Certification procedure

FAQ

What is a security clearance?
The public calls it a certificate for a certain level of classification. However, this is the very process of the so-called ‘security procedure’, in which the applicant’s compliance with the conditions for issuing an authentic instrument is verified.
If someone is to have access to classified information or to carry out sensitive activities, the NSA verifies security reliability and other statutory requirements.
How's it going? You will apply to the NSA for a certificate of a individual person (more here), or entrepreneurs (more here). If applicable, proof of safety capability (more here). We will then start the process of security management (security clearance).
During this process, we will collect, for example, the following information: Your personal data, past and present employment, financial and property relations, family and social relations or criminal history.
How long does it take?
The statutory time limit for issuing a decision of the NSA in proceedings for issuing a certificate of a natural person is for the degree:

Confidential - 2 months,

Secret - 6 months,

Top secret - 9 months.

The statutory time limit for issuing the decision of the NSA in the procedure for issuing the certificate of the entrepreneur is for the degree:

Confidential - 6 months,

Secret - 8 months,

Top secret - 10 months.

The legal deadline for issuing a decision of the NSA in the procedure for issuing a security certificate is:

75 days.
Industrial security - Declaration by the entrepreneur
To what extent do we have to keep the security documentation of the entrepreneur? In what areas?

The entrepreneur is obliged, according to the form of access to classified information, to keep documentation in the scope of Section 98(c) of the Act.

Where can I get a model statement from an entrepreneur?

The details of the entrepreneur’s declaration are set out in the Decree on Industrial Security (Annex 7), on the NBÚ website: here, or can be used NBÚ portal.

What do we have to do after the declaration is issued?

To have conditions appropriate to the form of access to classified information (Section 20 of the Act) and the relevant type of ensuring its protection (Section 5 of the Act).

The responsible person shall hold a valid notification of compliance with the conditions for access to restricted classified information, a natural person certificate or a security clearance document.

Prepare and have stored the security documentation of the entrepreneur in the scope of Section 98(c) of the Act, also update it.

What does it mean to provide the security documentation of the entrepreneur to the provider, how will it be implemented in practice?

The entrepreneur is obliged, if the provider of classified information so requests, to submit for preview the security documentation of the entrepreneur (the provider has the right only to inspect this document).

Does the entrepreneur’s declaration cease by issuing the entrepreneur’s certificate if the entrepreneur’s declaration was made for access to classified information pursuant to Section 20(1)(a) of the Act, and the entrepreneur’s certificate was is

No, after the amendment to the Act effective from 1.1.2024, the declaration of the entrepreneur does not expire in this case.

How many statements can an entrepreneur make?

The entrepreneur will make as many statements of the entrepreneur as the providers will have reserved information.

What and when, as an entrepreneur who has made a declaration of an entrepreneur, do I have to report to the NSA?

The Security Director must be notified (within 15 days from the date on which the position of Security Director was filled).

In the event that classified information is only generated by the entrepreneur, the NBÚ is obliged to send the entrepreneur's declaration immediately after making it. In this case, he is also obliged to immediately notify the NSA of the termination of access to classified information or the termination of the validity of the entrepreneur's declaration on the date of delivery of the entrepreneur's certificate, the cancellation or termination of the entrepreneur, if he ceased to meet the conditions, the fulfilment of which authorized him to make the entrepreneur's declaration (Section 15a(1) of the Act), or by changing any of the data specified in the declaration of the entrepreneur.

In the case of Section 15a(3) of the Act the entrepreneur is obliged to make and immediately hand over to the NBÚ a new declaration of the entrepreneur, if after the expiration of the validity of the original declaration of the entrepreneur under Section 15a(5)(a) or (f) of the Act continues to be in urgent need of access to restricted classified information.

If I hold an Entrepreneur’s certificate at Confidential level only for ‘knowing about classified information’ and I am producing or being provided with restricted classified information, can I make a declaration by the Entrepreneur?

Yes, in this case, the entrepreneur can hold a certificate of the entrepreneur and make a declaration of the entrepreneur. However, if the entrepreneur holds a certificate of the entrepreneur for access to classified information in full (access according to Section 20(1)(a) of the Act), the declaration of the entrepreneur does not make.

Personnel security

Can the instruction pursuant to Section 9 of Act No 412/2005 be signed electronically by persons who have access to classified information of the level Reserved pursuant to Section 58a of the Act, instead of a physical signature?

Instruction pursuant to Section 9 of Act No. 412/2005 Coll. may be signed by a recognised electronic signature of the instructing and instructing person, while an advanced electronic signature established with the employer shall suffice. However, in this context, we would point out that if the instruction given in electronic form is only printed, it is only a simple copy. In order for such information to be used in paper form to prove that the natural person has been informed in accordance with Section 9 of the Act, it is necessary to carry out an authorised conversion of a document in accordance with Act No 300/2008 on electronic acts and authorised conversion of documents, as amended (‘Act No 300/2008’), as a copy, that is to say, the original, is required by law.
According to Section 22(1)(b) of Act No 300/2008, conversion means the complete conversion of a document contained in a data report into a document in paper form in a manner ensuring the conformity of the content of those documents and the addition of a clause. Pursuant to Section 22(2) of Act No 300/2008, a document resulting from the conversion has the same legal effects as a document resulting from the conversion. For the purpose of issuing instructions to persons who have access to classified information of the reserved level pursuant to Section 58a of the Act, conversion may be accepted ex officio pursuant to Section 23(2) of Act No 300/2008, but of course conversion on request pursuant to Section 23(1) of Act No 300/2008, which may be done only by entities defined by law, will also be accepted.
In the questionnaire under point 7.12 Financial obligations, you have indicated that I should also indicate the obligations arising from a contract concluded with a legal person that is not a consumer credit provider under the Consumer Credit Act

This is, for example, a loan from your employer, the municipality. The provision of this information is newly required from 1.1.2026.
Information on health and other professional care and its impact on the issuance or possession of an authentic instrument

Why do I need to include information on healthcare and treatment in the questionnaire?
In security procedures, the NSA evaluates compliance with various statutory conditions for access to classified information. One of the conditions relates to a state of health, the quality of which, in certain situations, can affect the normal functioning of an individual, and also have an impact on his reliability. It is therefore necessary for the NSA issuing the public document to assess whether the state of health of individual individuals is not an obstacle to access to classified information, or whether this state of health cannot pose a security risk and affect the security reliability of the individual. It is not a newly established practice, the NBÚ even before the amendment of the law, requested and assessed points related to health care, namely points related to psychiatric treatment and psychologist care, which were the content of the declaration of personality, statutory mandatory requirements of the supporting materials.
I am being treated by a psychiatrist and/or other doctor, I am going to see a psychologist. Does this mean that I cannot be issued with a certificate or does this information lead to the invalidation of an already issued public document by the NSA?
No, I don't. No professional treatment or care provided by an individual in his/her questionnaire is, and cannot in itself, a priori be negatively assessed. However, this is one of many aspects that the NSA needs to verify and assess in the case of natural persons in certain circumstances. The issue of health status is a very complex fact and therefore it is not possible under any circumstances to determine in advance, on the basis of the information provided by the natural person in the questionnaire, whether the information is negative. In some cases, contact with a psychiatrist or psychologist, for example, can also prove to be a positive aspect. This is a very specific and diverse range of life circumstances of a natural person and if the NSA concludes that it is necessary to verify the data in this case by various steps in the procedure, it has specialised experts who are competent in the matter of valid assessment of information relating to health status and its impact on the safety reliability of a natural person. In some cases, the NSA may also decide on the necessity of appointing an expert in accordance with Section 106 of the Act.
I'm being treated by a doctor, but I don't know my diagnosis. What should I do to complete the questionnaire?
The questionnaire of a natural person shall contain, at the point focused on health care, a box through which the diagnosis is made. However, there are cases where a natural person does not know his diagnosis and/or is not sure about it, or some time has passed since receiving healthcare and the party to the proceedings does not remember his diagnosis. In this case, it is not necessary to complete the diagnosis and the difficulties encountered by the natural person or in the past can be described in detail. In certain circumstances, the NSA may then find it necessary to verify or refine that information, for which it uses various actions in the proceedings. The verification of that information relating to health and other professional care may also be carried out for the purpose of verifying the information provided by a party to the proceedings.
Do I have to report to you when I took out a loan from an employer?

YES, provided it exceeds CZK 100,000 or five times your average monthly ‘net income’, whichever is higher. This obligation has been established since 1.1.2026.
This also applies if you took out this loan before 1.1.2026 and it has not been repaid yet.
I'll apply for a Certificate of Confidentiality. Do I need to provide a birth certificate?

No, as of 1.1.2026, the birth certificate for the application for the issue of a certificate is no longer documented.
How long can the Entrepreneur retain the documents for notification to the Reserved?

Act No. 412/2005 Coll. deals with the issue of the longest possible retention period of documents, notices, instructions, which lead the entrepreneur to notify the Reserved (this area is not regulated for entrepreneurs by Act No. 499/2004 Coll., on Archives and Records Service and on Amendments to Certain Acts, as amended). From a practical point of view, it is advisable for the entrepreneur to specify for the above-mentioned documents the period for which he will keep them, and after this period he will be able to proceed with their destruction. It is conceivable that, for example, within the framework of state supervision carried out by the NSA, it will be ascertained whether any of the employees of the entrepreneur had access to classified information classified at the level of the Reserved or not and if he was the holder of the notification (the question of the legitimacy of access of a particular person could also be addressed, for example, by administrative punishment or in criminal proceedings, where the said documents will be in the nature of documentary evidence). In any case, documents, notices and instructions for access to classified information classified at the reserved level should be kept for the period of their validity, i.e. unless the notice ceases to be valid pursuant to Section 9(3) of the Act. In the event that the validity of the notification expires, a copy of the notification, instructions and supporting documents for verifying compliance with the conditions under Section 6(2)(a) and (c) of the Act keep for a maximum of 5 years from the date of expiry of the notification (§ 9 dst. 2 of the law).
Do I have to report to you when I took out a loan from the municipality?

YES, provided it exceeds CZK 100,000 or five times your average monthly ‘net income’, whichever is higher. This obligation has been established since 1.1.2026.
This also applies if you took out this loan before 1.1.2026 and it has not been repaid yet.
What are the most common deficiencies when applying for a certificate?

The most common shortcoming is that applicants do not declare and document income for a period of 10 years retrospectively. The requirements for the presentation of the receipts in the questionnaire and proof of receipts are as follows.
Indication of receipts in the questionnaire for the last 10 years:
1. In case you have filed a tax return in the last 10 years and you did not have income not declared in the tax return, please fill in the questionnaire every year and the option “Submitted a tax return“ tick YES and select the option ‘Submitted a tax return, I do not have income not included in the tax return’.
2. If you have filed a tax return in the last 10 years and at the same time have received income that is not included in the tax return (e.g. a retirement allowance), please fill in the questionnaire every year and select ‘Submitted a tax return“ tick YES and select the option ‘Submitted a tax return, I also have income not included in the tax return’ and fill in the type of income, amount and currency.
3. If you have not filed a tax return in the last 10 years, please fill in the questionnaire every year and select "Submitted a tax return“ tick NO and fill in the type of income, amount and currency.
You do not include state social support benefits and contributions, sickness insurance benefits and unemployment benefits in the questionnaire.
Proof of income over the last 10 years:
1. You are documenting only income that is not part of your tax return to the relevant tax office, if this income in the case of one type exceeds CZK 100,000 per calendar year. This means that if the limit of CZK 100,000 per calendar year is exceeded, you can prove, for example, your salary (unless it is part of your tax return to the relevant tax office), service allowance, old-age pension, insurance benefits, scholarship, subsidies, etc.
2. You do not substantiate benefits, social security contributions, sickness insurance benefits, unemployment benefits regardless of their amount, or any income that is part of your tax return to the relevant tax office.
Please note that the taxpayer's declaration you complete with your employer (pink form) is not a tax return.
Please note that if you are submitting tax return abroad, it is the duty to fill in the receipts included in the questionnaire and also to prove them.
How does an individual demonstrate his/her authorisation to access classified information classified at the level reserved pursuant to Section 58a of Act No 412/2005?

The new law comes into effect on 1. 1. By 2025, Section 58a sets out the circle of persons who have access to classified information classified at the level Reserved without valid notification for the duration of the service or employment relationship and to the extent necessary for its performance. This is a
a) members of the security forces,
(b)) civil servants,
soldiers in active service; and
d) public prosecutors,
if such persons are instructed and assigned on the spot or perform functions in which it is necessary to have access to classified information and which are listed in the overview pursuant to Section 69(1)(b) of the Act.
Section 9(1) of the Act shall apply mutatis mutandis to the instruction of such persons. It follows from the above that, in order to instruct persons with special access to classified information classified at the level reserved pursuant to Section 58a of the Act, the model of instructing pursuant to Section 9(1) of the Act, set out in Annex 3 to Decree No 300/2024 on personnel security and security capability, is to be used. In the relevant instruction, the NSA recommends the indication ‘Section 58a of the Act’ in the field ‘Date of issue of the notification’, as the persons referred to in Section 58a of the Act are not issued with a notification under Section 6 of the Act and are entitled to access classified information directly by law, subject to the above conditions.
In order to prove the authorisation to access classified information classified at the level reserved pursuant to Section 58a of the Act, it is necessary to present the service card of the relevant employee/member (if issued to the person concerned) and the above-mentioned information. If the instruction does not contain a reference to Section 58a of the Act, this does not affect the validity of the instruction and the authorisation of the individual to access classified information classified at the level reserved pursuant to Section 58a of the Act. It is essential that the natural person concerned has been informed in accordance with Section 9(1) of the Act and that he also meets the other conditions laid down by law for access to classified information in accordance with Section 58a of the Act.’
Does Section 58a(1)(b) of Act No 412/2005 on the protection of classified information and security capacity, as amended, apply only to civil servants in a civil service relationship or also to state employees in an employment relationship?

Section 58a(1)(b) of the Act applies to civil servants, i.e. employees under Section 6 of Act No 234/2014 on the civil service, as amended, i.e. civil servants in a civil service relationship, not state employees in an employment relationship.
Such special access to classified information at the level reserved for civil servants shall be subject only to the performance of the service, to the extent necessary for the performance of the service. At the same time, for access to classified information at the security classification level Reserved, the presumption must be fulfilled that the individual is instructed and assigned on the spot or performs a function for which it is necessary to have access to classified information at the relevant security classification level and which is listed in the overview pursuant to Section 69(1)(b) of the Act. After the termination of the service relationship or the change of the service office, the natural person is deemed not to have been informed, and if he or she had access to classified information, it is necessary to proceed in accordance with Section 11a of the Act, i.e. it is necessary to carry out so-called de-information.
I have a recognised electronic signature with my employer. Can I use this signature to electronically sign an application for a natural person’s certificate?

NO, only a recognised electronic signature established for you as a private individual, not for you as an employee of the employer, is accepted by the NSA for the signature of an application for the issuance of a certificate of a natural person.
I want to apply for a Secret Certificate. What do I need to prove?

1. the application for the issue of a certificate,
2. justification of the need for access to classified information to be filled in and provided by the employer;
3. a declaration of waiver of the obligation of confidentiality of the locally competent tax administration,
Questionnaire 4,
5. photo of the licence type,
6. confirmation of income listed in the questionnaire with an indication of its amount (net income), and only if it is not part of the tax return, for the last 10 years and at the same time if it exceeded CZK 100000 in one calendar year.
Detailed information on how to apply for a certificate can be found here
I changed my last name, what should I do?

If there has been a change of surname after 1.1.2025, you do not take any action in relation to the issuance of a new certificate of a natural person. When the NBÚ receives information from the basic registers, it will issue you with a new certificate without delay. If you are also a holder of a "NATO certificate", it will also issue you with a new "NATO certificate" and send you both public documents to the contact address. Upon receipt of a new certificate (certificate "NATO") you are obliged to return the originally issued certificate (certificate "NATO") to the NSA within 15 days from the date on which the new certificate (certificate "NATO") was delivered to you.
Certain obligations related to the reporting of changes may be related to the change of surname. Details on how to report changes can be found here.
What is the validity of the reserved notification and when does it expire?

