LAW
412/2005 Coll.
of 21 September 2005
on the protection of classified information and on security capability
as amended by Act No 119/2007, Act No 177/2007, Act No 296/2007, Act No 32/2008, Act No 124/2008, Act No 126/2008, Act No 250/2008, Act No 41/2009, Act No 227/2009, Act No 281/2009, Act No 255/2011, Act No 420/2011, Act No 167/2012, Act No 303/2013, Act No 181/2014, Act No 250/2014, Act No 375/2015, Act No 298/2016, Act No 204/2015, Act No 135/2016, Act No 183/2017, Act No 205/2017 Act No 256/2017, Act No 35/2018, Act No 46/2020, Act No 523/2020, Act No 261/2021, Act No 277/2019, Act No 267/2024 and Act No 77/2025.
The Parliament has decided on the following law of the Czech Republic:
PART I
BASIC PROVISIONS
§ 1
Subject matter
This Act regulates the principles for determining information as classified information, the conditions for access to it and other requirements for its protection, the principles for determining sensitive activities and the conditions for their performance and the related performance of state administration.
§ 2
Definition of terms
For the purposes of this Act, the following definitions shall apply:
a) classified information means information in any form classified under this Act, the disclosure or misuse of which may harm or be disadvantageous to the interests of the Czech Republic, and which can be classified under an item listed in the catalogue of areas of classified information (Section 139);
b) the interest of the Czech Republic in preserving its constitutionality, sovereignty and territorial integrity, ensuring internal order and security, international obligations and defence, protecting the economy and protecting the life or health of natural persons,
c) breach of duty in protecting classified information breach of duty imposed by this Act or on the basis of this Act,
d) the authority of the state organizational unit of the state under a special legal regulation1), county2), Capital City of Prague3), Prague City District and Municipality4) in the exercise of state administration in matters provided for by special legislation; State authority means also intelligence services56) the Czech National Bank7),
- At the Ministry, the Minister,
- at another central administrative office, the person who is at the head of that office; in the case of a collegiate body, only the natural person who directs the activities of that body is responsible;
- in the case of an organisational unit of the State established by another organisational unit of the State, the person who is the responsible person in the organisational unit of the State performing the function of its founder,
- in the case of other organisational units of the State, the person who heads them,
- the Director of Intelligence,
- the Governor of the Czech National Bank,
- in the region, the director of the regional office,
- near the City of Prague, the director of the City of Prague,
- near the city district of the capital city of Prague, the secretary of the office of the city district or, if not, the mayor of the city district,
- at the Statutory City, the Secretary of the Municipality,
- for other towns and municipalities, the secretary of their office or, if not, the mayor,
- in the case of an organisational unit of a territorial self-governing unit, who is the responsible person in the case of a territorial self-governing unit performing the function of its founder,
-
in the case of an entrepreneur under Section 15 who is a legal person and in the case of another legal person not listed in points 6 to 11, a natural person who is its individual statutory body or, if a legal person has several individual statutory bodies or the statutory body of that legal person is a collective body, a member of the statutory body who is a natural person and is designated to act in matters governed by this Act,
-
in the case of an entrepreneur under Section 15 who is a natural person and in the case of another natural person doing business, that natural person,
-
the Head of the Office of the Chamber of Deputies of the Chamber of Deputies, and
-
in the Senate, the Head of the Office of the Senate,
f) the originator of the classified information is a state authority, a legal person pursuant to Section 60b or an entrepreneur from whom the classified information originated, or the Industrial Property Office pursuant to Section 70(4),
by a foreign power, a foreign State or its body, or a supranational or international organization or its body;
an unauthorised person means a person who does not meet the conditions for access to classified information laid down in this Act;
instructing a written record of a natural person's knowledge of his or her rights and obligations with regard to the protection of classified information and the consequences of breaching them;
a security standard means a classified set of rules setting out procedures, technical solutions, security parameters and organisational measures to ensure the lowest possible level of protection for classified information;
the security mode of operation of the environment in which the information system operates, characterised by the level of classification of classified information handled and the levels of user authorisation.
PART TWO
PROTECTION OF CLASSIFIED INFORMATION
Title I
Preliminary provisions
§ 3
Damage to the interest of the Czech Republic and disadvantage for the interests of the Czech Republic
(1) For the purposes of this Act, damage to the interest of the Czech Republic means damage to or threat to the interest of the Czech Republic. Depending on the seriousness of the damage or threat to the interest of the Czech Republic, the damage is divided into exceptionally serious damage, serious damage and simple damage.
(2) Exceptionally serious damage to the interest of the Czech Republic arises from the disclosure of classified information to an unauthorized person or the misuse of classified information, which may result in
an imminent threat to the sovereignty, territorial integrity or democratic foundations of the Czech Republic;
large-scale loss of human life or a large-scale threat to the health of the population;
c) exceptionally serious or long-term damage to the economy of the Czech Republic,
d) significant disruption of the internal order and security of the Czech Republic,
a particularly serious threat to significant security operations or the activities of intelligence services;
a particularly serious threat to the activities of the North Atlantic Treaty Organisation, the European Union or a Member State;
g) a particularly serious threat to the combat capability of the armed forces of the Czech Republic, the North Atlantic Treaty Organization or its Member State or a Member State of the European Union, or
exceptionally serious damage to the diplomatic or other relations of the Czech Republic with the North Atlantic Treaty Organisation, the European Union or a Member State.
(3) Serious damage to the interest of the Czech Republic arises from the disclosure of classified information to an unauthorized person or the misuse of classified information, which may result in
a) threat to the sovereignty, territorial integrity and democratic foundations of the Czech Republic,
b) significant damage to the Czech Republic in the financial, monetary or economic sphere,
c) loss of human life or endangering the health of the population,
d) violation of internal order and security of the Czech Republic,
e) serious threat to the combat capability of the armed forces of the Czech Republic, the North Atlantic Treaty Organization or its Member State or a Member State of the European Union,
a serious threat to the significant security operations or activities of the intelligence services;
a serious threat to the activities of the North Atlantic Treaty Organization, the European Union or a Member State;
serious disruption of the diplomatic relations of the Czech Republic with the North Atlantic Treaty Organization, the European Union or a Member State or another State; or
a serious increase in international tensions.
(4) Simple damage to the interest of the Czech Republic arises from the disclosure of classified information to an unauthorized person or the misuse of classified information, which may result in
a) deterioration of the relations of the Czech Republic with foreign power,
b) endangering the safety of the individual,
threat to the combat capability of the armed forces of the Czech Republic, the North Atlantic Treaty Organization or its Member State or a Member State of the European Union;
d) threats to security operations or activities of intelligence services,
jeopardising the activities of the North Atlantic Treaty Organisation, the European Union or a Member State thereof;
frustrate, impede or jeopardize the investigation or investigation of particularly serious crimes;10) or to facilitate their perpetration,
g) the occurrence of non-negligible damage to the Czech Republic, or
h) serious disruption of the economic interests of the Czech Republic.
(5) unfavourable to the interests of the Czech Republic is the disclosure of classified information to an unauthorized person or the misuse of classified information, which may result in
a) disruption of the activities of the armed forces of the Czech Republic, the North Atlantic Treaty Organization or its Member State or a Member State of the European Union;
frustrate, impede or jeopardise the investigation or investigation of offences other than those referred to in paragraph 4(f) or facilitate the commission thereof;
c) damage to the important economic interests of the Czech Republic or the European Union or its Member State,
d) disruption of important business or political negotiations of the Czech Republic with foreign power, or
e) disruption of security operations or activities of intelligence services.
