Back Czech Republic
Status regarding Budapest ConventionStatus : Party See legal profile
The Czech Republic has no specific cybercrime strategy adopted, however the National Cyber Security Strategy 2015- 2020 and the related Action Plan for the National Cyber Security Strategy were drafted by the Czech National Security Authority (NSA) and adopted by the Government in 2015.
The cyber security strategy is based on the following principles:
- Protection of fundamental human rights and freedoms and of the democratic rule of law principles.
- Comprehensive approach to cyber security based on principles of subsidiarity and cooperation.
- Trust building and co-operation among public and private sector, and civil society.
- Cyber security capacity building.
Its main goals are:
- Efficiency and enhancement of all relevant structures, processes, and of cooperation in ensuring cyber security.
- Active international cooperation.
- Protection of national CII and IIS.
- Cooperation with private sector.
- Research and development / Consumer trust.
- Education, awareness raising and information society development.
- Support to the Czech Police capabilities for cybercrime investigation and prosecution.
- Cyber security legislation (development of legislative framework). Participation in creation and implementation of European and international regulations.
State of cybercrime legislation
The cybercrime legislation of the Czech Republic is to be found in two codes, namely the Act No. 40/2009 Coll., the Czech Criminal Code, as amended (Czech Criminal Code) and the Act No. 141/1961 Coll., the Code of Criminal Procedure, as amended (Code of Criminal Procedure). There are also other relevant acts which are listed in the “Related laws and regulations” section bellow.
Article 2 of the Convention on Cybercrime (hereinafter referred to as “Convention”) is implemented by Section 230 Subsection 1 of the Czech Criminal Code.
Article 3 is embodied in Section 182 Subsection 1 lit. c) of the Czech Criminal Code.
Article 4 is implemented in Section 230 Subsection 2 lit. b) and c) of the Czech Criminal Code.
Article 5 is enshrined in Section 230 Subsection 2 lit. b), c), d) in connection with Section 230 Subsection 3 lit. b) of the Czech Criminal Code.
Article 6 is implemented by Section 231 of the Czech Criminal Code.
Actions described in Article 7 are punishable pursuant to Section 230 Subsection 2 lit. c) of the Czech Criminal Code.
Article 8 is implemented by Section 230 Subsection 3 lit. a) of the Czech Criminal Code.
The criminal conduct detailed in Article 9 is criminalized by Section 192 and Section 193a in conjunction with Section 126 of the Czech Criminal Code.
Article 10 is covered by Section 270 of the Czech Criminal Code.
The criminal conduct described in Article 11 is fully implemented by Sections 21, 23 and 24 of the Czech Criminal Code.
The criminal conduct of legal persons detailed in Article 12 is fully implemented by Act No. 418/2011 Coll., on Criminal Liability of Legal Persons and Proceedings against Them as amended (Sections 7 and 8).
The rules on expedited preservation of stored computer data (Article 16) are embodied in Section 7b Subsection 1 of the Code of Criminal Procedure. The rules on expedited preservation and partial disclosure of traffic data (Article 17) are enshrined in Section V (data protection, services and electronic communications networks) of the Electronic Communications Act. In accordance with Section 97 Subsection 3 of the Electronic Communications Act, a legal or natural person providing a public communications network or providing a publicly available electronic communications service is obliged to store traffic and location data for a period of 6 months. This legal or natural person, who stores traffic and location data, is obliged to provide it without delay to the law enforcement authorities for the purposes and in compliance with the conditions stipulated by Code of Criminal Procedure. The police is authorised to request traffic data in the criminal proceedings pursuant to Section 88a of the Code of Criminal Procedure, and in the situation of monitoring people and things based on Police Act.
The rules that enable the production of data [Article 18(1)(a)] are provided in Sections 78 and 79 of the Code of Criminal Procedure.
The production of subscriber data by service providers [Article 18(1)(b)] is to be found in Section 66, Act No. 273/2008 Coll., on the Police of the Czech Republic.