Period of validity of the Notification on Dedicated is not limited in time that the person who issued the notice has Obligation to verify every 5 years in the case of a natural person, again the conditions after his extradition (or, in case of reasonable doubt, even before the expiry of this period).
Validity of the reserved notification expires:
1. by serving notice of non-fulfilment of the conditions of good repute or legal capacity,
2. the termination of a service relationship or an employment, membership or similar relationship in which a natural person has been granted access to classified information,
3. the establishment of a service relationship or an employment, membership or similar relationship in which a natural person is to be granted access to classified information, if the notice has been issued by the NSA or the so-called provider of classified information,
4. the death of a natural person,
5. by reporting its theft, loss,
6. by reporting damage resulting in the illegibility of the entries in the notice or a breach of its integrity,
7. the delivery of the notification of non-compliance with the obligation to submit up-to-date documents to verify the conditions for its issuance (documents to verify integrity and legal capacity),
8. by returning the notification to the person who issued it and, if it is not, the NSA,
9. the fifteenth day from the date of delivery of the certificate of the natural person or document, or
10. a change in any of the data contained in it.
I'm a businessman and I'm a payer on a flat-rate basis. How do I prove NBÚ's income?

1. If you are a flat-rate taxpayer and you are required to keep records of income from self-employment for the purpose of proving the amount of decisive income for the selected flat-rate band, then when applying for a certificate, you will document business income with these records.
2. If you are a flat-rate taxpayer and you are not obliged to keep the above records, then when applying for a certificate, you will provide proof of business income with statements of account or invoices (income documents) and at the same time you will inform in writing which flat-rate scheme you are in.
In this work we have the possibility to perform authorized conversion of documents according to Act No. 300/2008 Coll. Can I use this conversion to send an electronic request for a natural person’s certificate?

If the conversion is ex officio (Section 23(2) of Act No 300/2008), this option is not accepted by the NSA. Only conversions pursuant to Act No 300/2008 may be used upon request (Section 23(1) of Act No 300/2008).
What are the rules for learning?

A natural person shall be briefed, at the latest before first access to classified information of a certain level, on his or her responsibilities in handling and handling classified information and on the legal standards in the area concerned – model instruction – here
The instruction is always signed by the person who carried it out (usually the person responsible or designated by him) and the natural person. For the RESTRICTED level, it is made in two copies, one of which is handed over to a natural person and one is stored by the person who carried out the instruction in a place designated for the storage of these documents within the meaning of Section 68(1) of Act No 499/2004 on archiving and filing services and amending certain acts. For the CONFIDENTIAL, SECRET and TOP SECRET grades, the instruction shall be drawn up in three copies. One shall be handed over to the natural person, one shall be stored by the person who carried out the instruction in a place reserved for the storage of such documents and a copy shall be sent by the NSA. A copy of the instruction can also be sent to the NSA electronically.
The information shall cease to be valid upon termination of the notification of compliance with the conditions for access to classified information, document or certificate of a natural person, as well as upon termination of the service relationship or employment, membership or similar relationship in which a natural person has been granted access to classified information, i.e. in cases where a new service relationship or employment, membership or similar relationship subsequently arises, it is the duty of the responsible person or the person designated by him to inform the natural person again.
If a natural person holds a valid national certificate of a natural person and the responsible person knows that the natural person will also have to hold a 'NATO certificate', the responsible person may instruct the natural person and tick in the instruction that the natural person has been acquainted with NATO regulations without the natural person already being a holder of a valid 'NATO certificate', thereby fulfilling, within a single instruction, the obligation laid down both for access to national classified information and for access to NATO classified information. In this case, the instruction shall indicate the number of the national certificate of the natural person. As part of the lessons learned, you can get acquainted at the same time with all legislation in the field of classified information, i.e., with the regulations of NATO, the EU.
If a natural person holds a valid national certificate of a natural person and is briefed, and subsequently a "NATO certificate" is issued to the natural person, the natural person must be re-instructed, stating in the instruction the number of the "NATO certificate" and ticking that the natural person has been acquainted with NATO regulations. This does not apply if, in the first instruction made to the national certificate of a natural person, it has already been ticked that the natural person has been acquainted with NATO regulations (i.e., has been acquainted with them without being issued with a "NATO certificate") – in this case, the natural person is no longer acquainted with them again.
Can I send an application to the NSA for the issuance of a certificate of a natural person via the employer's data box?

An application for the issuance of a certificate of a natural person can be sent to the NBÚ by a data box only if this data box is established for you as a natural person or a natural person doing business.
What rules apply to the recognition of a security authorisation issued by an authority of a foreign power?

At the request of the security authorisation holder, the NSA shall recognise the foreign security authorisation. An application may also be made through an office of a foreign power competent for the protection of classified information. These are cases where this is allowed by an international treaty by which the Czech Republic is bound, or where recognition is in accordance with the Czech Republic's foreign policy and security interests. There is no legal right to such recognition. The application shall be accompanied by an official translation of the security authorisation or a certified copy thereof; such documents shall not be required where the application is made through an office of a foreign power competent for the protection of classified information, provided that the latter confirms on the application that the applicant is in possession of the relevant security authorisation. The application shall also state the reason why recognition is to be given and the period for which recognition is to be given. Model application - here
If the security authorisation is recognised, the responsible person shall instruct the natural person. Model of instruction: here
More information on recognition can be found here
What rules apply to consent to one-time access to classified information?

The NSA may, in exceptional and justified cases, grant one-time access to classified information at a level higher than that for which a valid natural person certificate is issued, but for a maximum period of 6 months; one-off access shall not be granted to TOP SECRET classified information. One-off access may therefore be granted only for access to classified information classified SECRET.
The request for one-off access shall always be in writing, signed by the responsible person and shall include a justification of the need for one-off access, an indication of the area of classified information to be accessed and the required one-off access time. The application shall be accompanied by a copy of the certificate of the natural person. The same person can only be given consent once and is not legally entitled to it. If this is the case, the consent is given within 5 days at the latest.
If consent is given, the responsible person shall instruct the natural person. Model of instruction: here
One-time access to NATO classified information may only be granted in accordance with NATO requirements.
How and what changes should I report to the NBÚ?

List of changes that you are obliged to notify, including information on how and in what form you will find here
I want to apply for a Secret Certificate. How am I supposed to do that?

The application can be submitted via the NBÚ Portal, when this method of administration is recommended by the NSA, As it is convenient and user-friendly for users, you can make the entire submission conveniently from anywhere, with no need to visit the NSA.
The application can also be submitted by delivery to the NBÚ data box (NBÚ ID – h93aayw) or to the electronic mailroom This email address is being protected from spambots. You need JavaScript enabled to view it. with a recognised electronic signature established for private purposes. In addition, the application can be submitted in person after ordering on tel. no. 257283225 in the filing office of the NBÚ headquarters or sent by post or by the holder of a special postal licence to the address of the National Security Office, P.O.BOX 49, 15006, Prague 56.
Detailed information on how to apply can be found here.
Is there a difference between the first and the second application for a certificate?

No, you submit exactly the same background materials and complete the questionnaire in its entirety. The only exception is a curriculum vitae, where, when you submit a repetitive application for the issue of a certificate, you limit yourself to providing information since the previous application was submitted.
What rules apply to special access to classified information under Section 58 of the Act?

The President of the Republic, deputies and senators of Parliament, members of the Government, the Ombudsman and his deputies, judges and members of the Supreme Audit Office, including the President and the Vice-President, shall have access to classified information without a valid certificate from natural persons and instructions. Such persons shall have access from the date of their election or appointment for the entire duration of their duties and to the extent necessary for the performance of those duties.
In the context of criminal proceedings, civil judicial proceedings, administrative proceedings and administrative judicial proceedings, persons without a valid certificate of a natural person shall be granted access to classified information for the purpose of exercising their rights and fulfilling their obligations in such proceedings. The conditions and the list of persons concerned by such a possibility are laid down in the Code of Criminal Procedure, the Code of Civil Procedure, the Code of Administrative Procedure and the Code of Administrative Procedure. Access to classified information is also granted in these cases on the basis of instructions, which must include the file reference of the subject matter of the proceedings and instructions that data on persons with special access are recorded by the NSA. The information shall be provided by the person for whom the Code of Criminal Procedure, the Code of Civil Procedure, the Code of Administrative Procedure or the Code of Administrative Procedure so provides, and shall be signed by the natural person at the same time. Model of instruction: here
In pre-trial proceedings, one of the stages of criminal proceedings, the instruction of the persons referred to in Section 51b(1) of the Code of Criminal Procedure shall be carried out by the police authority or the public prosecutor and, in proceedings before the court, by the presiding judge. According to a well-established theoretical interpretation of Section 51b(1) of the Code of Criminal Procedure, that person is also a juror in court (another person who must participate in criminal proceedings). A copy of the instruction shall be sent by the person who carried out the instruction no later than 30 days from the date of the instruction to the NSA.
A natural person acting for the benefit of an intelligence service, an informant or a natural person who is granted special or short-term protection under a special regulation, or an intelligence officer who is placed in a special reserve or assigned to a special disposition, may be granted access to classified information without a valid certificate from the natural person. The instruction shall be given by the person who allows access to the classified information.
The persons referred to in paragraphs 1, 2, 3 and 4 shall not have access to NATO classified information, with the exception of the President of the Republic, Members and Senators of Parliament, members of the Government and judges dealing with classified information of a foreign power, who shall be informed, prior to first access to classified information of a foreign power, of their rights and obligations with regard to the protection of classified information of a foreign power. In criminal proceedings, jurors adjudicating in cases where classified information of a foreign power is handled, the accused, the person involved, the injured party, their legal representative, guardian, agent, confidant, lawyer, expert and interpreter shall also have access to classified information of a foreign power, subject to the prior consent of the foreign power, to the extent necessary for the exercise of their rights and the fulfilment of their obligations in such proceedings. Prior to first access to classified information of a foreign power in proceedings, the persons referred to in the previous sentence shall be informed of the rights and obligations in the field of protection of classified information of a foreign power. The instruction shall be given in the pre-trial proceedings by the police authority or the public prosecutor and in the proceedings before the court by the President of the Chamber. The instruction shall be signed by the natural person and by the person who carried out the instruction; one copy of the instruction shall be handed over to the natural person by the person who carried out the instruction, one copy shall be placed in the file and a copy shall be sent by the NSA; a copy of the instruction may also be sent to the NSA electronically.
What rules apply to access to classified information under Sections 58a, 58b, 58c of the Act?

Section 58a of the Act
Persons having access to classified information at security level Reserved without valid notification for the duration of the service or employment relationship and to the extent necessary for its performance shall be:
a) members of the security forces,
b) civil servants,
c) Soldiers in active service a
d) prosecutors,
if they are instructed and assigned on the spot or perform functions in which it is necessary to have access to classified information and which are listed in the summary pursuant to Section 69(1)(b) of the Act.
Section 9(1) shall apply mutatis mutandis to the instruction of such persons.
In the event of termination of the service or employment relationship or in the event of a change in the service office of these persons, the natural person shall be deemed not to have been informed and, if he or she had access to classified information, it shall be further proceeded in accordance with Section 11a of the Act, i.e. the person shall be obliged to confirm in writing that he or she is aware of the obligation to keep confidential the classified information to which he or she had access and not to grant access to it to an unauthorised person. The responsible person is obliged to ensure that this action is carried out.
Section 58b of the Act
Intelligence may grant access to classified information to a natural person who does not hold a natural person's certificate or does not have access to restricted classified information where this is necessary for the performance of an obligation imposed on that natural person by another law or in the context of intelligence operations.
In the case of access to classified information, the procedure laid down in Section 60(2) to (6) of the Act similarly.
Section 58c of the Act
Police may allow access to classified information to a natural person who does not hold a natural person's certificate or does not have access to restricted classified information, if this is necessary for the performance of an obligation imposed on that natural person by another legal regulation in connection with the performance of police tasks in the field of providing special protection and assistance, short-term protection, ensuring the security of protected objects and premises and designated persons and carrying out surveillance of persons and objects. The procedure shall not apply in the case of access to classified information of a foreign power and classified information classified at the level Top Secret.
In the case of access to classified information under the procedure referred to in Section 60(2) to (5) of the Act Similarly, written records and instructions are not sent to the NSA, but stored by the police.
What rules apply to consent to access to classified information under Section 59a of the Act?

On the basis of a written request from the responsible person, the NSA may, in exceptional and justified cases, grant consent to access classified information classified up to two times higher than that for which a valid certificate of a natural person is issued, namely a person serving in a police authority, a public prosecutor acting as a law enforcement authority or a public prosecutor performing tasks in criminal proceedings pursuant to another legal regulation, unless the person concerned is subject to proceedings for revocation of the validity of the certificate of a natural person. The application for a person working for a police authority must be accompanied by the consent of the public prosecutor, who supervises the observance of legality in the pre-trial proceedings, and in the case of classified information classified as Top Secret, it must also be accompanied by the consent of the chief public prosecutor of the closest higher public prosecutor’s office. The request to the public prosecutor in the case of classified information classified at the level Top Secret must be accompanied by the concurring opinion of the head of the public prosecutor’s office closest to the higher public prosecutor’s office, with the exception of the public prosecutor working at the Supreme Public Prosecutor’s Office.
The request referred to in paragraph 1 shall include:
a) justification of access,
an indication of the classified information to which access consent is to be given;
c) file reference of the case, which is the subject of criminal proceedings, and
a copy of the certificate of the natural person to whom consent is to be given.
The NSA shall issue consent without delay, no later than within 5 days from the date of delivery of the request, and only for the period necessary for the participation of a natural person in criminal proceedings.
The person responsible or a person authorised by him/her shall instruct the natural person and ensure that a written record of his/her instruction is entered in the criminal file and that a copy of the instruction is sent within 30 days from the date of the instruction to the NSA; a copy of the instruction may also be sent to the NSA electronically. Consent shall expire on the day following the day on which the natural person’s participation in criminal proceedings ceased, but no later than the date on which the natural person’s certificate ceased to be valid pursuant to Section 56(1) of the Act.
The consent referred to in paragraph 1 may be given to classified information of a foreign power only in accordance with the requirements of that foreign power.
When does the certificate expire?

1. the expiry of the period of validity of the certificate of a natural person, the death of a natural person or if declared dead,
2. by revoking the validity of the certificate of a natural person (the date of enforcement of the decision of the NSA revoking its validity, i.e. by serving this decision);
3. by reporting the theft or loss of a natural person's certificate,
4. by reporting damage to the certificate of a natural person (resulting in illegibility of data, breach of integrity),
5. the establishment of the service relationship of a member of the intelligence service, the transfer of a member of the security corps to a service position in the Security Information Service or the Office for Foreign Relations and Information, the service assignment of a soldier to a service position in the Military Intelligence, the establishment of the employment relationship of an employee assigned to the intelligence service, or the date on which a natural person becomes a person referred to in Section 141(1) of the Act, in the case of a certificate of a natural person issued by the NSA,
6. termination of service of a member of the intelligence service, transfer of a member of the Security Information Service or the Office for Foreign Relations and Information to a service position in another security corps, assignment of a member of the Military Intelligence to a service position outside this intelligence service, or termination of the basic employment relationship of an employee assigned to the intelligence service, if the certificate of a natural person has been issued by the relevant intelligence service,
7th day on which a natural person ceases to be a person referred to in Section 141(1) of the Act, if the certificate of the natural person has been issued by the Ministry of the Interior,
8. by returning the natural person’s certificate to the person who issued it;
9. the date of delivery of the new certificate of the natural person.
The certificate of a natural person shall not cease to be valid by changing the particulars contained therein. In the event of a change in the data (e.g. surname), the NSA itself shall issue a new certificate of a natural person without delay. Access to classified information shall not be affected until a new individual certificate has been received.
In cases of expiration of the validity of the certificate of a natural person pursuant to points 2, 4 to 9 its holder is obliged to return the natural person’s certificate within 15 days to the person who issued it (Section 66(1)(b) of the Act).
In the event that the certificate of a natural person referred to in point 1 expires, the certificate shall not be returned by its holder.
If the holder of a natural person’s certificate is requested to issue a new certificate pursuant to Section 94(3) of the Act and the procedure for such an application is affected by the declaration of a state of crisis for the entire territory of the Czech Republic, he or she may have access to classified information even after the expiry of the certificate in his or her possession due to its expiry (point 1), until the NBÚ decides on his or her new application, but no longer than 12 months after its expiry. In this case, the NSA does not issue a certificate replacing the original or any other attestation. An up-to-date overview of the certificates that fulfil these conditions and can therefore continue to give access to classified information is available here
In the event of theft, loss or damage of a natural person’s certificate, its holder is obliged to report this fact without delay (Section 66(1)(c) of the Act).
In cases of expiration of the validity of the certificate of a natural person pursuant to point 3., 4. on the basis of a written request made in free form within 5 days of receipt of the request, the NBÚ shall issue a new certificate of the natural person (Section 56(4) of the Act). This application must be submitted within 15 days from the date of expiry of the natural person’s certificate. Access to classified information shall not be affected.
In cases of expiry of the certificate of a natural person referred to in point 6 and 7. the NBÚ, on the basis of a written request made in free form, shall issue a new certificate of a natural person within 5 days of receipt of the request (Section 56a(2)(c) of the Act). Such an application shall be made within 30 days of the date of expiry of the natural person’s certificate.
The certificate of a natural person shall not expire in any other way than the above, i.e. it shall not expire, for example, upon termination of the employment/service relationship (with the exception of point 6).
When does the "NATO Certificate" expire?