§ 4
Degrees of secrecy
(1) Information the disclosure or misuse of which may cause damage to the interest of the Czech Republic or may be disadvantageous for this interest and which can be classified under an item listed in the catalogue of areas of classified information, shall classify and mark the originator with a classification level
a) Top secret, if its disclosure to an unauthorized person or abuse can cause extremely serious harm to the interest of the Czech Republic,
b) Secret, if its disclosure to an unauthorized person or abuse can cause serious harm to the interests of the Czech Republic,
c) Confidential, if its disclosure to an unauthorized person or abuse may cause simple harm to the interests of the Czech Republic, or
d) Reserved if its disclosure to an unauthorized person or abuse may be disadvantageous to the interest of the Czech Republic.
(2) Where classified information consists of subclassified information of different classification levels, it shall be classified and marked according to the highest classification level of the subclassified information or higher.
(3) Classified information shall, when made available orally, visually or audibly, be marked with an oral statement or by any other appropriate means to indicate that it is classified information of the appropriate classification level.
(4) Classified information in analogue form shall be marked with a security classification.
(5) Classified information in electronic form shall be electronically classified prior to its disclosure; where this is not possible, it shall be marked when it is made available in accordance with paragraph 3.
§ 5
Types of ensuring the protection of classified information
The protection of classified information shall be ensured by:
personnel security, consisting of the selection of natural persons to have access to classified information, the verification of the conditions for their access to classified information, their upbringing and protection;
b) industrial security, which consists of a system of measures to identify and verify the conditions for the entrepreneur's access to classified information and to ensure the handling of classified information by the entrepreneur in accordance with this Act,
c) administrative security, which consists of a system of measures in the creation, reception, recording, processing, sending, transport, transmission, storage, shredding proceedings, archiving, or other handling of classified information,
physical security, consisting of a system of measures designed to prevent or impede access to classified information by an unauthorised person, or to access or attempt to record such information;
the security of information or communication systems, consisting of a system of measures aimed at ensuring the confidentiality, integrity and availability of classified information handled by those systems and the responsibility of the administration and the user for their activities in the information or communication system; and
cryptographic protection, consisting of a system of measures to protect classified information by using cryptographic methods and cryptographic materials in the processing, transmission or storage of classified information.
Title II
Personnel security
Conditions for access by a natural person to classified information at security level Reserved
§ 6
(1) A natural person may be granted access to restricted classified information if he or she is strictly necessary for the performance of his or her function, work or other activity, holds a notice of compliance with the conditions for access to restricted classified information (hereinafter referred to as "notification"), a certificate of a natural person (Section 54) or a document (Section 80) and is informed, unless this Act or a special legal regulation stipulates otherwise (Sections 58 to 62).
(2) the notification shall be issued to a natural person who
a) is fully competent,
(b)) has reached at least 18 years of age,
c) is of good repute pursuant to § 8.
(3) The fulfilment of the conditions referred to in paragraph 2 shall be verified and the notification issued to the natural person by the person who is responsible to him in the context of the service relationship or employment, membership or similar relationship, or a person designated by him. In the case of a natural person in respect of whom the person responsible is not the person referred to in the first sentence, compliance with the conditions referred to in paragraph 2 shall be verified and the notification to the natural person shall be issued by the person responsible, or a person designated by him, who shall grant the natural person access to classified information classified at the level reserved. In other cases, the fulfilment of the conditions referred to in paragraph 2 shall be verified and the notification issued to the natural person by the National Security Authority (hereinafter referred to as ‘the Authority’) on the basis of a reasoned written request.
§ 7
(1) The condition of legal capacity shall be proved by a declaration of legal capacity of the natural person. The condition of age is proven by an identity card or travel document of a natural person. Proof of good repute shall be furnished by means of an extract from the Criminal Register11) and, in the case of a foreign national, a similar document of the State of which the foreign national is a national, if he/she has resided there continuously for more than 6 months after reaching the age of 15 years, as well as of the State in which the foreign national has resided continuously for more than 6 months, or an extract from the Criminal Register with an annex containing information that is entered in the criminal records of such State. If a foreign state does not issue a document similar to an extract from the criminal record, the condition of good repute is proved by a solemn declaration. Proofs of good repute shall not be more than 3 months old from their date of issue.
(2) The documents referred to in paragraph 1 shall be submitted by a natural person; if integrity is assessed by a state authority, it requests an extract from the Criminal Register11). An application for an extract from the Criminal Register and an extract from the Criminal Register shall be transmitted in electronic form in a manner allowing remote access. Other documents proving the integrity of the foreign national shall be submitted by the foreign national.
(3) The implementing legislation shall lay down a model for the declaration of legal capacity of a natural person.
§ 8
Integrity for the purposes of issuing notices
A natural person who has not been convicted by a judgment which has the force of res judicata of an intentional offence or an offence relating to the protection of classified information, or who is regarded as not having been convicted, fulfils the requirement of good repute for the purposes of issuing a report.
§ 9
(1) Prior to first access to classified information classified at the level Reserved, whoever is responsible to a natural person in the context of a service relationship or employment, membership or similar relationship, shall ensure its instruction. In the case of a natural person in respect of whom the person responsible is not the person referred to in the first sentence, the person responsible shall instruct the person who gives access to the classified information. The instruction shall be signed by the natural person and by the person who carried out the instruction; one copy of the instruction shall be handed over to her and one copy shall be deposited:12).
(2) The person who issued the notification is obliged to verify compliance with the conditions laid down in Section 6(2)(a) and (c) every 5 years from the date of its issue; It shall be entitled to verify compliance with these conditions even before the expiry of this period if there are reasonable doubts that a person has ceased to comply with any of them. A copy of the notification and the instructions and supporting documents for verifying compliance with the conditions under Section 6(2)(a) and (c) may be kept for a maximum of 5 years from the date on which the notification ceases to be valid.
(3) the validity of the notice expires
a) by delivering a written notification to the person who issued the notification that the natural person has ceased to meet the condition referred to in Section 6(2)(a) or (c);
the termination of an employment relationship or an employment, membership or similar relationship in which a natural person has been granted access to classified information;
the establishment of a service relationship or an employment, membership or similar relationship in which a natural person is to be granted access to classified information, if the notice has been issued by the person responsible or by a person designated by him who has granted the natural person access to classified information classified at the level reserved, or by the Office pursuant to Section 6(3);
the death or declaration of death of a person;
e) by announcing its theft or loss,
f) by reporting such damage that the entries contained in it are illegible or its integrity is violated,
g) by delivering a written notification to the person who issued the notification that the natural person has not complied with the obligation under Section 10(2)(b) within the prescribed period;
h) by returning the notification to the person who issued it or, if it is not, to the Office,
the fifteenth day after receipt of the natural person's certificate or document; or
a change in one of the particulars contained therein.
(4) In the event of termination of the notification pursuant to paragraph 3 (a) and (g), the person who issued the notification shall ensure that the natural person has no access to classified information and shall notify the natural person of such termination in writing. It shall state in the written notification the reason for the lapse of validity of the notification. Upon termination of the notification pursuant to paragraph 3, points (b) to (d), (f), (h) or (i), the person who issued the notification shall make a written record of such termination, which shall store:12).
(5) If the holder of the notification within 15 days from the date of expiry of its validity pursuant to paragraph 3 (e) or (f) and within 30 days from the date of expiry of its validity pursuant to paragraph 3 (j) request in writing the person who issued the notification to issue a new notification, the natural person’s access to classified information is not affected by the expiry of the original notification; the person who issued the notification shall, within 5 days of receipt of the request, issue a new notification replacing the original one.
(6) In the event of termination of the notification pursuant to paragraph 3(a) or (g), the natural person is obliged to submit the notification within 15 days from the date of receipt of the written notification and, in the event of termination of the notification pursuant to paragraph 3(b), (c) or (i), within 15 days from the date of such termination and, in the event of termination of the notification pursuant to paragraph 3(j), within 30 days from the date of such termination to the person who issued the notification.
(7) In the event of termination of the validity of the notification, the natural person shall be deemed not to have been informed.
(8) The implementing legislation provides for a model notification and instruction.
§ 10
(1) The conditions referred to in Section 6(2)(a) and (c) must be met by the natural person who is the holder of the notification during the entire period of access to classified information classified at the level reserved.