Article 19 (search and seizure of stored computer data) is embodied in Sections 82 - 85(b) of the Code of Criminal Procedure.
The rules on interception of data (Article 21) are enshrined in the Code of Criminal Procedure (Sections 88, 88a and 158d), Electronic Communications Act [Section 97 Subsection 1, 2 and 8)], and Act on protection of classified information and security eligibility.
General rules and safeguards apply. Supervision over compliance with the legality in pre-trial proceedings shall be conducted by the public prosecutor [§ 174 Subsection 1 of the Code of Criminal Procedure No. 141/1961 Coll.]. There is also a possibility to request for a review of actions taken by a police authority and public prosecutor according to Section 157a of the Code of Criminal Procedure.
The restrictions and limitations in investigation procedure contained in Article 15 are implemented by international treaties to which the Czech Republic is a party, namely e. g. the European Convention on Human Rights (Art. 8) and the Charter of Fundamental Rights and Freedoms (Art. 13).
Related laws and regulations
Besides the abovementioned codes, there are important acts related to the cybercrime area:
Act No. 273/2008 Coll., on the Police of the Czech Republic
Act No. 127/2005 Coll. on Electronic Communications as amended (Electronic Communications Act).
Act No. 418/2011 Coll., on Criminal Liability of Legal Persons and Proceedings against Them
Act No. 412/2005 Coll. on Protection of Classified Information and Security Eligibility
Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime No. 33/1997 Coll.
Act. No. 110/2019 Coll. on processing of personal data and the Act No. 111/ 2019 Coll., amending some acts in relation to the adoption of the act on processing of personal data became effective as late as of 24 April 2019 (Source: Information on the recent developments at national level in the data protection field) replacing Act No. 101/2000 Coll., on the Protection of Personal Data.
National Cyber and Information Security Agency (NCISA) is the central body of state administration for cyber security, including the protection of classified information in the area of information and communication systems and cryptographic protection.
The National Cyber Security Centre has been established by the National Cyber and Information Security Agency and its main task is to coordinate cooperation on national and international levels in order to prevent cybernetic attacks, to propose and adopt measures for incident solving and against ongoing attacks.
Ministry of the Interior of the Czech Republic
Ministry of Justice
Supreme Public Prosecutor’s Office
Police of the Czech Republic, National Organized Crime Agency, Criminal Police and Investigation Service, Cyber Crime Division is designated 24/7 point of contact according to Article 35 (Budapest Convention on Cybercrime).
The Czech Republic has also two cyber incident response teams: 1) a Government Computer Energency Response Team (GovCERT.CZ) and 2) a national Computer Security Incident Response Team (CSIRT.CZ). (Source: https://www.cyberwiser.eu/czech-republic-cz)
Competent authorities and channels
If the mutual legal assistance in criminal matters is concerned, the judicial authorities to execute the request in principle are the courts and the state prosecutor’s offices (judicial authorities).
There are two central authorities for the mutual legal assistance in criminal matters.
The Supreme Public Prosecutor’s Office of the Czech Republic is the competent central authority in the pre-trial stage of criminal proceedings whereas the Ministry of Justice of the Czech Republic is the competent central authority for the trial stage of criminal proceedings and when extradition and execution of sentences is concerned.
Unless the international treaty provides for a direct contact of judicial authorities, there is a contact via central authorities.
Complying with Article 35 of the Budapest Convention, a contact point was established. It is based at the Cyber Crime Division, National Organized Crime Agency, Criminal Police and Investigation Service (Police of the Czech Republic).
Practical guides, templates and best practices
The Czech Republic signed and ratified almost all of the conventions and treaties on international cooperation in criminal matters within the Council of Europe, the European Union and the United Nations. The Czech Republic is also a Member State of OECD and has almost 40 bilateral Treaties on mutual legal assistance in criminal matters.
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.