1. the expiration of the period of validity of the certificate of a natural person, the expiration of the period of validity of the "NATO certificate",
2. death of a natural person,
3. the revocation of the certificate of a natural person on the basis of which the "NATO certificate" was issued (the date of enforceability of the decision of the NSA on the revocation of the validity of this certificate of a natural person, i.e. the delivery of this decision);
4. reporting the theft or loss of a "NATO certificate";
5. reporting damage to the "NATO certificate" (resulting in illegibility of data, breach of integrity),
6. the expiration of the validity of the certificate of a natural person due to the establishment of the service relationship of a member of the intelligence service, the transfer of a member of the security corps to a service position in the Security Information Service or the Office for Foreign Relations and Information, the service assignment of a soldier to a service position in the Military Intelligence, the establishment of the employment relationship of an employee assigned to the intelligence service, or the date on which the natural person becomes a person referred to in Section 141(1) of the Act (this is a certificate issued by the NSA),
7. the termination of the validity of a certificate of a natural person due to the termination of the service relationship of an intelligence officer, the transfer of a member of the Security Information Service or the Office for Foreign Relations and Information to a service position in another security corps, the service assignment of a member of Military Intelligence to a service position outside this intelligence service, or the termination of the basic employment relationship of an employee assigned to an intelligence service, in the case of a certificate of a natural person, issued by the relevant intelligence service, and the date on which a natural person ceases to be a natural person referred to in Section 141(1) of the Act, in the case of a certificate of a natural person issued by the Ministry of the Interior;
8. returning the natural person's certificate or 'NATO certificate' to the person who issued it;
9. the date of delivery of the new certificate of the natural person,
10. the expiration of the validity of the certificate of a natural person due to loss, theft or damage, and only if the natural person has not applied within the statutory 15-day period for the issue of a new certificate of a natural person.
The validity of the "NATO certificate" does not expire by changing the data contained therein. In the event of a change in the information contained in the "NATO certificate", the NSA itself shall issue a new "NATO certificate" without delay. Access to classified information of a foreign power shall not be affected until the delivery of the new certificate of the natural person.
In cases of expiration of the validity of the "NATO certificate" according to points 3, 5, 6, 7, 9. the holder is obliged to return the "NATO certificate" to the person who issued it within 15 days (Section 57(11) of the Act). The holder of a "NATO certificate" is obliged to return the "NATO certificate" to the person who issued it within 15 days also, if he returns the certificate of the natural person for whom the "NATO certificate" was issued.
In the event of theft, loss or damage of a "NATO certificate", its holder is obliged to immediately report this fact to the NSA (Section 66(1)(c) of the Act).
In cases of expiration of the validity of the "NATO certificate" referred to in point 4 and 5. on the basis of a written request made in free form within 15 days from the date of expiration of the validity of the "NATO certificate", the NSA shall issue a new "NATO certificate" within 5 days. If the written application is not submitted and the NSA does not issue a new "NATO certificate", the natural person is not considered to be a holder of a "NATO certificate". In the event of the expiration of the validity of the "NATO certificate" referred to in point 7. On the basis of a written request, the model of which is set out in Annex 7 to Decree No 300/2024 on personnel security and security capability, the NSA shall issue a new "NATO certificate" – the model of the request here. If the written application is not submitted and the NSA does not issue a new "NATO certificate", the natural person is not considered to be a holder of a "NATO certificate".

What rules apply to access to classified information under Section 60 of the Act?

1. Introduction and basic definitions

Exceptional access to classified information pursuant to Section 60 of the Act No 412/2005 Coll., on the protection of classified information and on security capacity, as amended (‘the Act’), is a tool enabling, in well-defined and exceptional situations, the disclosure of classified information also to natural persons or entrepreneurs who do not hold the appropriate authorisation depending on the classification level of classified information (notifications, certificates). This procedure is intended only for cases where it is necessary to deal quickly and effectively with emergency situations in the interest of the Czech Republic.

Applications Section 60 of the Act in no way replaces the set system and does not deviate from the set principles and general rules for the protection of classified information. Thus, the Institute of Extraordinary Access to Classified Information under Section 60 of the Act does not serve to replace the general obligations of an entity allowing extraordinary access to classified information under Section 60 of the Act to create conditions for handling classified information, to maintain and establish a list of places and functions where access to AI is necessary, including those where access to AI of a foreign power is strictly necessary. Similarly, it is the duty to ensure the protection of classified information through specific types of ensuring the protection of classified information, depending on how classified information is handled.

2. Conditions for the application of emergency access

2.1 Existence of exceptional circumstances

Exceptional access may only be granted in emergency situations foreseen by law:

1. Period of growing international tensions (graduating international crises, including hybrid activities, intense campaigns by state actors, etc.),

2. Participation of the Czech Republic in armed conflict abroad (but not peacekeeping or observation missions)

3. Rescue or humanitarian operations abroad (in particular under the responsibility of the Ministry of the Interior and the Ministry of Foreign Affairs);

4. Declared state of war, state of danger, state of emergency and state of danger,

5. State of cyber danger.

Provisions Section 60 of the Act set out exhaustively the emergency situations in which classified information may be provided to a person who does not have access to classified information under the law, subject to the conditions laid down. This closed list cannot be extended by interpretation. The case of a period of rising international tensions, which we can possibly identify even now, must also be accompanied by certain limits. Specifically, a natural person or an entrepreneur may be provided with classified information under Section 60 of the Act if he/she performs tasks in a period of increasing international tension (e.g. CMX exercises), but it is primarily necessary to set up a management system so that natural persons or entrepreneurs who meet the conditions for accessing classified information under the Act are used to perform such a task. Paragraph 60 can therefore be applied only as an ultima ratio.

Access to classified information may be Section 60 of the Act grant only under cumulatively fulfilled conditions:

1. we are in a period of increasing international tensions or in another emergency situation listed in section 60 of the Act,

2. natural persons or entrepreneurs who have access to classified information on the basis of notices or certificates shall not be primarily involved in the performance of the tasks;

3. access is granted to a natural person or entrepreneur performing tasks related to these extraordinary situations.

2.2 Special status of the entity

Exceptional access may only be granted to a natural person or an entrepreneur who, in a given situation, carries out specific activities necessary to safeguard the key interests of the State.

Typically, these are natural persons or entrepreneurs whose involvement is irreplaceable at a given place and time and without their participation the performance of specific tasks would be jeopardised or rendered impossible.

Individuals need to be assessed for credibility and confidentiality – basic security screening is carried out, e.g. through references or personal knowledge.

3. Procedure for granting emergency access

The provider of classified information will, as a rule, be an authority of the State in the context of an emergency situation foreseen by Section 60 of the Act. As in other situations in normal operation, the tasks of a State authority are carried out by individual natural persons who do so on the basis that they are its employees or on the basis of predetermined roles, but the provider is always a given State authority (region, ministry, etc. see Section 2(d) of the Act).

Access to classified information shall be granted to a natural person to whom the classified document concerned has been assigned in the course of his or her professional activities. While such a person may also carry out screening, this is not a necessity, it may also be carried out by another person from the competent authority of the State. It is not so important who from the national authority will carry out the screening, but how it will be carried out – so that the available resources are used at a given time and place by the means available to the national authority.

However, the final decision to grant access to classified information pursuant to Section 60 of the Act cannot depend on the subjective opinion of one natural person. A natural person who effectively grants access to classified information shall do so in accordance with a decision of an authority of the State as such. The parallel is also given by the current functioning of the State authority in areas other than the protection of classified information, which is also not based on the arbitrary and subjective discretion of each member of staff, regardless of their function or assignment.

Thus, it is not possible to determine strictly which person will be responsible for an individual act if it is necessary to ensure access to classified information under Section 60 of the Act, as the entity as a whole will always be responsible – thus it is not possible to identify a specific person who will be responsible for an individual act (each entity may have a different structure and management). The performance of tasks can be set up in a similar way as in the case of access to classified information in a standard situation, while the application of Section 60 of the Act only does not have to fulfil the condition of possession of a notice or certificate.

TEST OF PROPORCIONALITY

The decision to grant access to classified information pursuant to Section 60 of the Act must be preceded by a proportionality test!!!

If the risk and possible consequences (in the event that a natural person or an entrepreneur who does not hold a certificate would not be used for the performance of the task) clearly exceed (in addition to the risks and possible consequences that would arise if access were granted only to a natural person or an entrepreneur who has access to classified information on the basis of a certificate), then special access may be granted under Section 60 of the Act.

Of particular importance is the time aspect, which will be a decisive factor, as the operative will be crucial for such decisions in crisis situations.

3.1 Assessment of credibility

For natural persons, the provider of classified information must operationally verify credibility (e.g. references from the employer, personal knowledge, assurance from a trusted authority).

Where there is any doubt as to the credibility of a person, access to classified information shall not be granted.

For entrepreneurs, caution is recommended and, in case of doubt about the ability to ensure the protection of information, access should not be allowed.

As regards the scope of the screening carried out, the aim is certainly not to carry out a similar safety procedure. The aim is to verify, from available sources (including public ones) without significant time constraints, whether the entity is an entity for which there is no evident risk factor that could have an impact on the ability to conceal information. As mentioned above, screening does not have to be carried out by a person with access to classified information, but can be any designated natural person within a State authority.

The credibility of a person means, in particular, the absence of facts indicating that a person may benefit from extraordinary access to classified information for purposes other than those foreseen by law.

It is essential that the person who carries out the ‘security screening’ is not obliged to go through all public and non-public sources, to request an extract from the criminal record and to seek the assistance of other administrative authorities or other authorities in order to verify the absence of such facts. It is sufficient for access to be granted if, even after a thorough examination, it is not aware of them by the entity to which access is granted. Such verification may consist of personal knowledge of the examiner, i.e. personal knowledge of the employees working with the examined person, basic search of public resources (internet, insolvency register, business register, etc.), as well as a reference from the employer or a guarantee from a trustworthy authority. Where a State authority concludes, on the basis of the data obtained, that there is doubt as to the credibility and ability to conceal information, access to the classified information shall not be granted.

The person performing the ‘screening’ thus works, in particular, with personal knowledge, basic verification of publicly available sources, references from the employer, a guarantee from a trustworthy authority, etc., when assessing credibility.

In particular, a guarantee from a trusted authority is a confirmation from a person who has a certain qualified relationship with the person to be granted extraordinary access and who can assess their credibility. This includes, in particular, its employer, superior or official. The guarantee can be a confirmation that the person absent facts that would otherwise indicate its unreliability. At the same time, it must be an authority about which there is no doubt about credibility itself. The authority will therefore ensure that the person who is granted extraordinary access is eligible for such access, or that he or she does not have information about any fact that affects his or her credibility.

The Act treats as entrepreneurs a natural person doing business and a legal person whose main activity is doing business, see Section 15 of the Act for details. Where access to classified information pursuant to Section 60 of the Act is granted to an entrepreneur (i.e. within the meaning of Section 15 of the Act), access must also be granted, under the conditions laid down in that provision, to natural persons who will become acquainted with classified information within that entrepreneur. These will typically be employees performing tasks for entrepreneurs who are to be granted access under Section 60 of the Act. These natural persons must therefore be screened and instructed in accordance with Section 60 of the Act, as the entrepreneur will have access to classified information in real terms through his employees.

Although the law does not explicitly require this, the NSA only recommends screening also to examine entrepreneurs as such and thus exclude the existence of obvious doubts about ensuring the protection of classified information. Such screening is recommended to be carried out in a similar way as for natural persons, i.e. from available sources and available means at a given place and time. For entrepreneurs, it is recommended to carry out screening of some natural persons, especially those involved in the management of such entrepreneurs and acting on their behalf. At the same time, it will be necessary to examine a specific natural person who will acquaint himself/herself with classified information, if he/she will also be granted access under Section 60 of the Act, or he/she will no longer be the holder of a notification or certificate of a natural person.

3.2 Information and documentation

1. Before disclosing classified information, a natural person shall be instructed in accordance with the model of recommended instruction - here or according to the model of instruction referred to in Annex 3 to Decree No. 300/2024 Coll., on personnel security and safety competence.

2. The instruction shall be made in writing, in justified cases (e.g. the risk of delay) it may be replaced by oral acquaintance.

3. A dated written record containing essential circumstances, the identification of persons and classified information, or the fact that oral instruction has been given, shall be required of extraordinary access. The model of the written record is not laid down by law. For your possible use is a sample of the recommended written record - here.

4. As soon as circumstances permit, this record, together with the written instruction (unless only oral instruction has been given), must be sent to the NSA.

As a general rule, every time an individual has access to classified information, it is necessary to re-instruct the individual, draw up an access record and send it to the NSA. Each access to an individual ‘new’ classified information constitutes a new access within the meaning of Section 60 of the Act and must therefore be treated in accordance with the Act – that is to say, it must be instructed and recorded in writing and sent to the NSA. If it is a case of providing multiple classified information in the same case to the same individual or entrepreneur, then the alert can be combined for all such classified information (e.g. at the end of the CMX exercise), provided that access is not granted with a significant delay, as the alert should be sent to the NSA without delay.

3.3 Specifics for Entrepreneurs

For entrepreneurs, the responsible person is obliged to make a written record and deliver it to the NSA without delay.

4. Limitations and principles

1. Emergency access is not legally enforceable – it cannot be invoked and any refusal does not need to be justified.

2. The need to know principle also applies in these cases – access is granted only to the extent necessary and only to those who actually need it to perform a specific task.

3. Access pursuant to Section 60 to classified information classified at the level of Top Secret shall not be granted to an entrepreneur.

4. Access pursuant to Section 60 to classified information classified at the level Top Secret may be granted to a natural person only if he or she holds a valid certificate for access to classified information classified at the level Secret and is informed.

5. Access under Section 60 may not be granted to an entrepreneur to classified information subject to a special handling regime (e.g. KRYPTO, ATOMAL).

6. Under the approach under Section 60 of the Act, sensitive activities cannot be carried out.

7. The responsibility for the correctness and legality of the procedure lies with the person who allows access (typically a state authority).

5. Practical step-by-step procedure

Step	Description
1	Identification of the emergency situation (state of crisis, armed conflict, humanitarian action, etc.)
2	Assessment of the necessity of emergency access for a specific natural person/entrepreneur
3	Verification of the trustworthiness of a natural person (screening, references, personal knowledge)
4	Instruction of the natural person on obligations and consequences (in writing, exceptionally orally)
5	Drawing up a written record of emergency access (identification of persons, essential circumstances)
6	Immediate transmission of the record and instructions to the NSA (unless it is an intelligence service)
7	For entrepreneurs: obligatory written record and its sending to the NSA

6. Important comments and recommendations

Every case of extraordinary access shall be carefully documented and substantiated, including all steps leading to a decision to disclose classified information.

Access to classified information pursuant to Section 60 of the Act is exceptional and may not be misused for normal operational purposes.

Responsibility for the correctness of the procedure shall always lie with the authority granting access.

In case of doubt, we recommend consulting the NBÚ or the legal department of the competent authority.

Model of recommended written test for emergency access (natural person) - here

Model of recommended instruction for emergency access (natural person) - here

I sold the family home, should I report it?

No, I don't.
Does the responsible person remain liable to a person who has ceased to hold office with access to classified information, unless his employment relationship or the validity of the natural person’s certificate has expired?