(2) the natural person referred to in paragraph 1 shall be obliged to
a) communicate in writing to the person who issued the notice,
- a change concerning the conditions referred to in Section 6(2)(a) and (c);
- theft, loss or damage of the notification,
- the date of receipt of the natural person’s certificate or document;
- the facts referred to in Section 9(3)(c), (f) and (j),
within 15 days of the date on which the change or fact occurred or became known to the natural person and, in the event of termination of the notification under Section 9(3)(j), within 30 days;
b) in the cases referred to in Section 9(2), to submit, within the prescribed period, at the request of the person who issued the notification,
1. extract from the Criminal Register11)in the case of a foreign national, a similar document of the State of which the foreign national is a national, as well as of the State in which the foreign national has resided continuously for more than 6 months in the last 5 years, or an extract from the Criminal Register with an annex containing information entered in the criminal records of that State; if the foreign state does not issue a document similar to an extract from the criminal record, a solemn declaration; and
2. a declaration of legal capacity by the natural person;
these documents must not be older than 3 months.
Conditions for access by a natural person to classified information at classification level
Top Secret, Secret or Confidential
§ 11
(1) A natural person may be granted access to classified information classified at the level Top Secret, Secret or Confidential if it is strictly necessary for the performance of his function, work or other activities, holds a valid certificate of a natural person (Section 54) of the relevant classification level and is informed, unless this Act or a special legal regulation stipulates otherwise (Sections 58 to 62).
(2) Prior to first access to classified information classified as Top Secret, Secret or Confidential, a person who is responsible to a natural person in the context of a service relationship or an employment, membership or similar relationship shall ensure that he or she is instructed. In the case of a natural person in a relationship to which the person responsible is not the person referred to in the first sentence, the person responsible shall instruct the person who gives the natural person access to the classified information. The instruction shall be signed by the natural person and by the person who carried out the instruction; one copy of the instruction shall be handed over to her, one copy shall be saved by12) and send a copy to the Office; a copy of the instructions may also be sent to the Office electronically. The obligation to send a copy of the instructions to the Office shall not apply to intelligence services in cases pursuant to Section 140(1)(a) and to the Ministry of the Interior in cases pursuant to Section 141(1).
(3) The Director of the Office and the Director of the Security Information Service shall be instructed by the Prime Minister, the Director of the Office for Foreign Relations and Information shall be instructed by the Minister of the Interior and the Director of Military Intelligence shall be instructed by the Minister of Defence; paragraph 2 shall apply mutatis mutandis to the signature, transmission and storage of the copy of the instruction.
(4) In the event of termination of the validity of a natural person's certificate (Section 56(1)) or termination of an employment relationship or an employment, membership or similar relationship in which a natural person has been granted access to classified information, the natural person shall be deemed not to have been informed.
Section 11a
In the event of termination of a service relationship or employment, membership or similar relationship, or in the event of a change in a service office in which a natural person has been granted access to classified information, that person shall confirm in writing that he or she is aware of the obligation to maintain confidentiality with regard to the classified information to which he or she has had access and not to grant access to it to an unauthorised person. The responsible person is obliged to ensure that this action is carried out.
§ 12
Conditions for issuing a certificate of a natural person
(1) the certificate of a natural person the Office shall issue to a natural person who
a) is a citizen of the Czech Republic or a national of a Member State of the European Union or the North Atlantic Treaty Organization,
(b)) meets the conditions referred to in Section 6(2)(a) and (b),
(c)) is safe and
d) is of good repute pursuant to § 13.
(2) The conditions referred to in paragraph 1 must be met by a natural person throughout the period of validity of the natural person's certificate (Section 55).
§ 13
Integrity for the purpose of issuing a natural person’s certificate
(1) The condition of good repute for the purpose of issuing a certificate of a natural person shall be met by a natural person who has not been convicted by a final judgment of an intentional crime or a crime related to the protection of classified information, or who is regarded as not having been convicted. If the criminal prosecution for such an offence has been conditionally suspended or the application for punishment has been conditionally postponed, the condition of good repute is met only after the natural person has proved his or her worth under another legal regulation57). In the case of a decision approving a settlement in criminal proceedings for an intentional criminal offence, the condition of good repute is met if a period of at least 5 years has elapsed since such a decision became final.
(2) the condition of good repute is verified by a copy from the Criminal Register11) and, in the case of a foreign national, a document similar to an extract from the Criminal Register of the State of which the foreign national is a national, as well as the State in which the foreign national has resided continuously for more than 6 months after reaching the age of 15, or an extract from the Criminal Register with an annex containing information that is entered in the Criminal Register of such a State. If a foreign state does not issue a document similar to an extract from the criminal record, the condition of good repute is proved by a solemn declaration. Proof of good repute must not be older than 3 months.
§ 14
Safety reliability
(1) The condition of safety reliability is met by a natural person for whom a safety risk is not identified.
(2) The security risk is
a) activities against the interest of the Czech Republic,
b) activities consisting in the suppression of fundamental rights and freedoms, or the promotion of such activities,
the fact that the financial situation is manifestly disproportionate to the duly declared income of the natural person; or
d) repeated failure to provide the necessary cooperation or to grant consent pursuant to Section 107(4) in ongoing proceedings for the revocation of the validity of a natural person's certificate, if it is not possible to decide on the matter without providing cooperation.
(3) a safety risk can also be considered
a) inclusion in the component of the former State Security with intelligence or counterintelligence focus, the intelligence administration of the General Staff of the Czechoslovak People's Army or the Department of Internal Protection of the Correctional Education Corps, or demonstrable cooperation with the former State Security or the intelligence administration of the General Staff of the Czechoslovak People's Army or the Department of Internal Protection of the Correctional Education Correctional Education Correctional Education Correction,
b) intentional violation of legal regulations, on the basis of which the interest of the Czech Republic may be harmed,
c) conduct that negatively affects the credibility or influenceability of a natural person;
d) contacts with a person who develops or has developed activities against the interest of the Czech Republic,
breach of the conditions for access to classified information or other obligations to protect classified information; or
f) the fact that a natural person suffers from such a disorder of health or there are such characteristics in the structure of his personality that may negatively affect his ability to conceal information.
(4) The safety risks referred to in paragraph 2(a) to (c) and paragraph 3(a) shall be identified in the procedure for the period from 15 years of age. The security risk referred to in point (d) of paragraph 2 shall only be identified in ongoing proceedings for the revocation of a natural person’s certificate. The security risks referred to in points (b) to (e) of paragraph 3 shall be identified for a period of 10 years at Confidential, 15 years at Secret and 20 years at Top Secret preceding the date of initiation of the procedure or from 15 years of age, whichever is the shorter.
(5) In assessing whether the fact referred to in paragraph 3 is a security risk, account shall be taken of the extent to which it may affect the ability to conceal information, the time of its occurrence, its extent, nature and the behaviour of the natural person during the period referred to in paragraph 4.
(6) The intelligence service may perform a physio-detection examination of its members, employees and applicants for recruitment to the service or basic employment relationship when verifying the condition of security reliability. The Intelligence Service for its members, employees and applicants for recruitment to the service or basic employment relationship in cases pursuant to Section 140(1)(a) and the Ministry of the Interior in cases pursuant to Section 141(1) may, when establishing and assessing facts pursuant to paragraph 3(f), carry out a psychological or medical examination by a specialist office of the Intelligence Service or the Ministry of the Interior.
