notification on adding to the registry of digital service providers, the provider is obliged to maintain appropriate security measures for the purpose of risk management as it concerns endangering the digital service continuance and the process of cybersecurity incident handling. For this reason, the provider is required to set apart additional personnel, technological, time and financial resources with the aim to provide digital service continuance. To fulfil this requirement the provider shall review particularly:

  • Security of networks and information system, including the ability to prevent and solve cybersecurity incident
  • Means for the maintenance of digital service continuance in case of cybersecurity incident
  • Accordance of networks and information system with security standards in cybersecurity area

Moreover, the provider is obliged to report every cybersecurity incident of significant impact. In the case the digital service provider to provide digital services uses services of an operator of essential service, they shall according to the Act conclude an agreement on ensuring fulfilment of security measures and notification obligations during the whole period of digital service providing. The provider inform the third part on reported cybersecurity incident in the inevitable extend, if the performance of the agreement would be impossible and the Authority did not decide otherwise. The obligation of keeping secret is not affected.

Date of the first publication , Last update