The responsible person remains liable to the natural person and continues to have obligations under Section 67 of the Act, and the NSA has an obligation in relation to the holder of the natural person’s certificate to notify the responsible person that the issued natural person’s certificate has expired (Sections 56(3) and 122(1) of the Act).
Although the Act does not explicitly specify in which cases the relationship between the responsible person and the holder of the natural person’s certificate ceases to exist, it can be inferred from the provisions of Section 11(2), Section 11(4) and Section 67(1)(g) of the Act that the existence of such a relationship depends on the existence of a service relationship or an employment, membership or similar relationship between the holder of the natural person’s certificate and the entity (a legal person or a natural person doing business who has access to classified information, or an authority of the State) whose authority the responsible person represents in the field of classified information. The relationship between the responsible person and the specific certificate holder of a natural person thus arises upon receipt of an application for the issue of a certificate of a natural person certified by that responsible person of the NBÚ, or upon receipt of information pursuant to Section 11(2) of the Act (if a new employee is recruited to a place listed in the overview pursuant to Section 71(3) of the Act, who already holds a certificate of a natural person issued on the basis of an application in which an employment or service relationship that has lapsed was mentioned as a justification for the need to access classified information, and this justification has been confirmed by another responsible person), and lasts until the termination of an employment, membership or similar relationship or until the expiry of the certificate of a natural person. The fact that a person is no longer assigned to a position that is listed in the list of places and functions where it is necessary to have access to classified information does not affect the existence of a relationship between the responsible person and the certificate holder of the natural person. This conclusion is confirmed by the fact that the fact that a specific holder is no longer assigned to a position that is listed in the overview pursuant to Section 71(3) of the Act, or that a specific holder of a natural person’s certificate will not have effective access to classified information, is not an obligation to notify the responsible person. However, the responsible person is obliged under Section 69(1)(g) of the Act to notify the termination of a service relationship or an employment, membership or similar relationship in which a natural person has been granted access to classified information. The fact that the holder of a natural person’s certificate is not placed in a position that is listed in the overview pursuant to Section 71(3) of the Act also cannot be interpreted as a fact that may affect the issue or validity of the natural person’s certificate (Section 69(1)(c) of the Act). Such facts are only those relating to the fulfilment of the conditions for the issue of a certificate under Section 12 of the Act, not the fact that a specific person will no longer have access to classified information. It follows from the foregoing that, in such a situation, the position of the person responsible vis-à-vis the specific holders of a natural person’s certificate cannot be absolved by unilateral declarations.
I am a member of the fire brigade, the Czech fishing association and the Good Angel Foundation, should I report it?

No, I don't.
I have Bitcoin, Ethereum and NFT work. Should I put it on a questionnaire?

YES, from 1.7.2022 you will enter bitcoins, ethereum (cryptocurrency) and so-called NFT work (non-fungible token) in the questionnaire under 7.7 Movable Assets, these are virtual assets that are movable assets.
In 2021, I started treating myself because I am addicted to slot machines. Do I have to report this to the NSA?

YES, it is a gambling and treatment in connection with participation in gambling you are obliged to notify the NSA if the treatment continues after 1.7.2022 (new notification obligation valid from 1.7.2022). The same applies if you are treated for alcohol or drugs, for example, and the treatment continues after 1.7.2022.
I lent my girlfriend 300000 CZK, should I report it?

No, I don't.
I changed my permanent address, should I report it?

No, I don't.
A friend lent me $500,000, should I report it?

Yes, I did. The obligation of a natural person is to notify the incurrence of liabilities, the nominal value of which individually or collectively exceeds CZK 100,000 or five times the average monthly income of a natural person after deduction of mandatory statutory contributions, whichever is the higher, only if the liability arose between natural persons, i.e. if a loan of CZK 500000 meets the above nominal value, you are notifying a loan from a friend (natural person) of CZK 500000.
I sold my car for 200000 CZK and bought a new one for 400000 CZK, should I report it?

No, I don't.
I'll apply for a certificate. The questionnaire mentions games of chance – technical game, live game. What does that mean?

In live play, bettors play against the croupier, or against each other at the tables, without predetermining the number of bettors and the amount of bets per game. A live game is, for example, roulette, a card game, even in the form of a tournament, and a dice game.
Technical game is a game of chance operated through a technical device directly operated by the bettor. Technical game is e.g. cylindrical game, electromechanical roulette and electromechanical dice.
What are virtual assets, a non-fungible token – a so-called NFT work?

Virtual assets are electronically storeable or transferable units that can fulfil a payment, exchange or investment function. In practice, these are so-called cryptocurrencies, e.g. bitcoin. By the notion of irreplaceable token it is possible to imagine digitized collector's goods (e.g. A paper original of the drawing, from which its owner creates only one authentic digital copy and then decides to offer it on one of the online marketplaces where NFTs are traded. It is then possible to buy the work at a specified price or at the highest bid in the auction. After the purchase, you will become the unique owner of the product. Until you sell the work to someone else, you are the only original owner with a digitized certificate and an irreplaceable token.
I will provide accommodation for refugees from Ukraine, I will also send funds to help Ukraine. Do I have to report it?

No, if you do not share a household with these people, you do not report this fact. You also do not notify the sending of funds to help Ukraine.
An enforcement order has been issued against me, shall I report it?

No, I don't.
Previously, you had a YES, NO option in the questionnaire for narcotics, gambling and treatment from addictions to them. There is now a detailed statement. Should I write yes or no here?

No, as of 1 July 2022, it is always the duty to comment on these points, i.e. even if, for example, you have never played a game of chance, tried drugs or are abstinent. There is a section Detailed statement, where you enter:
1. for alcohol - frequency of ingestion in the past and in the present, types and quantities ingested, circumstances of ingestion, stays at an alcohol collection station, etc. If you do not drink alcohol at all, indicate e.g. abstinent.
2. for gambling - past and present frequency, type of gambling, deposited/deposited/betted amounts per week/month, total balance, sources of funding, etc. If you do not play gambling, please indicate e.g. I've never played gambling and I don't play.
3. for narcotic drugs and psychotropic substances - the frequency and duration of use in the past and in the present, including one-off experience, the types and quantities of narcotic drugs or psychotropic substances used, the circumstances of use/use, etc. If you do not use narcotic drugs or psychotropic substances, please indicate e.g. these substances have never been tried, used or used.
Execution has been ordered on my property in the past, but the matter is already settled. I am to include such enforcement in the certification questionnaire.

YES, enforcement is an ordered enforcement of a decision, it is stated even if the case has already been resolved, namely in point 8. Enforcement orders.
Should I report that I bought an apartment in Spain?

Yes, I did. However, you no longer notify if you buy, for example, an apartment under personal ownership or co-ownership located in the Czech Republic (e.g. in Klatovy).
I took out a mortgage for CZK 2500000 at Komerční banka, a.s., should I report it?

No, I don't.
I started seeing a psychiatrist in 2021. Do I have to report this to the NSA?

YES, this is a change in the declaration of personality, which you are obliged to notify to the NSA (new reporting obligation valid from 1.7.2022), if the treatment is still ongoing. The same applies if you visit a psychologist, regardless of whether you are being treated by a psychiatrist or not.
I borrowed 120000 CZK through zonky.cz. Do I have to report it?

No, I don't.
I took a loan from an employee of the Department of Defense, should I report it?

No, I don't.
I lent my friend money and my friend guarantees me this loan with his real estate. Do I indicate the resulting lien on his property when applying for the issue of a certificate of a natural person in the questionnaire?

Yes, if there was a lien on a property owned by your friend after 1.1.2014. According to the Civil Code (Act No. 89/2012 Coll.), the lien on real estate is a separate property. In the questionnaire, you will indicate the lien to the point:
7.8 Immovable property
7.8.1 Leaded by the cadastral office (in the case of property outside the Czech Republic, state the address) - cadastral office, where the property owned by a friend is located, for which a lien has been established, 7.8.2 Type of property and how it has been used since acquisition – lien; 7.8.3 Method of acquisition and sources of financing - others, 7.8.4 Acquisition price - 0, 7.8.5 Currency – 0, 7.8.6 Year of acquisition of the property: indicate the year in which the lien arose
Can the responsible person verify integrity for the level Reserved from the extract of the Criminal Register transmitted from the data box of a natural person? Is such a document required to be printed or must it be converted into a paper document?

Act No 412/2005 does not lay down an explicit requirement to submit documents in paper form pursuant to Section 7 of the Act. The fulfilment of the conditions under Section 6(2) of the Act shall be verified and notified to the natural person by the person who is responsible to him or her in the context of a service relationship or an employment, membership or similar relationship, or by a person designated by him or her. Since Act No 269/1994 on the Criminal Register, as amended, allows for the sending of an extract from the Criminal Register directly to the data box of a natural person in electronic form, the forwarding of a data message containing such an extract in electronic form sent by an authorised entity is sufficient for the purposes of verifying compliance with the conditions under Section 6 of the Act.

For the purposes of the law, verification of compliance with the conditions for issuing a notification is sufficient if the relevant data report, or an extract from the Criminal Register in electronic form from a natural person, is stored without the need for conversion into paper form. It is then desirable to keep the data report containing an extract from the Criminal Register in electronic form for a period of 5 years, or until further verification (Section 9(2) of the Act).
I came back from the mission and I used the mission money to pay off the mortgage, should I report it?

No, I don't.
Can the responsible person, in a single instruction, acquaint the holder of a national certificate with NATO regulations and thus fulfil the obligation to access both national and NATO classified information without the person concerned already p

YES, in this case only the national certificate number of the natural person is indicated in the instruction. As part of the lessons learned, all legislation in the field of classified information, i.e., NATO, EU and WEU regulations, can be read at the same time.
The natural person shall hold a valid national certificate of the natural person and shall be informed. Subsequently, a "NATO certificate" is issued to a natural person. Does the individual need to be re-educated?

Yes, the instruction shall indicate the number of the "NATO certificate" and tick that the natural person has been acquainted with NATO regulations. This does not apply if, in the first instruction made to the national certificate of a natural person, it has already been ticked that the natural person has been acquainted with NATO regulations (i.e., has been acquainted with them without being issued with a "NATO certificate") – in this case, the natural person would no longer be acquainted with them again.
The questionnaire states that I have to complete continuous stays abroad of more than 90 days. For what period do I have to fill in these stays retrospectively?

Point 9 of the natural person's questionnaire - Continuous stays abroad of more than 90 days is an item without a time limit, i.e. you will complete all such stays in the past and such a stay lasting even now.
What are the most common deficiencies in the reporting of changes to a natural person’s certificate?

In the event that there is a change of persons over 18 years of age living with a natural person in the household, which may occur, for example, in connection with a change in the address of permanent residence, marital status, reaching the age of majority of children, it is the obligation of the natural person to notify the NSA of the data relating to new persons in the household, namely the name, surname, maiden name, previously used surnames, date of birth, birth number, place of birth, nationality, employer, relationship with the natural person, or to notify that the persons previously mentioned by the natural person no longer share the household with him.
For example:
1. The natural person stated in the questionnaire that she is single and that she does not live in a household with anyone over the age of 18. Subsequently, the natural person’s marital status – married – changes. It is her duty to report the above information to her/his spouse.
2. The natural person stated in the questionnaire that she is married and lives in a household with a daughter and son who are over 18 years of age. Children stop sharing a household with a natural person. It is the duty of the natural person to report that the daughter and son no longer share the household with the natural person.
3. In the questionnaire, the natural person stated that he/she lives in a household with a friend who is over 18 years of age. Then there is a break-up, the friend/girlfriend stops sharing the household with the natural person. It is the duty of the natural person to report that the friend (former) no longer shares the household with the natural person. If an individual starts sharing a household with a new friend, it is their responsibility to report the above data to the friend.
4. In the questionnaire, for example in point 7.1 Financially dependent persons indicated their children. Subsequently, children reach the age of 18 and live with a natural person in the household. It is their responsibility to report the above data to the children.
I received a letter of discontinuation of proceedings because I did not complete the necessary documents in time, what should I do so that the proceedings are not discontinued?

Submit the decomposition and at the same time add the necessary documents. The digestion must contain:
1. identification party – first name, surname and social security number;
2. address of permanent residence; where applicable, the address for service;
3. Date and signature a party to the proceedings;
4. Identification of the decisionagainst which the decomposition is filed (i.e. reference number and date of issue);
5. what a party to the proceedings seeks (e.g. annulment of a resolution of the NSA to discontinue security proceedings for the issue of a certificate of a natural person);
6. reasons, for which the contested decision is incorrect, or what the party considers to be contrary to the law (i.e. the party specifically describes the reasons why it does not agree with the contested decision). An appeal may be brought against the operative part of a decision, not against the grounds of that decision.
You can file a decomposition with the NBÚ within 15 days from the date of service of the decision (Section 126(1) of the Act). If you miss the deadline for filing a decomposition due to serious reasons, you can apply to the NSA for its remission within 15 days from the day when the cause of the missed decomposition ceased to exist. The condition, however, is that the application for remission must be accompanied by the decomposition itself.
You can submit the decomposition:
1. through the NBÚ Portal (After logging in through the bank identity or data box of an individual, you select an option Dissolution (appeal against the decision of the NSA issued in the proceedings),
2. by delivery to the NBÚ data box (NBÚ ID – h93aayw),
3. by delivery to the Electronic Filing Office This email address is being protected from spambots. You need JavaScript enabled to view it. with a recognised electronic signature established for private purposes,
4. by post or by the holder of a special postal licence the address NBÚ.
My father-in-law allowed me to build a cottage in his garden. Do I state this when I apply for a natural person’s certificate in the questionnaire?

Yes, if this fact, regardless of whether it is a cottage already built or not yet built, occurred after 1.1.2014. According to the Civil Code (Act No. 89/2012 Coll.) the Right of Construction, which is a separate property. In the questionnaire, you will indicate the right of construction to the point:
7.8 Immovable property
7.8.1 Leaded by the cadastral office (in the case of property outside the Czech Republic, state the address) - the cadastral office where your father-in-law's land is located, 7.8.2 Type of property and how it has been used since acquisition – right of construction, 7.8.3 Method of acquisition and sources of financing: e.g. contract, funded by savings; 7.8.4 Acquisition price – e.g. 0; in the event that you paid for the right of construction, for example. CZK 50000; 7.8.5 Currency – 0, 7.8.6 Year of acquisition of the property: state the year in which the right of construction arose
Do I have to report the establishment of my data box?

No, I don't.
When do changes have to be reported?

Immediately, i.e. as soon as circumstances allow and without undue delay.
I need a look at the security file. What do I have to do?

You have the right to consult before taking a decision on an application for a certificate the Unclassified Part of the Security Volume (Section 89c of the Act). You have this right only until the decision on the application for a certificate becomes final. It can be viewed on the basis of a written request addressed to the NSA, which is written in free form.
You can request access to the unclassified part of the security file by:
1. through the NBÚ Portal (After logging in through the bank identity or data box of an individual, you select an option General submission),
2. a data box set up for a natural person,
3. by delivery to the Electronic Filing Office This email address is being protected from spambots. You need JavaScript enabled to view it. with a recognised electronic signature established for private purposes,
4. by post or by the holder of a special postal licence the address NBÚ.
The NBÚ employee will then notify you in writing (possibly by telephone) of the date when the volume can be consulted. The inspection takes place in the NBÚ building (Na Popelce 2/16, Prague 5 - Košíře). Before consulting, an NBÚ employee will acquaint you with the possibility to make extracts from the volume or to require copies from the volume to be made for a fee. A written record of the inspection shall always be made.
I live in an apartment that is not in my personal ownership/co-ownership, but is the property of a cooperative, I own a cooperative share. Do I include this apartment in the questionnaire when applying for the issue of a natural person’s certificate?

Yes, if you acquired a cooperative share after 1.1.2014. According to the Civil Code (Act No. 89/2012 Coll.), the cooperative share of objects is movable. In the questionnaire, you will indicate the cooperative share in the point:
7.7 Movable property
(by species whose value exceeds CZK 200,000 in the case of one species, e.g. cash, cooperative share, collection, art objects, precious metals, jewellery, motor vehicle, vessel, aircraft, antiques, technology, electronics, share in a business corporation, virtual assets - non-fungible tokens (NFTs), cryptocurrencies)
7.7.1 Species: cooperative share + percentage, 7.7.2 Number of pieces – 0, 7.7.3 Method of acquisition and sources of financing - e.g. purchase, financed by the sale of real estate, 7.7.4 Acquisition price – e.g. CZK 2800000; 7.7.5 Total value - e.g. CZK 2800000
I have documents in English, do I have to have them translated?