Title III
Industrial security
Conditions for the entrepreneur's access to classified information and forms of the entrepreneur's access to classified information
§ 15
Access to classified information may be granted to an entrepreneur who is a natural person with permanent residence in the territory of the Czech Republic registered in the Trade Register, Commercial Register or other register kept under another law of the registrant and who pursues business activities or a legal person with its registered office in the Czech Republic registered in the Commercial Register, whose main activity is business activities, if it is strictly necessary for the performance of its activities, and if, when accessing classified information,
a) security level Reserved
1. substantiate by a written declaration its ability to ensure the protection of classified information (hereinafter referred to as ‘the declaration of the entrepreneur’), or
2. is the holder of a valid certificate of the entrepreneur, or
b) Confidential and higher is the holder of a valid certificate of the entrepreneur of the relevant classification level,
unless otherwise provided for in Sections 58 to 62.
Section 15a
Declaration by the entrepreneur
(1) the entrepreneur is entitled to make a declaration of the entrepreneur, if
a) has created conditions for the protection of classified information classified at the level of the Reserved level corresponding to the form of access to this information (Section 20) and the appropriate type of ensuring its protection (Section 5),
the responsible person is the holder of a notification, a certificate of a natural person or a document.
(2) The fulfilment of the conditions for access to classified information pursuant to Section 15(a)(1) shall be demonstrated by the entrepreneur to the provider of classified information classified at the level reserved (hereinafter referred to as "provider of reserved information") by handing over the entrepreneur's declaration before the first access to this information; the entrepreneur is entitled to require the submission of the entrepreneur's security documentation. The provider of the reserved information shall send a copy of the entrepreneur's declaration to the Office without delay.
(3) An Entrepreneur for whom Classified Information classified as Reserved will only be generated shall send a declaration of the Entrepreneur immediately after making it to the Office.
(4) An entrepreneur who terminates access to classified information classified at the level of the Reserved shall immediately notify in writing the person to whom he has forwarded or sent the entrepreneur's declaration pursuant to paragraph 2 or 3; this shall not apply if the entrepreneur’s declaration under paragraph 5(a) has lapsed.
(5) the validity of the declaration of the entrepreneur expires
a) the expiration of 5 years from the date on which it was made,
b) the date of delivery of the written notification of the entrepreneur pursuant to paragraph 4 to the provider of the reserved information or the Office,
c) the date of delivery of the entrepreneur's certificate for the form of access pursuant to Section 20(1)(a) or for the same form of access by the entrepreneur to classified information,
d) the dissolution or dissolution of the entrepreneur,
if the entrepreneur no longer meets any of the conditions referred to in paragraph 1, or
f) by changing any of the data specified in the declaration of the entrepreneur.
(6) The entrepreneur shall immediately notify in writing the expiration of the validity of the entrepreneur's declaration pursuant to paragraph 5 (c), (e) and (f) to whom pursuant to paragraph 2 or 3 handed over or sent the entrepreneur's declaration.
(7) The requirements of the declaration of the entrepreneur shall be laid down in the implementing legislation.
§ 16
Conditions for issuing the certificate of the entrepreneur
(1) the Certificate of Entrepreneur The Office shall issue to the Entrepreneur,
which is economically stable;
(b)) which is safe,
which is capable of ensuring the protection of classified information;
d) if the responsible person holds a valid certificate of a natural person for at least the level of classification for which the entrepreneur applies for the issue of the certificate of the entrepreneur,
which is of good repute.
(2) The conditions referred to in paragraph 1 must be fulfilled by the entrepreneur throughout the period of validity of the certificate of the entrepreneur (Section 55).
§ 17
Economic stability
(1) the condition of economic stability does not meet the entrepreneur,
a) in which the court declared a moratorium15),
(b)) against whose property is issued a decision on bankruptcy15),
which has been placed in receivership or temporary administration in the last 3 years or has been subject to resolution action under the Act on Recovery and Resolution in the Financial Market in the last 3 years; or
which, on the basis of its regular financial statements, has shown negative equity in the last 5 consecutive financial years.
(2) Entrepreneurs can also be considered economically unstable,
a) who has recorded arrears in social security contributions, contributions to the state employment policy or public health insurance premiums, including penalties,
b) who has arrears in income tax, value added tax or other tax, arrears in customs duties or arrears in accessories to tax or customs duties,
who persistently or repeatedly fails to fulfil financial obligations towards the State, natural or legal persons;
d) in respect of which execution has been decided on his property,
for which, for at least the last five consecutive tax years, the result of the business activity is a loss; or
which, on the basis of the regular financial statements, shows negative equity.
§ 18
Safety reliability
(1) The condition of safety reliability is not met by an entrepreneur for whom a safety risk has been identified.
(2) The security risk is
a) the fact that the entrepreneur, a member of his statutory or supervisory body, a procurator or a natural person with decisive influence on the entrepreneur has developed or is developing activities against the interest of the Czech Republic,
b) the activities of the entrepreneur, a member of his statutory or supervisory body, a procurator or a natural person with a decisive influence on the entrepreneur consisting in the suppression of fundamental rights and freedoms or the promotion of such activities,
c) the fact that the rights of a partner or a member of a business corporation with at least 10% share in the share capital or voting rights, including through other legal entities, are exercised by a trustee and that the founder of the trust, the trustee of the trust or the beneficiary, who is to be the recipient of the benefit from this trust, is or has been engaged in an activity against the interest of the Czech Republic or an activity consisting in the suppression of fundamental rights and freedoms or has supported such an activity, or
d) repeated failure to provide the necessary cooperation or to grant consent pursuant to Section 108(7) in ongoing proceedings for the revocation of the validity of the entrepreneur's certificate, if it is not possible to decide on the matter without providing cooperation.
(3) a safety risk can also be considered
a) capital, financial or business relations to other natural or legal persons or to foreign powers that develop or have developed activities against the interest of the Czech Republic,
b) personnel instability in the statutory or supervisory body or in the persons of procurators,
c) the conduct or activity of the entrepreneur, a member of his statutory or supervisory body or a procurator, which has a negative impact on the entrepreneur or may negatively affect the credibility of the entrepreneur,
breach of duty in protecting classified information;
e) final conviction of a partner or member of a business corporation with decisive influence on entrepreneurs for an intentional crime,
f) intentional violation of legal regulations by a partner or a member of a business corporation or another person who has a decisive influence on the entrepreneur,
g) intentional violation of legal regulations by persons authorized to act on behalf of the entrepreneur or on behalf of the entrepreneur, on the basis of which the interest of the Czech Republic may be harmed,
h) the relationship of a person who has an influence on the conduct of the entrepreneur to natural persons or legal entities or to foreign powers that have developed or are developing activities against the interest of the Czech Republic,
i) the fact that a legal person is a member of the statutory or supervisory body of the entrepreneur,
j) final conviction of the entrepreneur for a criminal offence,
k) the fact that the entrepreneur does not pay his/her pecuniary debts, even though he/she is not prevented from doing so by other circumstances foreseen by other legislation, for which these debts cannot be paid,
l) the fact that a partner or a member of a business corporation with a decisive influence on entrepreneurs is a foreign legal entity in which the acts in the proceedings cannot be ascertained or verified ownership structure, or
m) the fact that it is not possible to verify the security reliability of the entrepreneur, because the partner or member of the business corporation with a decisive influence on the entrepreneur, including through other legal entities, is a foreign person.
(4) The decisive influence pursuant to paragraph 2(a) and (b) and paragraph 3(e), (f), (l) and (m) is the possibility to enforce in fact or on the basis of the right to appoint, dismiss or elect a person who is a member of an individual statutory or supervisory body, or a majority of persons who are members of the collective statutory or supervisory body of the entrepreneur, including through other legal entities. The effect referred to in paragraph 3(h) is the ability to influence, directly or indirectly, the conduct of the entrepreneur.
(5) In assessing whether the fact referred to in paragraph 3 is a security risk, account shall be taken of its extent and nature, the time of its occurrence and the extent to which it may affect the ability of the entrepreneur to conceal information.
§ 19
Eligibility to ensure the protection of classified information
The condition of eligibility to ensure the protection of classified information is not met by an entrepreneur who is unable to ensure and comply with the various types of ensuring the protection of classified information under this Act, depending on the appropriate level of classification and the form of access to classified information.