If documents are submitted in a foreign language, they must be submitted in the original and at the same time in an officially certified translation into the Czech language. If a document is submitted in a foreign language on a so-called transferable document (e.g. A1,S1,S2,S3,DA1,P1,U1,U2,U3...) is accepted in accordance with Regulation (EC) No 883/2004 and Regulation (EC) No 987/2009 of the European Parliament and of the Council without an officially certified translation into Czech if it is submitted in an official language of a Member State of the European Union, the European Economic Area or Switzerland.
What specific persons to include in point 10 of the questionnaire for the certification of a natural person for contacts with foreigners or citizens of the Czech Republic in non-EU and NATO countries after 1990, if it can be reasonably assumed th

A natural person is obliged to state and comment in detail on contacts that fulfil a summary of the following conditions:
A.
1. is a foreign national,
2. the contact does not result from the performance of the professional or service duties of a natural person after 1990 (e.g. partnership, family, friendly relationship, contact based on common interests and hobbies); and
3. the natural person evaluates the contact as significant primarily according to its intensity, circumstances, possible impacts on the behavior of the natural person (the impact of the contact on the natural person - e.g. emotional, financial).
B.
1. is a citizen of the Czech Republic who lives in a state that is not a member state of the EU or NATO,
2. the contact does not result from the performance of the professional or service duties of a natural person after 1990 (e.g. partnership, family, friendly relationship, contact based on common interests and hobbies); and
3. the natural person evaluates the contact as significant - mainly according to its intensity, circumstances and content, possible impacts on the behaviour of the natural person (the impact of the contact on the natural person - e.g. emotional, financial).
The fulfilment of this point is primarily dependent on the subjective assessment of the natural person as to how he perceives his possible contact with the person fulfilling point 1, who fulfils the condition set out in point 2, with regard to the fulfilment of the condition under point 3, i.e. whether he considers this contact to be significant for him for a specific reason, i.e. that he influences or may influence him in some way.
If the natural person (applicant) is long-term resident in the territory of a foreign state, he/she will always fill in this point, if the sending entity is not an authority of the state.
I want to report changes to the NSA, but I don't know exactly what you want to know. Can you give me some advice?

A detailed description of the reporting of changes to individual items can be found here
What is SJM?

SJM - joint marital property is based on Section 708 et seq. of the Civil Code, the joint property includes what one or both spouses acquired together during the marriage (e.g. household equipment, finances) with the exception of what is referred to in Section 709(1)(a) to (e) of the Civil Code, as well as debts (e.g. loans) taken over during the marriage, with the exception of debts referred to in Section 710(1)(a) and (b) of the Civil Code)
How do I withdraw an application for a natural person’s certificate?

In these cases, it is necessary to send a written notification to the NSA that you are withdrawing your application for a certificate. It is necessary to specify the person (name, surname, social security number or date of birth, place of residence), the application (issuance of a certificate of a natural person) and to sign the communication. On the basis of this communication, in accordance with the provisions of Section 113(1)(a) of the Act, The NSA shall discontinue the pending proceedings, issue and send an order terminating the proceedings. After this resolution has become final, the NBÚ will also send information about the discontinuation of the proceedings to your responsible person, who confirmed to you the validity of the request for the issuance of a certificate of a natural person.
You can withdraw an application for the issuance of a natural person's certificate by:
1. through the NBÚ Portal (After logging in through the bank identity or data box of an individual, you select an option General submission),
2. a data box set up for a natural person,
3. by delivery to the Electronic Filing Office This email address is being protected from spambots. You need JavaScript enabled to view it. with a recognised electronic signature established for private purposes,
4. by post or by the holder of a special postal licence the address NBÚ.
If a natural person is required to indicate ‘Yes’ in the SJM point questionnaire, must the income, liabilities, receivables and real estate sections also mention property that relates exclusively to the spouse or partner, or are these points to b

No, I don't. A natural person shall be required to provide information relating only to that person. However, if, for example, he or she is a co-debtor of a loan entered into by a spouse, partner, or is, together with the spouse, partner, co-owner of immovable property or have immovable property in the SJM, i.e. these data also relate to his or her person, he or she must provide them. Similarly, it is incumbent on it to provide information relating to its right of disposal over another person’s account.
I have a permanent residence with my parents, but I live in the place where I work for over a week. I've got to point 15. (....persons over the age of 18 living with you in the same household) write also brother and parents?

The term household is defined by the Civil Code. For the purposes of security proceedings, the terms ‘households’, ‘family households’ or ‘common households’ in the Civil Code are used. It must therefore be the cohabitation of at least two natural persons (one of which is an applicant for the issue of a natural person’s certificate) and at the same time the following conditions must be met:
1. the fact that they are consumer communities, i.e. an association of money or other means to meet common needs.
Reimbursement of common needs must be understood more broadly than, for example, the joint payment of rent and the costs of services associated with such rent (according to Section 690 of the Civil Code, ‘the provision of property benefits has the same meaning as the personal care of the family and its members’). It is therefore ‘economic cohabitation, where there are no separate financial means and no distinction is made as to which household items may be used by those persons’.
In general, therefore, cohabitation in a household with a natural person for the purposes of security proceedings cannot be assumed solely on the basis of cohabitation in a single dwelling (permanent residence is an institute of population registration and the address indicated, for example, in the identity card is not decisive in this respect).
2. the condition of the permanence of cohabitation in the household with a natural person. That is the case where ‘there are objectively identifiable circumstances which indicate an intention to lead such a community on a permanent basis and not only on a temporary basis.
Where should I indicate in the questionnaire when applying for an investment life insurance certificate - in ‘Financials’ or ‘Investment instruments’?

Investment life insurance is listed in section 7.4 Finance, as it is not an investment instrument under Act No. 256/2004 Coll., on Capital Market Undertakings.

Security eligibility
Do I have to report to you when I took out a loan from the municipality?

YES, provided it exceeds CZK 100,000 or five times your average monthly ‘net income’, whichever is higher. This obligation has been established since 1.1.2026.
This also applies if you took out this loan before 1.1.2026 and it has not been repaid yet.

I'll ask for a receipt. The questionnaire mentions games of chance – technical game, live game. What does that mean?

In live play, bettors play against the croupier, or against each other at the tables, without predetermining the number of bettors and the amount of bets per game. A live game is, for example, roulette, a card game, even in the form of a tournament, and a dice game.
Technical game is a game of chance operated through a technical device directly operated by the bettor. Technical game is e.g. cylindrical game, electromechanical roulette and electromechanical dice.

I have a recognised electronic signature with my employer. Can I use this signature to electronically sign a document request?

NO, only a recognised electronic signature established for you as a private individual, not for you as an employee of the employer, is accepted by the NBÚ for the signature of the application for the issue of a document.

Information on health and other professional care and its impact on the issue or possession of a document

Why do I need to include information on healthcare and treatment in the questionnaire?
In security proceedings, the NSA evaluates the fulfilment of various statutory conditions for the performance of sensitive activities. One of the conditions relates to a state of health, the quality of which, in certain situations, can affect the normal functioning of an individual, and also have an impact on his reliability. For the NSA issuing the document, it is therefore necessary to assess whether the state of health of individual natural persons is not an obstacle to the performance of a sensitive activity, or whether this state of health cannot pose a security risk and affect the reliability of the natural person. It is not a newly established practice, the NBÚ even before the amendment of the law, requested and assessed points related to health care, namely points related to psychiatric treatment and psychologist care, which were the content of the declaration of personality, statutory mandatory requirements of the supporting materials.
I am being treated by a psychiatrist and/or other doctor, I am going to see a psychologist. Does this mean that I cannot be issued with a document or does this information lead to the invalidation of a document already issued by the NSA?
No, I don't. No professional treatment or care provided by an individual in his/her questionnaire is, and cannot in itself, a priori be negatively assessed. However, this is one of many aspects that the NSA needs to verify and assess in the case of natural persons in certain circumstances. The issue of health status is a very complex fact and therefore it is not possible under any circumstances to determine in advance, on the basis of the information provided by the natural person in the questionnaire, whether the information is negative. In some cases, contact with a psychiatrist or psychologist, for example, can also prove to be a positive aspect. This is a very specific and diverse range of life circumstances of a natural person and if the NSA concludes that it is necessary to verify the data in this case by various steps in the procedure, it has specialised experts who are competent in the matter of valid assessment of information relating to health status and its impact on the reliability of a natural person. In some cases, the NSA may also decide on the necessity of appointing an expert in accordance with Section 106 of the Act.
I'm being treated by a doctor, but I don't know my diagnosis. What should I do to complete the questionnaire?
The questionnaire contains a box in the section focused on health care, through which the diagnosis is made. However, there are cases where a natural person does not know his diagnosis and/or is not sure about it, or some time has passed since receiving healthcare and the party to the proceedings does not remember his diagnosis. In this case, it is not necessary to complete the diagnosis and the difficulties encountered by the natural person or in the past can be described in detail. In certain circumstances, the NSA may then find it necessary to verify or refine that information, for which it uses various actions in the proceedings. The verification of that information relating to health and other professional care may also be carried out for the purpose of verifying the information provided by a party to the proceedings.

I'll ask for a receipt. Do I need to provide a birth certificate?

No, as of 1.1.2026, the birth certificate for the application for the issue of a document is no longer documented.

What are virtual assets, a non-fungible token – a so-called NFT work?

Virtual assets are electronically storeable or transferable units that can fulfil a payment, exchange or investment function. In practice, these are so-called cryptocurrencies, e.g. bitcoin. By the notion of irreplaceable token it is possible to imagine digitized collector's goods (e.g. A paper original of the drawing, from which its owner creates only one authentic digital copy and then decides to offer it on one of the online marketplaces where NFTs are traded. It is then possible to buy the work at a specified price or at the highest bid in the auction. After the purchase, you will become the unique owner of the product. Until you sell the work to someone else, you are the only original owner with a digitized certificate and an irreplaceable token.

What are the most common shortcomings when applying for a document?

The most common shortcoming is that applicants do not declare and document income for a period of 10 years retrospectively. The requirements for the presentation of the receipts in the questionnaire and proof of receipts are as follows.
Indication of receipts in the questionnaire for the last 10 years:
1. In case you have filed a tax return in the last 10 years and you did not have income not declared in the tax return, please fill in the questionnaire every year and the option “Submitted a tax return“ tick YES and select the option ‘Submitted a tax return, I do not have income not included in the tax return’.
2. If you have filed a tax return in the last 10 years and at the same time have received income that is not included in the tax return (e.g. a retirement allowance), please fill in the questionnaire every year and select ‘Submitted a tax return“ tick YES and select the option ‘Submitted a tax return, I also have income not included in the tax return’ and fill in the type of income, amount and currency.
3. If you have not filed a tax return in the last 10 years, please fill in the questionnaire every year and select "Submitted a tax return“ tick NO and fill in the type of income, amount and currency.
You do not include state social support benefits and contributions, sickness insurance benefits and unemployment benefits in the questionnaire.
Proof of income over the last 10 years:
1. You are documenting only income that is not part of your tax return to the relevant tax office, if this income in the case of one type exceeds CZK 100,000 per calendar year. This means that if the limit of CZK 100,000 per calendar year is exceeded, you can prove, for example, your salary (unless it is part of your tax return to the relevant tax office), service allowance, old-age pension, insurance benefits, scholarship, subsidies, etc.
2. You do not substantiate benefits, social security contributions, sickness insurance benefits, unemployment benefits regardless of their amount, or any income that is part of your tax return to the relevant tax office.
The NBÚ points out that the taxpayer's declaration that you fill in with your employer (pink form) is not a tax return.
The NBÚ also warns that if you submit tax return abroad, it is the duty to fill in the receipts included in the questionnaire and also to prove them.

How and what changes should I report to the NBÚ?

List of changes that you are obliged to notify, including information on how and in what form you will find here

I want to ask for a receipt. How am I supposed to do that?

The application can be submitted via the NBÚ Portal, when this method of administration is recommended by the NSA, As it is convenient and user-friendly for users, you can make the entire submission conveniently from anywhere, with no need to visit the NSA.
The application can also be submitted by delivery to the NBÚ data box (NBÚ ID – h93aayw) or to the electronic mailroom This email address is being protected from spambots. You need JavaScript enabled to view it. with a recognised electronic signature established for private purposes. In addition, the application can be submitted in person after ordering on tel. no. 257283225 in the filing office of the NBÚ headquarters or sent by post or by the holder of a special postal licence to the address of the National Security Office, P.O.BOX 49, 15006, Prague 56.
Detailed information on how to apply can be found here.

Previously, you had a YES, NO option in the questionnaire for narcotics, gambling and treatment from addictions to them. There is now a detailed statement. Should I write yes or no here?

No, as of 1 July 2022, it is always the duty to comment on these points, i.e. even if, for example, you have never played a game of chance, tried drugs or are abstinent. There is a section Detailed statement, where you enter:
1. for alcohol - the frequency of ingestion in the past and in the present, the types and quantities ingested, the circumstances of ingestion, stays at an anti-alcohol collection station, etc. If you do not drink alcohol at all, indicate, for example, the abstinent,
2. for gambling - past and present frequency, type of gambling, deposited/deposited/betted amounts per week/month, total balance, sources of funding, etc. If you do not play gambling, please indicate e.g. I've never played gambling and I don't play,
3. for narcotic drugs and psychotropic substances - the frequency and duration of use in the past and in the present, including one-off experience, the types and quantities of narcotic drugs or psychotropic substances used, the circumstances of use/use, etc. If you do not use narcotic drugs or psychotropic substances, please indicate e.g. these substances have never been tried, used or used.

In this work we have the possibility to perform authorized conversion of documents according to Act No. 300/2008 Coll. Can I use this conversion to send an electronic request for a document?

If the conversion is ex officio (Section 23(2) of Act No 300/2008), this option is not accepted by the NSA. Only conversions pursuant to Act No 300/2008 may be used upon request (Section 23(1) of Act No 300/2008).

Do I have to report to you when I took out a loan from an employer?

YES, provided it exceeds CZK 100,000 or five times your average monthly ‘net income’, whichever is higher. This obligation has been established since 1.1.2026.
This also applies if you took out this loan before 1.1.2026 and it has not been repaid yet.

I changed my last name, what should I do?

If there was a change of surname after 1.1.2025, you are not taking any action in relation to the issuance of a new document. When the NBÚ receives information from the basic registers, it will issue you with a new document without delay and send it to your contact address. Upon receipt of the new document, you are obliged to return the original issued document to the NSA within 15 days from the date on which the new document was delivered to you.

I want to apply for a document. What do I need to prove?

1. the application for the issue of a document,
2. a justification for the performance of a sensitive activity, which will be completed and provided by the employer,
3. a declaration of waiver of the obligation of confidentiality of the locally competent tax administration,
Questionnaire 4,
5. photo of the licence type,
6. confirmation of income listed in the questionnaire with an indication of its amount (net income), and only if it is not part of the tax return, for the last 10 years and at the same time if it exceeded CZK 100000 in one calendar year.
Detailed information on how to apply for a document can be found here

I'm a businessman and I'm a payer on a flat-rate basis. How do I prove NBÚ's income?

1. If you are a flat-rate taxpayer and you are obliged to keep records of income from self-employment for the purpose of proving the amount of decisive income for the selected flat-rate band, then when applying for the issue of a document, you will document the income from business with these records.
2. If you are a flat-rate taxpayer and you are not obliged to keep the above records, then when applying for the issue of a document, you will provide proof of business income with statements of account or invoices (income documents) and at the same time inform in writing what flat-rate scheme you are in.

In the questionnaire under point 7.12 Financial obligations, you have indicated that I should also indicate the obligations arising from a contract concluded with a legal person that is not a consumer credit provider under the Consumer Credit Act

This is, for example, a loan from your employer, the municipality. The provision of this information is newly required from 1.1.2026.

I am an insolvency administrator and I have the right to dispose of 750 accounts. Do I have to put them all on a questionnaire?

NO, the rights of disposal of insolvency administrators opened to bank accounts for the purpose of resolving the bankruptcies of their owners are not included in the questionnaire.

Is there a difference between the first and the repeated application for a document?

No, you submit exactly the same background materials and complete the questionnaire in its entirety. The only exception is a curriculum vitae, where, when you submit a repeated application for the issuance of a document, you limit yourself to providing data from the submission of a previous application.

I have Bitcoin, Ethereum and NFT work. Should I put it on a questionnaire?

YES, you will include bitcoins, ethereum (cryptocurrency) and so-called NFT work (non-fungible token) in the questionnaire under item 7.7 Movable assets, these are virtual assets that are movable assets.

Execution has been ordered on my property in the past, but the matter is already settled. Should I include such an execution in the document-issuing questionnaire?

YES, enforcement is an ordered enforcement of a decision, it is stated even if the case has already been resolved, namely in point 8. Enforcement orders.

Can I send an application for a document to the NSA via the employer's data box?

A request for the issuance of a document can be sent to the NBÚ by a data box only if this data box is established for you as a natural person or a natural person doing business.

I came back from the mission and I used the mission money to pay off the mortgage, should I report it?

No, I don't.

An enforcement order has been issued against me, shall I report it?

No, I don't.

I started seeing a psychiatrist in 2021. Do I have to report this to the NSA?

YES, this is a change in the declaration of personality, which you are obliged to notify to the NSA (new reporting obligation valid from 1.7.2022), if the treatment is still ongoing. The same applies if you visit a psychologist, regardless of whether you are being treated by a psychiatrist or not.

I sold my car for 200000 CZK and bought a new one for 400000 CZK, should I report it?

No, I don't.

I took a loan from an employee - ČEZ a.s., should I report it?

YES, provided that the loan exceeds CZK 100,000 or five times your average monthly net income, whichever is higher.

I sold the family home, should I report it?

No, I don't.

I lent my girlfriend 300000 CZK, should I report it?

No, I don't.

I lent my friend money and my friend guarantees me this loan with his real estate. Do I indicate the resulting lien on his property when applying for a document in the questionnaire?

Yes, if there was a lien on a property owned by your friend after 1.1.2014. According to the Civil Code (Act No. 89/2012 Coll.), the lien on real estate is a separate property. In the questionnaire, you will indicate the lien to the point:
7.8 Immovable property
7.8.1 Led by the cadastral office (in the case of property outside the Czech Republic, state the address) - cadastral office where the property owned by a friend for which a lien has been established is located, 7.8.2 Type of property and method of its use since acquisition - lien, 7.8.3 Method of acquisition and sources of financing - other, 7.8.4 Acquisition price - 0, 7.8.5 Currency - 0, 7.8.6 Year of acquisition of the property - indicates the year when the lien arose

I live in an apartment that is not in my personal ownership/co-ownership, but is the property of a cooperative, I own a cooperative share. Do I mention this apartment when I apply for a document in the questionnaire?

Yes, if you acquired a cooperative share after 1.1.2014. According to the Civil Code (Act No. 89/2012 Coll.), the cooperative share of objects is movable. In the questionnaire, you will indicate the cooperative share in the point:
7.7 Movable property
(by species whose value exceeds CZK 200,000 in the case of one species, e.g. cash, cooperative share, collection, art objects, precious metals, jewellery, motor vehicle, vessel, aircraft, antiques, technology, electronics, share in a business corporation, virtual assets - non-fungible tokens (NFTs), cryptocurrencies)
7.7.1 Type – cooperative share + percentage, 7.7.2 Number of units – 0, 7.7.3 Acquisition method and sources of financing – e.g. purchase, financed by sale of real estate, 7.7.4 Acquisition price – e.g. CZK 2800000, 7.7.5 Total value - e.g. CZK 2800000

I changed my permanent address, should I report it?

No, I don't.

What specific persons to include in point 10 of the questionnaire for the issue of a document for contacts with foreigners or citizens of the Czech Republic in non-EU and NATO countries after 1990, if it can be reasonably assumed that these are s

A natural person is obliged to state and comment in detail on contacts that fulfil a summary of the following conditions:
A.
1. is a foreign national,
2. the contact does not result from the performance of the professional or service duties of a natural person after 1990 (e.g. partnership, family, friendly relationship, contact based on common interests and hobbies); and
3. the natural person evaluates the contact as significant primarily according to its intensity, circumstances, possible impacts on the behavior of the natural person (the impact of the contact on the natural person - e.g. emotional, financial).
B.
1. is a citizen of the Czech Republic who lives in a state that is not a member state of the EU or NATO,
2. the contact does not result from the performance of the professional or service duties of a natural person after 1990 (e.g. partnership, family, friendly relationship, contact based on common interests and hobbies); and
3. the natural person evaluates the contact as significant - mainly according to its intensity, circumstances and content, possible impacts on the behaviour of the natural person (the impact of the contact on the natural person - e.g. emotional, financial).
The fulfilment of this point is primarily dependent on the subjective assessment of the natural person as to how he perceives his possible contact with the person fulfilling point 1, who fulfils the condition set out in point 2, with regard to the fulfilment of the condition under point 3, i.e. whether he considers this contact to be significant for him for a specific reason, i.e. that he influences or may influence him in some way.
If the natural person (applicant) is long-term resident in the territory of a foreign state, he/she will always fill in this point, if the sending entity is not an authority of the state.

In 2021, I started treating myself because I am addicted to slot machines. Do I have to report this to the NSA?

YES, it is a gambling and treatment in connection with participation in gambling you are obliged to notify the NSA if the treatment continues after 1.7.2022 (new notification obligation valid from 1.7.2022). The same applies if you are treated for alcohol or drugs, for example, and the treatment continues after 1.7.2022.

A friend lent me $500,000, should I report it?

Yes, I did. The obligation is to notify the incurrence of obligations concluded between natural persons or from a contract concluded with a legal entity that is not a consumer credit provider under the Consumer Credit Act (e.g. between you and an employer or municipality), the nominal value of which individually or collectively exceeds CZK 100 000 or five times your average monthly income minus taxes, fees and other similar monetary benefits, including social security and public health insurance premiums (net income), whichever is higher, i.e. if a loan of CZK 500000 meets the above value, you are notifying a loan from a friend (natural person) of CZK 500000.

The questionnaire states that I have to complete continuous stays abroad of more than 90 days. For what period do I have to fill in these stays retrospectively?

Point 9 of the natural person's questionnaire - Continuous stays abroad of more than 90 days is an item without a time limit, i.e. you will complete all such stays in the past and such a stay lasting even now.

I will provide accommodation for refugees from Ukraine, I will also send funds to help Ukraine. Do I have to report it?

No, if you do not share a household with these people, you do not report this fact. You also do not notify the sending of funds to help Ukraine.

I borrowed 120000 CZK through zonky.cz. Do I have to report it?

No, I don't.

I am a member of the fire brigade, the Czech fishing association and the Good Angel Foundation, should I report it?

No, I don't.

My father-in-law allowed me to build a cottage in his garden. Do I state this when I submit my request for proof in the questionnaire?

Yes, if this fact, regardless of whether it is a cottage already built or not yet built, occurred after 1.1.2014. According to the Civil Code (Act No. 89/2012 Coll.), this is a building right, which is an independent property. In the questionnaire, you will indicate the right of construction to the point:
7.8 Immovable property
7.8.1 Led by the cadastral office (in the case of real estate outside the Czech Republic, state the address) - the cadastral office where your father-in-law's land is located, 7.8.2 Type of real estate and how it has been used since the acquisition – right of construction, 7.8.3 Method of acquisition and sources of financing – e.g. contract, financed from saved funds, 7.8.4 Acquisition price – e.g. 0; in the event that you paid for the right of construction, for example. CZK 50000, 7.8.5 Currency – 0, 7.8.6 Year of acquisition of the property – indicates the year in which the right of perpetual usufruct arose

I took out a mortgage for CZK 2500000 at Komerční banka, a.s., should I report it?

No, I don't.

Should I report that I bought an apartment in Spain?

Yes, I did. However, you no longer notify if you buy, for example, an apartment under personal ownership or co-ownership located in the Czech Republic (e.g. in Klatovy).

When do changes have to be reported?

Immediately, i.e. as soon as circumstances allow and without undue delay.

I want to report changes to the NSA, but I don't know exactly what you want to know. Can you give me some advice?

A detailed description of the reporting of changes to individual items can be found here

How do I withdraw my application for a document?

In these cases, it is necessary to send a written notification to the NSA that you are withdrawing your application for the issuance of a document. It is necessary to specify the person (name, surname, birth number or date of birth, place of residence), the application (issuance of a security certificate) and sign the communication. On the basis of this communication, in accordance with the provisions of Section 113(1)(a) of the Act, The NSA shall discontinue the pending proceedings, issue and send an order terminating the proceedings. After this resolution has become final, the NBÚ will also send information about the discontinuation of the proceedings to your responsible person, who confirmed to you the justification of the request for the issuance of a security certificate.
You can withdraw your security clearance request by:
1. through the NBÚ Portal (After logging in through the bank identity or data box of an individual, you select an option General submission),
2. a data box set up for a natural person,
3. by delivery to the Electronic Filing Office This email address is being protected from spambots. You need JavaScript enabled to view it. with a recognised electronic signature established for private purposes,
4. by post or by the holder of a special postal licence the address NBÚ.

I received a letter of discontinuation of proceedings because I did not complete the necessary documents in time, what should I do so that the proceedings are not discontinued?

Submit the decomposition and at the same time add the necessary documents. The digestion must contain:
1. identification party – first name, surname and social security number;
2. address of permanent residence; where applicable, the address for service;
3. Date and signature a party to the proceedings;
4. Identification of the decisionagainst which the decomposition is filed (i.e. reference number and date of issue);
5. what the party is seeking (e.g. revocation of the order terminating the security procedure for issuing the document);
6. reasons, for which the contested decision is incorrect, or what the party considers to be contrary to the law (i.e. the party specifically describes the reasons why it does not agree with the contested decision). An appeal may be brought against the operative part of a decision, not against the grounds of that decision.
You can file a decomposition with the NBÚ within 15 days from the date of service of the decision (Section 126(1) of the Act). If you miss the deadline for filing a decomposition due to serious reasons, you can apply to the NSA for its remission within 15 days from the day when the cause of the missed decomposition ceased to exist. The condition, however, is that the application for remission must be accompanied by the decomposition itself.
You can submit the decomposition:
1. through the NBÚ Portal (After logging in through the bank identity or data box of an individual, you select an option Dissolution (appeal against the decision of the NSA issued in the proceedings),
2. by delivery to the NBÚ data box (NBÚ ID – h93aayw),
3. by delivery to the Electronic Filing Office This email address is being protected from spambots. You need JavaScript enabled to view it. with a recognised electronic signature established for private purposes,
4. by post or by the holder of a special postal licence the address NBÚ.

I took out a mortgage for CZK 2500000 at Komerční banka, a.s., should I report it?

No, I don't.

Do I have to report the establishment of my data box?

No, I don't.

What is SJM?

SJM - joint marital property is based on Section 708 et seq. of the Civil Code, the joint property includes what one or both spouses acquired together during the marriage (e.g. household equipment, finances) with the exception of what is referred to in Section 709(1)(a) to (e) of the Civil Code, as well as debts (e.g. loans) taken over during the marriage, with the exception of debts referred to in Section 710(1)(a) and (b) of the Civil Code)

I need a look at the security file. What do I have to do?

Before taking a decision on an application for a security certificate, you have the right to consult: the Unclassified Part of the Security Volume (Section 89c of the Act). You have this right only until the decision on the application for a security certificate becomes final. It can be viewed on the basis of a written request addressed to the NSA, which is written in free form.
You can request access to the unclassified part of the security file by:
1. through the NBÚ Portal (After logging in through the bank identity or data box of an individual, you select an option General submission),
2. a data box set up for a natural person,
3. by delivery to the Electronic Filing Office This email address is being protected from spambots. You need JavaScript enabled to view it. with a recognised electronic signature established for private purposes,
4. by post or by the holder of a special postal licence the address NBÚ.
The NBÚ employee will then notify you in writing (possibly by telephone) of the date when the volume can be consulted. The inspection takes place in the NBÚ building (Na Popelce 2/16, Prague 5 - Košíře). Before consulting, an NBÚ employee will acquaint you with the possibility to make extracts from the volume or to require copies from the volume to be made for a fee. A written record of the inspection shall always be made.

If a natural person is required to indicate ‘Yes’ in the SJM point questionnaire, must the income, liabilities, receivables and real estate sections also mention property that relates exclusively to the spouse or partner, or are these points to b

No, I don't. You are required to provide information relating only to you. However, if, for example, he or she is a co-debtor of a loan entered into by a spouse, partner or, together with the spouse, partner, co-owner of immovable property or have immovable property in the SJM, i.e. this information also applies to you, you must provide it. It is also your responsibility to provide information regarding your right of disposal over another person's account.

I have documents in English, do I have to have them translated?

If documents are submitted in a foreign language, they must be submitted in the original and at the same time in an officially certified translation into the Czech language. If a document is submitted in a foreign language on a so-called transferable document (e.g. A1,S1,S2,S3,DA1,P1,U1,U2,U3...) is accepted in accordance with Regulation (EC) No 883/2004 and Regulation (EC) No 987/2009 of the European Parliament and of the Council without an officially certified translation into Czech if it is submitted in an official language of a Member State of the European Union, the European Economic Area or Switzerland.

Where should I indicate in the questionnaire when applying for an investment life insurance document - in ‘Financials’ or ‘Investment instruments’?

Investment life insurance is listed in section 7.4 Finance, as it is not an investment instrument under Act No. 256/2004 Coll., on Capital Market Undertakings.
Industrial security – Facility Security Clearance
As part of the security procedure, I communicate with the NSA via a data box, is there any recommendation as to what should be included in the data message in the ‘Case’ field?

NBÚ recommends that when communicating via the information system of data boxes (ID NBÚ - h93aayw) in the field of security procedure for issuing the certificate of the entrepreneur in the data message in the field "Case’ – ‘Safety management’. In the case of an application for the issue of an entrepreneur’s certificate in the data message, in the field ‘Case" state "Application for the issue of a certificate of the entrepreneur’.
If you are responding to NBÚ document (request, communication, notification, decision...), also indicate the reference number by which the document was marked (e.g. 11000/2024-NBÚ/21,...). It is also recommended to enter the reference number in the field ‘Case’ (e.g. ‘Security procedure ref.11000/2024-NBÚ/21...’).

As part of the application for the issue of a certificate of the entrepreneur, some documented documents may not be older than 60 days from the date of issue. At what date is this calculated?

The 60-day period is calculated from the date of issue of the document to the date of submission of the application for the issue of the entrepreneur's certificate (if they are part of the application), or from the date of issue of the document to the date of sending these documents to the NSA (if they are sent additionally, for example, as a supplement to the completeness of the application for the issue of the entrepreneur's certificate, but also as evidence of the notified change).

If we submit the first application for an entrepreneur's certificate and do not pay the administrative fee, will proceedings be initiated on the entrepreneur's application?

The amendment to the Act introduced by Act No 267/2024 Coll., the payment of the administrative fee is one of the conditions for initiating security proceedings on an application by an entrepreneur for the issue of an entrepreneur’s certificate referred to in Section 93(1), point (b), of the Act. If the administrative fee is not paid, then it is not a submission that meets the conditions for initiating the procedure and the security procedure will not be initiated.

The responsible person shall ensure that natural persons who have access to classified information are trained once a year. Who will train the responsible person?

The responsible person is obliged to ensure the training of natural persons, not to carry it out itself. The responsible person will not train himself/herself, but he/she is obliged to provide training for himself/herself.

If I hold an Entrepreneur’s certificate at Confidential level only for ‘knowing about classified information’ and I am producing or being provided with restricted classified information, can I make a declaration by the Entrepreneur?

Yes, in this case, the entrepreneur can hold a certificate of the entrepreneur and make a declaration of the entrepreneur. However, if the entrepreneur holds a certificate of the entrepreneur for access to classified information in full (access according to Section 20(1)(a) of the Act), the declaration of the entrepreneur does not make.

Can a person who is not a member of the statutory body be the responsible person?

He can't. The amendment to the Act, implemented by Act No 267/2024 amending the Act, amended the provisions of Section 2(e)(13) of the Act. According to the wording effective from 1.1.2025, the responsible person in the case of an entrepreneur under Section 15, who is a legal person, may be a natural person who is:
its individual statutory body, or

where a legal person has several individual statutory bodies or the statutory body of that legal person is a collective body, a member of the statutory body who is a natural person and is designated to act in matters governed by this Act.

We are holders of a valid certificate issued by 31.12.2024. What is the validity of this certificate?