Section 19a
Integrity for the purposes of issuing a certificate as an entrepreneur
The condition of good repute for the purposes of issuing the entrepreneur's certificate is met by an entrepreneur who has not been convicted by a final judgment of an intentional crime or a crime related to the protection of classified information, or who is regarded as not having been convicted. If the criminal prosecution for such an offence has been conditionally suspended or the application for punishment has been conditionally postponed, the condition of good repute is met only after the entrepreneur has proved himself under another legal regulation57). In the case of a decision approving a settlement in criminal proceedings for an intentional criminal offence, the condition of good repute is met if a period of at least 5 years has elapsed since such a decision became final.
§ 20
Forms of access by entrepreneurs to classified information
(1) the entrepreneur has access to classified information,
a) which arises from it or is provided to it, or
to which the entrepreneur's employees or persons acting on behalf of the entrepreneur or on behalf of the entrepreneur have access, in connection with the performance of work or other activities for the entrepreneur on the basis of a contract, without being provided to or arising from the entrepreneur.
(2) In the case of access under paragraph 1(b), the entrepreneur must meet the condition under Section 16(1)(c) only by ensuring the protection of classified information by personnel security (Section 5(a)).
Title IV
Administrative security
Marking of data and recording of classified information
§ 21
(1) On classified information, the originator is obliged to mark its name, its classification level, its registration marking and the date of its creation, unless otherwise specified below.
(2) Classified information provided to the Czech Republic by a foreign power shall be marked by a state authority, a legal entity under Section 60b or an entrepreneur, if they register such classified information first (Sections 77 to 79), the classification level specified in Section 4, in accordance with an international treaty by which the Czech Republic is bound and on the basis of which the classified information is provided, including any abbreviation under this treaty (for example, the abbreviation "EU", "EURA" or "NATO"), or in accordance with the requirement of a foreign power or the classification level of a foreign power on the classified information provided marked; the name of the originator and the date of origin of the classified information shall not be marked.
(3) Classified information that requires stricter conditions in ensuring the individual types of protection of classified information (hereinafter referred to as the "special handling regime") in areas laid down in particular by an international treaty to which the Czech Republic is bound, or by regulations of an international organization of which the Czech Republic is a member, shall also be marked with the appropriate additional marking (for example, the marking "KRYPTO" in the case of classified information in the field of cryptographic protection, and the marking "ATOMAL" in the case of classified information in the field of weapons of mass destruction).
(4) Where the particulars referred to in paragraphs 1 to 3 cannot be indicated on the information, they shall be indicated in such a way that they can be ascertained at any time.
(5) Classified information shall be registered in the administrative aids specified in the implementing legislation and in the manner specified therein; this shall not apply if, for background material classified at security level Reserved for Classified Information, the Reserved Responsible Person determines that it shall not be registered. Administrative aids shall also record the transmission, receipt or other movement of classified information or the acquaintance with its contents.
(6) A copy, copy or translation of Top Secret Classified Information or an extract thereof may be made only with the written consent of the originator; in the case of classified information classified as Secret or Confidential, they may be prepared only with the written consent of the immediate superior.
(7) Classified information may only be carried or carried in portable containers or in sealed packaging, depending on its classification level and its medium; it can only be transported by courier or postal licence holder17).
(8) The receipt of classified information shall be confirmed by the recipient, unless this Act provides otherwise (Section 23(1)).
(9) The stored classified information may be lent only to natural persons who are to a state authority, a legal person pursuant to Section 60b or an entrepreneur in a service relationship or in an employment, membership or similar relationship.
(10) When discarding classified information in the shredding procedure shall proceed according to a special legal regulation18).
(11) Where there is an imminent risk of disclosure of European Union classified information, the originator, courier or addressee shall destroy the classified information in such a way as to prevent it from being reinstated or part of it from being reinstated; the addressee or courier shall immediately notify the originator and the Office in writing.
§ 22
(1) The degree of secrecy on classified information shall be indicated by the originator at the time of its creation, unless this Act stipulates otherwise (Section 70).
(2) Classification markings on classified information shall be retained for the duration of the reasons for classification. The classification level may not be changed or declassified without the consent of the originator or the providing foreign power.
(3) If the nature of the classified information so requires, the originator must indicate on the classified information the period during which the information will be classified; the classification level shall expire at the end of the designated period.
(4) The originator shall cancel or change the classification level without delay upon becoming aware that the reason for the classification of the information has ceased to exist, the reasons for the classification do not correspond to the specified classification level, or if the classification level has been determined unduly, or upon receipt of a notice pursuant to paragraph 9, and shall mark the classified information with such cancellation or change of its classification level.
(5) The originator is obliged to verify whether the reason for the confidentiality of the information persists, at least once every five years from the date of its creation.
(6) If the originator has cancelled or changed the classification level in accordance with paragraph 4, he shall immediately notify the addressees of the classified information in writing. The addressees of classified information shall immediately notify in writing all other addressees to whom they have disclosed classified information.
(7) Upon receipt of the notification referred to in paragraph 6, the addressee shall indicate the cancellation or reclassification of classified information.
(8) If the originator has ceased to exist, the cancellation or modification of the classification level referred to in paragraph 4 and the notification referred to in paragraph 6 shall be carried out by his successor in title or, if he is not, or if the successor in title does not meet the conditions for access to classified information, by the Office.
(9) The Office shall, at the request of the authority of the State conducting the procedure for handling classified information, verify without undue delay whether the reasons for classification correspond to the specified classification level or whether the classification level has been established lawfully. Where the Office, in consultation with the originator of classified information, finds that the reasons for classification do not correspond to the specified classification level or that the classification level has been unduly determined, it shall invite the originator, in the case of classified information under assessment, to proceed in accordance with paragraphs 4 and 5 in accordance with the findings of the Office. Where the originator of the classified information is an intelligence service, the verification referred to in the first sentence shall not be carried out in the case of an administrative procedure; for other proceedings, it shall be carried out by the competent intelligence service.
§ 23
(1) If it is not classified information requiring a special handling regime, the obligation laid down in Section 21(8) shall not apply to the transmission of classified information
a) classified as Secret between intelligence services and similar services of a foreign power, carried out in the framework of cooperation under a special legal regulation19) in cases where the procedure under Section 21(8) cannot be complied with,
security classification level Reserved, if so provided by the responsible person and unless the foreign authority or the originator of the classified information expressly requests confirmation of receipt.
(2) the implementing legislation stipulates
a) the manner of marking the particulars on classified information pursuant to Section 21(1) to (4) and Section 22(1), (3), (4) and (7), in particular in relation to the classification level of classified information and the carrier of classified information;
the types of administrative aids referred to in Section 21(5), their particulars and the organisational and technical requirements for their management, and the extent of the background material of the security classification reserved for classified information of the security classification reserved;
c) the requirements of consent to make a copy, copy, extract and translation of classified information (Section 21(6)), the method of marking the requirements on them and the method of making an extract,
the details of the transport, transmission, receipt and lending of classified information pursuant to Section 21(7) to (9) and Section 77(6) and (8) and other related handling thereof, including the organisational arrangements for such activities, the requirements for portable containers and packaging and the marking of the relevant particulars on them, in particular in relation to the classification level of classified information and the carrier of classified information.
(3) For the processing and transmission of classified information processed in the electronic file service system, which is part of the information system handling classified information and meets the requirements laid down by the national standard for electronic file service systems, with the exception of those requirements the use of which excludes compliance with the conditions for certification of the information system for handling classified information or the use of which excludes the specific nature of the originator's competence55), paragraph 1, Section 21(1) to (4), Section 21(5), with the exception of the part of the first sentence after the semicolon, Section 21(6) as regards translation, Section 21(8) to (10) and Section 22 shall apply mutatis mutandis. In other cases, the provisions of this Title shall not apply to the processing and transmission of classified information in information and communication systems, devices pursuant to Section 36 and cryptographic products.
(4) The Office announces, by means of a communication in the Collection of Laws and International Treaties, the transfer tables of security classifications pursuant to international agreements by which the Czech Republic is bound.
Title V
Physical security
§ 24
(1) Objects, secure areas and meeting areas shall be designated to ensure the protection of classified information within the framework of physical security.
(2) An object is a building or other bounded area in which, as a rule, a secure area or meeting area is located.
(3) The protected area is the bounded space in the object.
(4) The negotiating area is the bounded space in the object. Classified information classified Top Secret or Secret may be discussed on a regular basis only in the negotiating area.
(5) Classified information is processed
in a secure area of the relevant category or higher;
(b)) in the object of the relevant category or higher, if it is ensured that the classified information does not have access to an unauthorized person,
in justified cases, with the written consent of the person responsible or the Security Director in a facility of a lower category than the classification level of the classified information processed, provided that it is ensured that the classified information is not accessed by an unauthorised person; or
in justified cases, with the written consent of the person responsible or the security director outside the premises, provided that it is ensured that the classified information is not accessed by an unauthorised person.
(6) Classified information shall be stored in a secure area of the relevant category or higher and, where appropriate, in a safe, lockable box or other box under the conditions laid down in implementing legislation.
§ 25
(1) Secured areas are classified according to the highest classification level of classified information that is stored in them, and objects are classified according to the highest classification level of classified information that is processed in them into categories
a) Top secret,
c) The secret,
c) Confidential, or
d) Reserved.
(2) Secured areas shall be classified according to the possibility of access to classified information
a) class I, when entering this area is acquainted with classified information,
class II, where access to this area does not involve acquaintance with classified information.
(3) Entry into and exit from the Secured Area must be controlled by measures pursuant to Section 27. An unauthorised person may only enter a Class II Secured Area with a person authorised to enter that area.
(4) In justified cases, with the written consent of the person responsible or a person authorised by him, class I may be changed to class II for as long as is strictly necessary, provided that it is ensured that no unauthorised person has access to the classified information.
§ 26
Discussing classified information
(1) The responsible person is obliged to ensure that the discussed classified information is not compromised or leaked in the negotiation area pursuant to Section 24(4).
(2) In order to comply with the obligation under paragraph 1, the responsible person shall request the National Cyber and Information Security Authority to verify that there is no unlawful use of technical means intended to obtain information in the area of negotiation; the person responsible may also request a screening at a Secured Area classified as Secret or Top Secret. The National Cyber and Information Security Office shall inform the Office of this request. The National Cyber and Information Security Authority shall ensure the screening in cooperation with the intelligence services and the Police of the Czech Republic (‘the Police’) and shall inform the Office of the screening carried out. For their own needs, the intelligence services and the police carry out the screening themselves.
(3) Entry into and exit from the negotiating area must be controlled by measures pursuant to Section 27. An unauthorised person may enter a meeting area only with a person authorised to enter that area.
§ 27
Physical security measures are
a) security,
(b)) regime measures,
technical means.
§ 28
(1) Security is continuously provided at the object in which there is a secured area of the category
a) Top secret, at least 2 persons at the object,
c) clandestine, at least one person at the premises and one other person who alarms technical means enable rapid intervention, if the implementation of the protection of classified information is disturbed,
Confidential, by at least one person, allowing rapid intervention by an alarm of technical means if the implementation of the protection of classified information is compromised.
(2) In the case of an object in which there is a secure area of maximum category Reserved, and in the case of an object without a secure area or meeting area, security shall be provided to the extent specified by the responsible person.
(3) For an object in which there is a meeting area in which classified information classified as Top Secret is regularly discussed, security shall be provided by at least 2 persons at the object; in the case of an object in which there is a meeting area in which classified information classified Secret is regularly discussed, at least one person at the object and one other person allowing rapid intervention by an alarm of technical means if the implementation of the protection of classified information is impaired.
(4) Security shall be provided by employees of a state authority, legal persons under section 60b or entrepreneurs whose object it is, members of the armed forces or armed security forces or members of the armed forces of a foreign power or employees of the security protection service.
§ 29
The regime measures shall specify the authorisations of persons and means of transport for entering and entering the premises, the authorisations of persons for entering the secure area and the meeting area and the method of checking these authorisations, as well as the method of handling keys and means of identification used for entry security systems pursuant to Section 30(1)(b), and the method of handling and using technical means. The regime measures shall also lay down authorisations for the exit of persons and the exit of means of transport from the premises and for their control, the conditions and method of controlling the movement of persons in the premises, the secure area and the meeting area, and the method of controlling and removing classified information from the premises, the secure area and the meeting area.
§ 30
(1) The technical means are in particular
mechanical means of restraint,
electrical locking devices and input control systems;
c) alarm security and emergency systems,
video surveillance systems;
(e)) the equipment of the fire alarm,
f) devices used to search for dangerous substances or objects,
g) equipment for the physical destruction of information carriers,
equipment against the passive and active interception of classified information.
(2) A score (Section 31(1)) shall be assigned to certified technical devices (Section 46(1)(a)) and to a responsible person or a person authorised by him or her who has approved non-certified technical devices.
(3) The technical means referred to in paragraph 1 may, in the case of the participation of the Czech Republic in international armed conflict, international rescue or humanitarian action, in other foreign missions, in the case of declaration of a state of war, in the case of a state of danger, emergency or state of danger20), in the case of intelligence operations of intelligence services and in the activities of the armed forces of the Czech Republic in the framework of military exercises and practical military training with military equipment and military equipment outside the places of permanent dislocation of the military unit, be replaced by increased security than that referred to in § 28, carried out by members of the armed forces or armed security forces on the basis of special legislation21), members of the armed forces of a foreign power or employees of the security protection service of a foreign power.
§ 31
(1) The level of security of the meeting area and the secured area by physical security measures shall be determined by scoring these measures depending on the risk assessment; points and the lowest level of security are laid down in the implementing legislation.
(2) Physical security measures, or a combination of these measures, shall correspond to at least the lowest level of security of the meeting area or Secured Area and shall be determined on the basis of a risk assessment and the classification level of classified information regularly discussed in the meeting area or the category of Secured Area.
(3) The measures referred to in paragraph 2 and the physical security measures of the building without a secure area or meeting area shall be approved and determined by the responsible person or a person authorised by him in the physical security project.
(4) The risk assessment must be carried out on an ongoing basis and, where necessary, the level of physical security measures must be adjusted.
(5) A state authority, a legal entity under Section 60b and an entrepreneur are obliged to ensure and regularly verify that the applied physical security measures comply with the physical security project and legislation in the field of protection of classified information.
§ 32
Physical Security Project
(1) a physical security project in cases where there are secured areas of the category Top Secret, Secret or Confidential in the object, contains
the identification of the object and secured areas, including their boundaries and the identification of categories and classes of secured areas;
risk assessment;
the manner in which physical security measures are applied;
the operating rules of the facility; and
e) a plan for the security of the building and secured areas in crisis situations.
(2) the physical security project in cases where there is a secured area in the object only category Reserved, contains
the identification of the object and secured areas, including their boundaries and the identification of categories and classes of secured areas; and
the manner in which physical security measures are applied.
(3) the physical security project in cases where there is a meeting area in the building, contains
a) identification of the building and the meeting area, including its boundaries,
risk assessment;
the manner in which physical security measures are applied;
the operating rules of the facility; and
e) a plan for the security of the building and the meeting area in crisis situations.
(4) the project of physical security of the object category Top Secret, Secret and Confidential without a secure area or negotiation area contains
a) identification of the object, including its boundaries,
the manner in which physical security measures are applied;
the operating rules of the facility; and
d) the security plan of the building in crisis situations.
(5) The project of physical security of an object of the category Reserved without a secured area contains the identification of the object, including its boundaries.
(6) In the cases referred to in Section 30(3), the provisions of paragraphs 1 to 5 shall apply mutatis mutandis to the physical security project; the scope of the project shall be approved and determined by the responsible person or a person authorised by that person.