Point 4 of Article II Transitional provisions of Act No 267/2024 amending the Act as regards the period of validity of certificates issued before the date of entry into force of the amendment to the Act (until 31.12.2024) provides that the certificate of a natural person, Certificate of Entrepreneur and proof of security capacity of a natural person issued before the date of entry into force of this Act shall remain valid for the period of validity specified therein.

The law introduces new provisions on the economic instability of the entrepreneur, which are associated with duration. Since when does this time count?

The period is set for the new provisions of the Act in Section 17(1)(d) and Section 17(2)(e) and (f) of the Act. Point 7 of Article II Transitional provisions of Act No 267/2024 amending Act No 412/2005 on the protection of classified information and on security capacity, as amended, provides that, in the case of an entrepreneur holding an entrepreneur’s certificate issued before the date of entry into force of this Act (until 31 December 2024), the period relevant for assessing compliance with the conditions referred to in Section 17(1)(d) and in Section 17(2)(e) and (f) of Act No 412/2005, as applicable from the date of entry into force of this Act, starts to run.

Does the fee obligation change in relation to repeated applications from the entrepreneur?

If an entrepreneur submits an application for the issue of an entrepreneur’s certificate that meets the conditions for submitting an application under Section 96(3) and (4) of the Act, then even after the amendment of the Act, the submission of such an application is not subject to a fee obligation.

Does the application for an entrepreneur certificate have to be delivered to the NSA in person?

It is not necessary, the application can be submitted in person at the filing office of the NSA by sending it in the form of a postal item or in electronic form, namely
delivery to the NBÚ data box,

to the electronic address of the NSA using a recognised electronic signature, or

through an online service using the means of a qualified electronic identification scheme (NBÚ portal).

The responsible person of the entrepreneur in our company is a person outside the statutory body. Does this affect the validity of the entrepreneur's certificate after the amendment of the Act?

Yes, this fact will affect the validity of the entrepreneur’s certificate if the entrepreneur does not reflect the amendment of the Act within 12 months from the date of entry into force of Act No 267/2024 amending the Act.
Paragraph 6. Article II Transitional provisions of Act No 267/2024 Coll., which entered into force in this part on 1.1.2025, stipulate that an entrepreneur who holds an entrepreneur’s certificate issued before the date of entry into force of this Act ceases to meet the condition for issuing an entrepreneur’s certificate pursuant to Section 16(1)(d) of the Act after a period of 12 months from the date of entry into force of this Act, if the responsible person designated pursuant to Section 2(e)(13) of the Act, in the version in force before the date of entry into force of this Act, is not
a) its individual statutory body, or

a member of its collective statutory body.

Our company needs to be certified as an entrepreneur. How is he supposed to proceed?

An application for the issue of an entrepreneur's certificate may be submitted in person at the NSA's filing office, by post or in electronic form, by delivery to the NSA's data box, to the NSA's electronic address using a recognised electronic signature, or through an online service using the means of a qualified electronic identification system. The application shall include:
application form;

the completed questionnaire of the entrepreneur in electronic form,

security documentation of the entrepreneur,

original documents or certified copies thereof necessary to verify compliance with the conditions under Section 16 of the Act – the scope and form of the documents are laid down in the Industrial Security Decree; and

a declaration of non-disclosure of the materially and locally competent tax administrator and other persons involved in tax administration pursuant to Section 52(2) of the Tax Code, to the full extent of the data for the purpose of conducting security proceedings.

For more information, see Protecting classified information – Industrial security – How to Apply for an Entrepreneur Certificate.

What must the security documentation of the entrepreneur contain?

More information on the content of the entrepreneur's security documentation can be found here.

We are a certified entrepreneur and have newly built a secure area of the reserved category. Do we have an obligation to send the NSA a Physical Security Project related to this secure area of the Reserved category?

According to the law, the NSA conducts security proceedings and therefore verifies the ability of the entrepreneur to ensure the protection of classified information in the field of physical security up to the level of Confidential. Therefore, do not send a physical security project to a secure area of the Reserved category to the NSA. In relation to the above, however, we would like to point out that the entrepreneur is obliged, pursuant to Section 68(c) of the Act, to immediately notify the NBÚ in writing of the establishment or cancellation of a restricted area (pursuant to Section 9 of the Industrial Security Decree, the entrepreneur shall provide the address and description of the location of this secured area and information on the determination of the category and class of the restricted area pursuant to Section 25 of the Act).

On what date will I, as the holder of an entrepreneur’s certificate, send the regular annual notification of changes pursuant to Section 68(d) of the Act?

Regular annual reporting of changes according to Section 68(d) of the Act the holder of the certificate of the entrepreneur is obliged to send the NBÚ always on the date that coincides with the date of issue of the certificate of the entrepreneur. If the entrepreneur holds more than one certificate of the entrepreneur, he notifies changes to the data in only one copy. It shall indicate in the entrepreneur’s ‘change questionnaire’ all the classification levels and forms of access contained in those certificates. The notification of changes to the data in this case is submitted by the entrepreneur to the NSA on the day on which the date of issue of the entrepreneur's certificate, which was issued earlier to the entrepreneur, falls.
If the entrepreneur is issued with a ‘replacement’ certificate because he reported to the NSA the theft, loss or damage of the entrepreneur’s ‘originally issued’ certificate, the date of issue of the entrepreneur’s certificate continues to be the date of issue of the entrepreneur’s ‘originally issued’ certificate.

How to correctly fill in point (i) of the entrepreneur’s questionnaire (Section 97(i) of the Act) – foreign business partners?

When filling in the data in point (i) of the entrepreneur's questionnaire (Section 97(i) of the Act) – foreign business partners, with the exception of business partners from the Member States of the European Union, with a total financial volume of transactions exceeding CZK 2 000 000 in the last five years, the entrepreneur proceeds as follows:
In the application under Section 96(1) of the Act the entrepreneur ascertains whether in the last 5 years he has concluded business with a foreign partner, whose total annual the volume exceeded CZK 2 million in at least one of the five monitored years. If yes, the data to be filled in is the entrepreneur's questionnaire; under the heading ‘volume of transactions’, indicate the amount of all transactions with that partner over the entire period of 5 years.
Examples:
A) 2020 – 500 000, 2021 – 2 million, 2022 – 200 000, 2023 – 300 000, 2024 – 1 million = does not reportbecause in none of the last five years has the total annual volume exceeded CZK 2 million;
B) 2020 – 600,000, 2021 – 2,1 million, 2022 – 300,000, 2023 – 1.7 million, 2024 – 500,000 = reports, because in 2021 the total annual volume exceeded CZK 2 million and in the item volume of trades will indicate the amount of 5,2 million, that is, the sum of all trades in 5 years

In the notification of changes according to Section 68(d) of the Act the entrepreneur ascertains whether, from the date of issue of the certificate, if it is the first notification of changes under Section 68(d) of the Act, or since the date of the last report of changes in accordance with Section 68(d) of the Act concluded business with a foreign partner, the total volume of which in this period exceeded CZK 2 million, if so, is the data filled in the entrepreneur's questionnaire. It shall indicate under ‘trade volume’ the amount of all trades with that partner for that period.

In the application under Section 96(3) of the Act the entrepreneur ascertains whether, from the date of the last report of changes under Section 68(d) of the Act (exceptionally from the date of issue of the certificate, if it will be according to the Section 96(3) of the Act request prior to the first notification of changes) concluded business with a foreign partner, the total volume of which in this period exceeded CZK 2 million, if so, is the data filled in the entrepreneur's questionnaire. It shall indicate under ‘trade volume’ the amount of all trades with that partner for that period.

How can the administrative fee be paid?

Methods and forms of payment of the administrative fee:
at the filing office of the NSA before submitting the application for the issue of the entrepreneur's certificate in person, by means of a payment terminal or in cash,

by bank transfer to the NBÚ account: 19-105881/0710 held at the Czech National Bank, as a variable symbol must be indicated the entrepreneur's ID number, in the message to the entrepreneur's recipient it states that it is an administrative fee and the ID of its data box: ‘administrative fee, ISD: xxxxxx’, whereby reimbursement means crediting a payment to the NSA’s account. (Since there may be a delay of several days between the submission of the payment order and its crediting to the NBÚ's account, it is necessary to wait with the submission of the application for the issuance of the entrepreneur's certificate only after receiving the data message from the NBÚ, which contains the confirmation of payment of the fee and is sent immediately after the payment is credited to the NBÚ's account.)
Administrative security
Is it necessary to introduce new administrative aids with the entry into force of the new decree, or can those introduced by the end of 2022 be used? If older tools can be used, is there a need for any specific change or modification in their boxes?

The Decree provides, as part of the transitional provisions (Section 37(1)), that administrative aids drawn up in accordance with Annexes 1 to 7 to Decree No 529/2005 on administrative security and on registers of classified information, in the version in force before the date on which the Decree enters into force, may be used, provided that all the items laid down in the new Decree are added and maintained in the manner laid down in the new Decree.
The models of administrative aids set out in the annexes to the new decree contain, with the exception of the auxiliary negotiating protocol, where the headings of columns 1 and 16 have been amended, only minor changes compared to the previous legislation, which in other cases do not require additional adjustments to be made to the headings of individual items of administrative aids already in use. The amendment must therefore be made at least in the headings of columns 1 and 16 of the APC.
From the date of entry into force of the new decree (1. 1. 2023) administrative aids, including those introduced into use before that date, must be managed in accordance with the instructions set out in the annexes to the new decree.
The aim of the above-mentioned transitional provision is, on the one hand, to minimise the administrative burden on the entities concerned in connection with the amendment of the legislation and, on the other hand, to minimise the economic impact on the entities concerned by allowing them to continue to use administrative aids introduced into use before the entry into force of the new Decree, but also to exhaust any ‘stock’ of administrative aids acquired during the period of application of Decree No 529/2005.

What is the procedure for keeping records of certain classified documents in other administrative aids pursuant to the second sentence of Section 3(2) of Decree No 529/2005 prior to the entry into force of the new Decree?

The Decree states, under the transitional provisions (Section 37(2)), that a classified document which, until the entry into force of the new Decree, has been registered under another registration mark allocated from an administrative aid pursuant to the second sentence of Section 3(2) of Decree No 529/2005 does not have to be re-registered.
This means that a classified document may continue to be registered in this administrative tool until it is declassified or declassified. In the case of handing over, lending or moving a classified document, it will be recorded in administrative aids under another registration mark pursuant to Section 4(3) of Decree No 529/2005, under which it was registered. In accordance with the second sentence of Section 3(2) of Decree No 529/2005, all standard records, including any corrections, will be kept in the additional administrative aid in question until all classified documents registered in it are discarded.
From the date of entry into force of the new Decree, it is no longer possible to assign new registration marks from another administrative aid pursuant to the second sentence of Section 3(2) of Decree No 529/2005, so it is not possible to re-register any other classified document in it.
At the same time, please note that if a classified document in non-documentary form of the Confidential, Secret or Top Secret classification level to be sent is registered in another administrative aid pursuant to the second sentence of Section 3(2) of Decree No 529/2005, it must be re-registered in the negotiation protocol, unless it is a classified document of a foreign power. This is due to the fact that a non-documentary classified document must be accompanied by a movement document when it is transported (it will thus become an annex to the movement document – a paper-based classified document). However, this accompanying document could not be registered in another administrative aid under the second sentence of Section 3(2) of Decree No 529/2005 or under previous legislation (Section 12(1) of Decree No 529/2005).

Does the Security Director need a written authorisation from the responsible person to authenticate administrative aids pursuant to Section 4(1) of the Decree? Can the person in charge of the minutes authenticate the minutes?

The responsible person or a person authorised by him or her, or the security director or a person authorised by him or her, may sign the authentication of the administrative aid (tags at the end of the stitching and a clause on the number of sheets with the date of issue of the administrative aid for use) in accordance with Section 4(1) of the Decree. It is apparent from the wording of that provision of the Decree that the Security Director does not have to be authorised to authenticate the administrative aid.
The third sentence of Paragraph 4(1) of the Decree provides that the person in charge of the minutes cannot be authorised to sign the authentication of the minutes, with the sole exception that the minutes are kept by a person in charge who also performs the function of security director. As a rule, such a situation may occur for small entities where there is no other person available who could be in charge of either maintaining the negotiation protocol or signing it as part of its authentication (e.g. a natural person doing business).
In other cases where the minutes are kept by the responsible person or the Security Director, the authentication of the minutes may be signed either by the other person or it will be necessary for the responsible person or the Security Director, as the case may be, to authorise another person to sign the authentication of the minutes.
Authorisation for authentication must be in writing and must be retained until the relevant administrative aid is discarded (Section 4(1), last sentence, of the Decree).
The reason why the person in charge of the minutes is required not to be able to sign his/her own authentication is the increased requirements to ensure the protection of the minutes, as an administrative tool to record classified documents, against possible alteration of the records and other undesirable interferences. In the case of the above-mentioned exception under the third sentence of Paragraph 4(1), after the semicolon, this is the case where another person is not available to ensure that the conditions laid down are met.

Is it necessary to create a new checklist for a classified document if the classified document is re-registered under a new reference number within a single point of registration?

The checklist is, pursuant to Section 3(1)(f) of the Decree, an administrative tool intended for keeping an overview of persons who have become acquainted with the content of a classified document or file with a state authority, a legal person or a natural person doing business.
If a classified document is re-registered under a new reference number within a single point of registration, for example in a collection sheet or other negotiation protocol, a new checklist need not be created for that classified document. The new reference number shall be indicated on the existing checklist (see the model checklist set out in Annex 6 to the Decree).

Can a negotiation protocol be a clandestine administrative tool?

Negotiating protocols are generally non-classified administrative aids and therefore classified information should not be entered in them (except for intelligence-led negotiating protocols).
In the event that it is necessary to enter classified information in the negotiation protocol (e.g. the originator of the AI will be the intelligence service), it is possible, in addition to the non-classified negotiation protocol, to keep a specific negotiation protocol for this information only under the regime corresponding to the highest classification level of this information.
If classified information is entered ‘by mistake’ in an unclassified minutes, the minutes shall be classified according to the level of classification of the information entered. A record containing classified information must be marked with the appropriate classification level (in a manner similar to that referred to in the fourth and fifth sentences of Section 8(2) of Decree No 275/2022) and the negotiating protocol must also be treated as a classified document of the same classification level. Records of other classified documents kept in paper form in the minutes shall be kept:
kept in a new non-classified negotiating protocol – the reference number will follow the last reference number allocated from the previous negotiating protocol, a range of serial numbers will be entered in the pre-printed box above columns 1 to 2 of the negotiating protocol, starting with the sequence number following the last reference number from the previous negotiating protocol and ending with the sequence number from the last line on the page of the newly established non-classified negotiating protocol (e.g. 28-30), previous unused lines are crossed out (in this context, however, please note that if this situation is repeated, the record of classified documents may be kept in many negotiation protocols), or

continue with the original (already classified) negotiating protocol, with further classified information entered in it to be classified in the line where the record is entered.

The recording of classified documents in the electronic filing system will continue continuously and the procedure referred to in point (a) above may also be used in the electronic minutes of the meeting using another application, if technically possible.

Is a checklist also drawn up for a classified Confidential, Secret or Top Secret document delivered by mistake?

Under Paragraph 5(1) of the Decree, a checklist must be drawn up for a classified document classified as Confidential, Secret or Top Secret, or for a classified document of a foreign power classified as Confidential, Secret or Top Secret, or for a file containing classified documents classified as Confidential, Secret or Top Secret.
The checklist must therefore also be drawn up for a classified document classified as Confidential, Secret or Top Secret which has been delivered by mistake.

According to the new decree, the file and classified documents are registered in the collection sheet. In this case too, can checklists for individual classified documents recorded in the collection sheet be replaced by a file checklist?