(7) The physical security project is deposited with the responsible person or the security director.
§ 33
Enabling provisions
The implementing legislation shall provide for:
requirements for areas of negotiation in terms of physical security and the risk of release of classified information in the form of compromising radiation;
b) the method of storing classified information depending on the degree of its classification (Section 24(6)),
organisational requirements for the performance of surveillance (Section 28) and the security of the meeting area or secure area by such surveillance, including the determination of the category of persons referred to in Section 28(4), depending on the classification level of classified information regularly discussed in the meeting area, the category of object or the category of secure area;
d) details of the regime measures (Section 29),
e) requirements for the technical means referred to in Section 30(1) and the security of objects, meeting areas or secure areas by such means, depending on the classification level of classified information that is regularly discussed in the meeting area, or on the category of secure area, or on the category of object;
f) scoring of individual physical security measures and scoring of the lowest level of security of the meeting area or secured area, including the basic method of risk assessment (Section 31(1) and (2));
the frequency and manner of registration of verification that the physical security measures applied comply with the physical security project and the legislation on the protection of classified information, depending on the classification level of classified information (Section 31(5));
h) the content of the operating rules of the building and the plan for the security of buildings, secured areas and meeting areas in crisis situations (Section 32(1)(d) and (e) and Section 32(3)(d) and (e)).
Title VI
Security of information and communication systems
Section 33a
State administration in the field of the protection of classified information under this Title shall be carried out by the National Cyber and Information Security Authority, unless this Act provides otherwise.
§ 34
Information system
(1) For the purposes of this Act, an information system handling classified information means one or more computers, their software, including peripheral equipment, the management of this information system and related processes or means capable of collecting, creating, processing, storing, displaying or transmitting classified information (hereinafter referred to as an "information system").
(2) The information system must be certified by the National Cyber and Information Security Office [Section 46(1)(b)] and approved in writing by the responsible person or a person authorised by it. The capacity of the information system of a foreign power to handle classified information shall be verified by means of accreditation by the National Cyber and Information Security Authority.
(3) The Entrepreneur's Information System, which has access to classified information classified at the level Reserved, may be approved for operation only during the period of validity of the Entrepreneur's declaration; the approval of the information system shall also cease to be operational upon the expiration of the validity of the entrepreneur's declaration.
(4) The National Cyber and Information Security Authority may, due to identified threats or risks, provide the operator of a certified information system with additional necessary security functions or measures. The operator shall notify the National Cyber and Information Security Authority of the introduction of other necessary security functions or measures.
(5) Classified information may be handled only in an information system meeting the conditions referred to in paragraphs 2 to 4.
(6) The approval of an information system pursuant to paragraph 2 shall be notified in writing to the National Cyber and Information Security Authority by the responsible person or a person authorised by him within 30 days of such approval.
(7) the implementing legislation provides for
the requirements for the information system and the conditions for its safe operation, depending on the classification level of the classified information it handles and the security mode of operation;
the content of the information system security documentation; and
the details of the notification by the operator of the certified information system of the introduction of other necessary security functions or measures to the National Cyber and Information Security Authority.
§ 35
Communication system
(1) For the purposes of this Act, a communication system handling classified information (hereinafter referred to as the "Communication System") means a system ensuring the transmission of such information between end-users and including terminal communication equipment, peripheral equipment, transmission environment, cryptographic means, operation and operating conditions and procedures.
(2) The communication system cannot be operated without a communication system security project approved by the National Cyber and Information Security Authority. The approval of a communication system security project is requested in writing from the National Cyber and Information Security Office by a state authority, a legal entity under Section 60b or an entrepreneur who will operate it.
(3) Classified information may be handled only in a communication system meeting the conditions referred to in paragraph 2.
(4) The communication system must be approved in writing by the responsible person or a person authorized by him.
(5) the communication system of the entrepreneur, which has access to classified information at the level of security reserved, may be approved for operation only during the period of validity of the declaration of the entrepreneur; the approval of the communication system shall also cease to be operational upon the expiration of the validity of the entrepreneur's declaration.
(6) the implementing legislation provides for
the content of the application for approval of a communication system security project; and
the details of the communication system security project and the manner and conditions for its approval.
Section 35a
Handling tactical information
(1) Tactical information for the purposes of this Act means classified information with a short duration of the reason for confidentiality. Tactical information is processed in an information or communication system and protected during transmission by cryptographic protection.
(2) The protection of tactical information classified Secret may also be secured by a set of measures established on the basis of a risk assessment. The conditions for different handling of tactical information are regulated by the security standard.
Title VII
Protection of classified information when processed in electronic form in a device which is not part of an information or communication system
§ 36
(1) When processing classified information in electronic form in a device that is not part of an information or communication system, in particular in a typewriter with memory and in a device allowing the copying, recording or display of classified information or its conversion into another data format, the protection of such classified information shall be ensured.
(2) the authority of the state, a legal entity under section 60b and the entrepreneur are obliged to
issue a safety operating directive for the equipment they operate as referred to in paragraph 1; classified information can only be processed in accordance with it; and
send to the National Cyber and Information Security Authority information on the equipment referred to in paragraph 1 in force on 31 December of the calendar year by 1 February of the following calendar year at the latest.
(3) in the safety operating directive referred to in paragraph 2(a) shall be indicated for the equipment referred to in paragraph 1
a) the method of its safe operation,
operating guidelines for its users.
(4) The conditions for the safe operation of the facility referred to in paragraph 1, depending on the level of classification of the classified information processed therein and the extent of the information required under paragraph 2(b) lays down implementing legislation.
Title VIII
Cryptographic protection
Section 36a
State administration in the field of the protection of classified information under this Title shall be carried out by the National Cyber and Information Security Authority, unless this Act provides otherwise.
§ 37
(1) Cryptographic material is a cryptographic device, material to ensure its function or a cryptographic document.
(2) Cryptographic products used for cryptographic protection of classified information must be certified by the National Cyber and Information Security Authority [Section 46(1)(c)]; in the case of classified information provided by a foreign power processed in an accredited or certified information system, a cryptographic product approved by the competent authority of the foreign power which is part of an accredited or certified information system may also be used.
(3) A cryptographic workplace is a workplace designed to ensure the performance of cryptographic protection always at least in the scope of security management of cryptographic material or the production and servicing of a cryptographic device or material to ensure its function. The cryptographic workplace must meet security standards and be approved by the responsible person or the Security Director.
(4) A cryptographic workplace intended for the production or testing of material to ensure the function of a cryptographic device, or which is the central distribution and registration point of cryptographic material of a state authority, a legal entity pursuant to Section 60b or an entrepreneur, must be certified by the National Cyber and Information Security Office before being approved for operation by the responsible person or the Security Director [Section 46(1)(d)].
(5) A state authority, a legal entity under Section 60b and an entrepreneur who performs cryptographic protection must keep records of cryptographic material, cryptographic protection personnel, operating cryptographic products, cryptographic material couriers and persons handling cryptographic material under Section 42a.
Section 37a
Controlled cryptographic item
(1) A controlled cryptographic item means an unclassified device or component thereof, included in the list referred to in paragraph 3, used to protect information during processing or transmission and using cryptographic methods.
(2) A controlled cryptographic item may only be used in accordance with a security standard.
(3) At the written request of its manufacturer, importer, distributor or user, the equipment referred to in paragraph 1 or its part shall be approved by the National Office for Cyber and Information Security and included in the list of controlled cryptographic items maintained by the National Office for Cyber and Information Security, if this is in accordance with the intentions of the Czech Republic in ensuring the protection of classified information.
Section 37b
Controlled item
(1) A controlled item is a non-classified device or component thereof that is not a controlled cryptographic item.
(2) For the controlled item, the use of similar methods to protect information as for the controlled cryptographic item shall be applied.