Pursuant to Section 3(1)(g) of the Decree, the collection sheet is an administrative tool intended for the extension of the record of records in the negotiating protocol in the event of the registration of a larger number of classified documents relating to the same subject matter. The collection sheet shall be established after the registration of the initiating classified document in the minutes of the negotiations. At the same time, this initiating classified document shall be registered in the collection sheet under sequential number one. Other classified documents relating to the same subject matter shall subsequently be entered in the collection sheet in the order in which they arose or were delivered.
Under Paragraph 5(1) of the Decree, a checklist must be drawn up for a classified document classified as Confidential, Secret or Top Secret, or for a classified document of a foreign power classified as Confidential, Secret or Top Secret, or for a file containing classified documents classified as Confidential, Secret or Top Secret. The checklist of the file is useful if the individual is familiar with the whole file, because in this case the entry of the meeting in the checklist of the file replaces the entries in the checklists of individual classified documents.
A checklist shall be drawn up for the initiation of a classified document at the level Confidential, Secret or Top Secret. Inspection sheets must also be drawn up for all other classified documents that will be recorded in the collection sheet (according to Section 13(2) of the Decree, only classified documents of the same classification level may be recorded in the collection sheet), because until the collection sheet is closed, each of these classified documents will be handled separately and often differently and individual classified documents can thus be accessed by a different range of authorised persons.
After the collection sheet has been closed, pursuant to Section 13(4) of the Decree, it is always possible to manipulate only the entire file, which, at the time of closing the collection sheet, consists of stored classified documents registered in the collection sheet. It is highly advisable to draw up a file checklist after the collection sheet has been closed, otherwise the persons who will have access to the file would have to record acquaintance with the content of classified documents in all individual checklists of classified documents which form the file and to which they will therefore have access.
Theoretically, the creation of a file checklist before the collection sheet is closed is also not excluded. Given that, in most cases, it is necessary to handle individual classified documents separately, its management would be superfluous, except in very specific situations, since the entries in it would have to be made essentially in duplicate with the entries in the checklists of the individual classified documents composing the file.

What happens if, after opening the outer envelope of a consignment delivered by the postal licence holder, the addressee discovers that another addressee is indicated on the inner envelope of the consignment?

Where the consignee of a consignment delivered by the postal licence holder, after opening the outer envelope of that consignment, finds that another addressee is indicated on the inner envelope of the consignment, he shall register the consignment without opening the inner envelope, inserting the word ‘envelope’ in column 6 of the Rules of Procedure instead of indicating the number of sheets.
We recommend that the recipient immediately contact the sender in this matter. The consignor may send an authorised representative to the consignee to check the contents of the consignment. If the consignee confirms that the contents of the consignment were not intended for the consignee, or if the consignor does not address the situation in the manner indicated, the consignee shall proceed using Section 10(3) of the Decree and return the consignment to the consignor. It shall include in column 7 of the Rules of Procedure, for example, the words ‘Inadvertently delivered’, the words ‘Inadvertently delivered’ on the unopened inner envelope of the delivered consignment, the name and address of the consignee who inadvertently received the consignment, the date, first name, surname and signature of the person in charge of the Rules of Procedure.
Where more than one reference number appears on the inner envelope (the consignment contains more than one classified document), the record in the minutes shall be kept according to the highest classification level resulting from the abbreviation of the relevant classification level given in the reference number.
Due to the fact that the consignee does not open the inner envelope and there is no access to classified information (if the consignment was not intended for him, he does not fulfil one of the legal conditions for access to classified information – need-to-know), a checklist is not drawn up in this case.

What is considered the creation of a document? Is it a copy or approval by an employee with signature authority?

On a classified document, the originator is obliged to indicate, inter alia, the date of origin (Section 21(1) of the Act,
Section 14(1) and (4), Section 16(1) and Section 17(1) of the Decree). The date of origin shall also be indicated on the classified annexes to the classified document.
We consider the creation of a classified document to be the moment when the classified document is actually physically drawn up. In the case of a classified document or an annex in paper form, it shall be the moment when it is printed or ‘written’ by hand; in the case of a classified document or attachment in non-documentary form, e.g. storage medium, time of data entry, etc.; in the case of a classified document in electronic form created in the electronic file system, we consider the creation to be the insertion of the relevant classified file (components).

How to proceed with an unclosed collection sheet established before the issuance of a new decree? A change in the legal regulation will be reflected in the composition of the reference number of the classified document registered in this sheet af

Neither the new Decree nor Decree No 529/2005 lays down an obligation to close the collection sheet at the end of the calendar year, although this appears to be an appropriate procedure given the difference in the calendar year, which is part of the reference number to which the collection sheet is led, with the calendar year indicated within the date of origin of classified documents created or delivered only in the following calendar year.
The collection sheet, established before the entry into force of the new Decree, can be continued in the same way as before, but it is necessary to follow the instructions set out in Annex 7 to the new Decree when filling in individual data. Any other established sheet of the same collection sheet must comply with all the requirements of the new Decree, including the name of the entity with which it is kept and the signature pursuant to Section 4(2) of the Decree.
On the basis of the composition of the reference number, on which the collection sheet was based before the entry into force of the new decree, even after 1. 1. 2023 does not change anything. If newly created or delivered classified documents are registered in such a collection sheet, they will normally be distinguished in the reference number by sequential numbers from that collection sheet, and if the reference number on which the collection sheet was based did not contain the designation of the entity to which it was assigned, it will not contain it even for classified documents newly registered in that collection sheet.
Another possible procedure is the closing of the collection sheet established before the entry into force of the new decree, the registration of another newly created or delivered classified document relating to the same matter in the negotiating protocol (new initiation classified document) and the establishment of a new collection sheet for the newly allocated negotiating number. The reference number assigned after the entry into force of the new decree will already contain all the newly established elements, i.e. also the designation of the state authority or its organisational unit, legal entity or natural person doing business to which the reference number has been assigned. In this case, it will be necessary to link the records of both the original and the new reference number in the negotiating protocol by cross-references (information on the link between the reference numbers). This information should also be included on the two collection sheets in question.

How to proceed if there is no space in the negotiating protocol according to Decree No. 275/2022 Coll. for the registration of other persons entrusted with its management or for the presentation of the entire composition of the shredding commissi

In the event of a lack of space or lines in the tables appearing on the inside of the sheets of the minutes referred to in Annex 1 to the Decree, in which the names and surnames of the persons responsible for keeping the minutes, the period in which they keep the minutes and the specimen signatures, respectively the names and surnames of the members of the shredding commissions for each year or, where applicable, the range of years, and their signatures, may be entered:

the tables with all the required items on the other blank pages of the negotiating protocol, if the negotiating protocol contains such parties (front end, inner side of the back panels;

in the case of members of the shredding committee, include references to documents or internal rules on the inside of the negotiating protocol, which shall contain all the information that should be included in the table referred to in Annex 1 to the Decree. Choosing this procedure, it will be necessary to ensure the preservation of a document referenced in the minutes replacing the completion of the required data in the table on the inside of the minutes, at least until the minutes are deleted.
Physical security
What documents should I send for the issuance of a certificate for technical means?

The requirements for the certification of a technical device are set out in Section 11 of Decree No 528/2005 on physical security and certification of technical means, as amended.

What elements of alarm systems are certified?

The subject of the certification of alarm systems are:
Alarm Alarm Systems (ESS) equipment: PMS control panels, detectors, perimetric detection systems;

access systems;

emergency systems.

Should we replace the originally supplied certificate with a new one if the product has been re-certified?

The original certificates are not replaced by new ones.
After the expiry of the certificate, technical means for protecting classified information may be used provided that they are fully operational. This shall be verified by a functional test carried out at least once a year.
In the case of mechanical means of restraint and equipment for physical destruction of information, the functional test shall be evidenced by a record signed by the operator of the object or a person authorised by him. For other technical means, the functional test shall be supported by a test report or record in the operations log. (see Chapter 11 of Annex 1 to Decree No 528/2005, as amended).

Can safety door scores be increased by replacing the safety insert and fittings?

Replacement of the locking system (minimum control of the lock or cylinder and building or safety fittings) is possible only if it does not interfere in any way with the design of the door or the design of individual parts of the locking system. In this case, the certificate of fittings and the certificate of cylinder are also documented as proof of the security door certification.

Can another entrepreneur's classified information be stored in a secure area?

It is not possible to store the classified information of another entrepreneur in a secure area.

Can an object be without a secure area?

The amendment to Act No 412/2005 on the protection of classified information and security suitability, as amended, makes it possible to designate an object without a secure area.

Must there be a grille in the Secured area of the Confidential category on the window sill below as much as 5.5 m above the terrain?

In the category Confidential on a window sill below 5,5 m above the ground, there need not be a grille, only if the area of the secured area is protected by certified electrical security signalling devices (EZS), the installation of which is of at least type 3 (SS92 = 3). The installation of the Type 3 electrical signalling system represents the realization of spatial protection, casing protection and emergency system. The protected area in this case is type 1 (SS3=1).

What does cloak protection cover a secure area?

The casing protection of the secured area includes, in particular, the installation of an opening detector (magnetic contact) on openable openings (doors, windows), possibly a glass splinter detector and a shock detector. The installation of a glass splinter detector is recommended if there is a window or glass filler in the border of the secure area, it also depends on the nature of the borders and the location of the secure area. The shock detector is used for a higher scoring of the level of installation of alarm systems. The total number of detectors installed depends on the number of holes and the segmentation of the area of the secured area.
Opinions on the protection of classified information
How and in what form should the appointment of the Security Director be notified to the National Security Authority?

The form of written notification of the establishment of the position of security director is not provided for by law. It is essential for the National Security Authority that the written notification of the appointment of the Security Director fulfils the requirements under Section 72(2) of Act No 412/2005 and is notified to the National Security Authority by a person authorised to act on behalf of a State authority, a legal person or a natural person engaged in business activity within 15 days of the date on which the position of Security Director was filled.
A written notification of the establishment of the position of Security Director may be delivered by delivery to the data box of the National Security Office (ID h93aayw) pursuant to Act No 300/2008 on electronic acts and authorised conversion of documents, as amended, or through the holder of a postal licence or a special postal licence, who is obliged under the postal contract pursuant to Act No 29/2000 on postal services and amending certain acts (the Postal Services Act), as amended, to deliver the document in a manner consistent with the requirements of this Act, or may be delivered in person to the registry office of the National Security Office, which is located at Na Popelce 2/16 Prague 5.
Information on delivery by electronic communication can be found here.

If a natural person has obtained a position where he/she will only have access to classified information at the end of the calendar year, is he/she also required to attend training in the same year?

Yes, it is the duty of the responsible person to provide training once a year to natural persons who have access to classified information (Section 67(1)(c)). The term "once a year" is interpreted within one calendar year, so if a natural person starts to have access in a particular calendar year, they must also be trained in that year.

Can a natural person who has fulfilled the conditions for access to restricted classified information have access to EU (RESTREINT UE) and NATO (NATO RESTRICTED) classified documents?

A person who qualifies for access to restricted classified information shall not automatically have access to RESTRIEINT UE or NATO RESTRICTED documents, but may be granted access where such access is strictly necessary for the performance of his function, work or other activity (need to know). In addition, the instruction shall state that the natural person has been familiarised with NATO and EU regulations.
According to Section 69(1)(b) of the Act, it is the duty of a state body, a legal entity and a natural person engaged in business activities to process and maintain an overview of places or functions where it is necessary to have access to classified information, including classified information of the European Union and the North Atlantic Treaty Organisation.

Must NATO-dedicated classified information be transmitted via the register of classified information provided?

No, according to Section 79 of the Act, only Confidential, Secret and Top Secret classifications are recorded and stored in the registers of classified information provided in international (i.e. also NATO) relations, not Reserved.

Can a company holding a certificate use the NBÚ logo on its documents?

No, the NBÚ graphic logo is registered as a trademark under Act No. 441/2003 Coll., on Trademarks, and is registered in the Register of Trademarks maintained by the Industrial Property Office. The use of the logo would be a use of a trade mark for which the NSA does not give consent to other entities, as it is intended exclusively for use on official documents of the NSA. Only text informing that the company holds the relevant NBÚ certificate can be used, but without a graphic representation of the NBÚ logo.

Who instructs the director of the company if he is the responsible person and the security director, has a valid certificate of a natural person, but is not informed and there is no person in the company who meets the conditions for access to cla

The director of a company may be instructed by a person who, for example, is an employee of the company without fulfilling the conditions for access to classified information or without holding a notice or certificate. This is the person entrusted with this task by the responsible person, i.e. the manager himself.

What legal form should the establishment and occupation of the position of Security Director (entrustment, appointment, change of employment contract, etc.) take if the company is a limited liability company?

The law does not provide for the legal form of the establishment or occupation of the position of Security Director, as this is the responsibility of each specific entity that establishes and occupies the position of Security Director. It is up to the responsible person to decide on the form in which the position of Security Director is to be established and filled.
From the point of view of the law, it is essential that, if the person responsible does not carry out the duties of security director himself, the security director must be placed under his direct authority. The law also does not stipulate that the function of security director must be performed exclusively independently and may be performed in combination with the performance of other work, but may not be performed simultaneously by several state authorities or entrepreneurs.

Is it always necessary to classify information inferior to the item listed in the Annex to Government Regulation No 440/2024 on the catalogue of areas of classified information?

When classifying information, it is always necessary to assess whether all the characteristics of the classified information, both formal and material, are present. Pursuant to Section 4(1) of Act No 412/2005 on the protection of classified information and on security suitability, as amended, the relevant classification level refers to information the disclosure or misuse of which may harm the interest of the Czech Republic or be disadvantageous to the interest of the Czech Republic (material feature of classified information) and which can be classified under an item listed in the catalogue of areas of classified information in accordance with the Annex to the Government Regulation (formal feature of classified information). When marking the classification level, it is not sufficient to simply classify the information under one of the items in the catalogue, but it is always necessary to take into account any harm to the interest or disadvantage to the interest of the Czech Republic that could arise from the disclosure of the information to an unauthorized person or its misuse.

What are the Office's office hours during a state of emergency?

Office hours during the state of emergency are Monday 8:00-13:00 and Wednesday 8:00-13:00.

Can the Secretary of the Municipality, as the responsible person, issue a notice for access to classified information at the level reserved also to the mayor and deputy mayor, or must this verification be carried out by the NSA?

Yes, I did. In the case of towns and villages, the responsible person is the secretary of their office or, failing that, the mayor. Within a city or municipality, the Secretary of the Office is responsible to all authorities, including the mayor and deputy mayor. Therefore, as the responsible person or person designated by him/her, he/she may verify the conditions for access to restricted classified information and issue a notice to the mayor and deputy mayor.

If a new natural person’s certificate is issued, must the person be informed again?

Yes, the validity of the previous instruction cannot be understood as continuous (Section 11(4) of the Act).

Is there a database of translators or interpreters who hold a natural person’s certificate for the purpose of translating or interpreting classified documents?

No, it doesn't exist. The NSA is not legally entitled to maintain such a database.

On the basis of which provision of the law can the responsible person delegate the function of security director to someone else?

In order to ensure and fulfil the obligations within the scope of the Act, the responsible person may establish the function of Security Director pursuant to Section 71(1) of the Act, otherwise he/she also performs this function himself/herself and thus performs all the tasks required by the Act in the area of protection of classified information and security capability from the State authority, the responsible person and the Security Director.
The Security Director is the executive body of the responsible person in the field of the protection of classified information and the responsible person may entrust him in writing with the provision and performance of duties within the scope of the Act and in accordance with the provisions of Section 71(3) of the Act.

Is it necessary to report the resignation of an employee who, together with the function, was included in the list of names and functions of employees who have access to classified information?

Pursuant to Section 66(1)(d) of the Act, an employee who has resigned from a position in which he or she has been granted access to classified information is obliged to notify the NSA without delay of a change in the data contained in his or her application by a natural person. His employer is not obliged to report that this person has been removed from the list of persons who have access to classified information.

If classified information of the level Reserved between the Czech Republic and EU Member States is released, is it released via the central register or is it released directly (via the department register) to the EU institution?

The Act does not require the provision of classified information classified as Reserved in International Relations through its own registry or central registry or the registry of the Ministry of Foreign Affairs, as it provides classified information classified as Top Secret, Secret or Confidential.

Can Classified Information Reserved be carried by a non-notified or certified courier?

Decree No 275/2022 on administrative security and registers of classified information, as amended, addresses this issue in Section 23(4): ‘In the case of a consignment classified as Reserved, the courier shall present to the sender a valid notification pursuant to Section 6 of the Act, a certificate of a natural person pursuant to Section 54 of the Act or a document pursuant to Section 85 of the Act; if the courier is a person referred to in Section 58a(1) of the Act, the courier shall be accompanied by an instruction and, if issued, a service card.’
It therefore follows that restricted classified information cannot be transported by a courier who does not have a valid notification or does not hold a natural person’s certificate, with the exception of persons referred to in Section 58a(1) of the Act who provide information (and, where applicable, a service card).

Certification procedure

News

FAQ