(3) The controlled item may only be used in accordance with the security standard.
(4) At the written request of its manufacturer, importer, distributor or user, the equipment referred to in paragraph 1 or its part shall be approved by the National Cyber and Information Security Authority and included in the list of controlled items maintained by it, if this is in accordance with the intentions of the Czech Republic in the field of ensuring the protection of classified information.
§ 38
Cryptographic protection performance
(1) the performance of cryptographic protection means
a) its security administration,
(b)) special operation of the cryptographic product, or
the manufacture or servicing of a cryptographic product or material to ensure its function.
(2) the performance of cryptographic protection is carried out by a cryptographic protection worker, who is
a) to exercise cryptographic protection authorized by the responsible person or a person authorized by him,
the holder of a valid natural person's certificate and instructions; and
the holder of a certificate of specific professional competence of a cryptographic protection officer (hereinafter referred to as "certificate of specific professional competence").
§ 39
Specific competence of the cryptographic protection officer and examination of specific competence
(1) The specific professional competence of a cryptographic protection officer (hereinafter referred to as "special professional competence") includes knowledge of regulations in the field of cryptographic protection of classified information, the ability to apply them and other skills pursuant to Section 38(1). That knowledge and competence shall be verified by the National Cyber and Information Security Authority by means of a specific competence examination (hereinafter referred to as the ‘professional examination’). The professional examination shall take place before an examination board; this is not a condition for its part carried out pursuant to paragraph 3(b). The members of the Examination Board shall be appointed by the responsible person or a person authorised by him or her of the National Cyber and Information Security Authority or a State authority pursuant to paragraph 3(a). A person who has passed the professional examination shall be issued with a certificate of specific professional competence by the National Cyber and Information Security Authority or a State authority pursuant to paragraph 3(a) and shall keep records thereof. Certificates of special professional competence shall be issued for a maximum of 5 years.
(2) An application for a professional examination shall be submitted in writing by a responsible person to a state authority, a legal person pursuant to Section 60b or an entrepreneur to the National Cyber and Information Security Office or to a state authority authorised by it. The professional examination must take place within 6 months of the application. The National Cyber and Information Security Authority or a State authority designated by it shall notify in writing the person who applied for the professional examination of the date and place of the professional examination; the notification must be sent no later than 20 days before the date of the professional examination. A person who has not passed a professional examination may take it repeatedly. A repeated test may be taken no earlier than 5 working days after the date of the unsuccessful test.
(3) the National Office for Cyber and Information Security may conclude a contract with the authority of the State on the provision of activities pursuant to section 52, the subject of which is the implementation of
professional examinations and the issue of a certificate of specific professional competence; or
the parts of the professional examination relating to Section 38(1)(b) or (c) and the relevant links to Section 38(1)(a).
The contract referred to in point (b) may also be concluded by the National Cyber and Information Security Office with a legal person pursuant to Section 60b or an entrepreneur.
§ 40
Operation of a cryptographic product
(1) Operation of a cryptographic product means the performance of the user functions of a cryptographic product.
(2) the person who performs the operational operation of the cryptographic product referred to in paragraph 1, shall
be authorised by the responsible person or a person authorised by that person;
b) meet the conditions for access to classified information pursuant to Section 6(1) or Section 11(1); and
c) be trained in this service.
§ 41
Handling of cryptographic material
and controlled cryptographic item
(1) The handling of cryptographic material means the manner of carrying, transporting, lending, storing or otherwise handling it, including its disposal.
(2) Cryptographic material may be recorded and handled only in a manner and by means that ensure the protection of cryptographic material and meet the requirements laid down in the implementing legislation.
(3) A natural person who does not carry out activities pursuant to Section 38(1) may be granted access to a cryptographic document if he or she necessarily needs it to perform his or her function, work or other activities, fulfils the conditions pursuant to Section 38(2)(b) and is duly informed in a demonstrable manner in the field of cryptographic protection.
(4) The protection of cryptographic products and material to ensure their function up to the level Confidential, without the need for their storage, can be ensured in a way in which this cryptographic products and material is permanently under the supervision of their authorized user.
(5) A controlled cryptographic item and a controlled item may be recorded, operated, stored, transported, exported, controlled and distributed in a manner that ensures its protection and meets the requirements of the security standard.
§ 42
Transport of cryptographic material and export of cryptographic product
(1) The transport of cryptographic material is carried out by a courier of cryptographic material. The courier of cryptographic material is a person who
has been authorised to transport by the person responsible or by a person authorised by that person;
b) meets the conditions for access to classified information pursuant to Section 6(1) or Section 11(1), at least for the classification level of the cryptographic material being transported; and
has been trained for transport.
(2) A certified cryptographic product may be exported from the territory of the Czech Republic [Section 46(1)(c)] only on the basis of the authorisation of the National Cyber and Information Security Authority. The use of a certified cryptographic product outside the territory of the Czech Republic by a State authority shall not be considered an export.
(3) The authorisation referred to in paragraph 2 may be granted on the basis of a written request. The authorisation shall be issued for the export of a specific cryptographic product and shall include the purpose of the export. The National Cyber and Information Security Authority shall not issue a licence if the export would jeopardise classified information of the Czech Republic or classified information for which the Czech Republic has undertaken to protect; notify the applicant for authorisation in writing. There is no legal entitlement to the permit.
(4) The National Cyber and Information Security Authority shall keep a record of authorisations granted pursuant to paragraph 2.
Section 42a
Where a natural person handles cryptographic material in a manner other than that referred to in Section 38(1), Section 40, Section 41(3) or Section 42, that natural person shall be authorised to handle the cryptographic material by the responsible person or a person authorised by that person and shall comply with the conditions set out in Section 38(2)(b) and (c).
§ 43
Compromise cryptographic material
(1) Compromise of cryptographic material means the handling of cryptographic material which has caused or is likely to cause a breach of the protection of classified information.
(2) Compromise of cryptographic material is an authority of the state, a legal entity under section 60b or an entrepreneur is obliged to immediately notify the National Cyber and Information Security Office.
Section 43a
(1) The distribution and recording of cryptographic material of the Czech Republic, cryptographic material of the European Union and cryptographic material distributed on the basis of an international treaty, with the exception of cryptographic material for military purposes, is ensured by the National Cyber and Information Security Office. The distribution and recording of the North Atlantic Treaty Organization's cryptographic material and of cryptographic material for military purposes shall be carried out by the Ministry of Defence.
(2) The conditions for recording, handling and checking cryptographic material in the Czech Republic, including in particular the possibility of setting up accounts for cryptographic material in state bodies, in a legal entity pursuant to Section 60b or entrepreneurs, record keeping, control functions, obligations of holders of cryptographic material towards the National Cyber and Information Security Office or the Ministry of Defence and the provision of a courier service for cryptographic material of the European Union will adjust the security standard.
§ 44
Enabling provisions
The implementing legislation shall provide for:
a) the requirements of the application for the professional examination,
the organisation, content and manner of conducting the professional examination;
the particulars of the certificate of specific professional competence;
d) minimum requirements to ensure the security management of cryptographic protection;
e) details of ensuring the operation of the cryptographic product,
f) the method of training the operating staff of the cryptographic product and the courier of the cryptographic material and the model of the certificate of training the operating staff of the cryptographic product and the courier of the cryptographic material,
g) details of how to mark the requirements for classified information in the field of cryptographic protection, in particular according to the type of cryptographic material,
h) the types and particulars of administrative aids of cryptographic protection and the requirements for the management of such aids,
(i)detailed requirements for the manner and means of handling cryptographic material;
j) the content of the application for the granting of an authorisation for the export of a certified cryptographic product from the territory of the Czech Republic and the requirements of the authorisation;
k) the method of keeping the records referred to in Section 37(5),
the categories of cryptographic workstations, the types of activities at the cryptographic workstation and the minimum requirements for their security;
m) the conditions for the protection of the cryptographic product and material to ensure its function pursuant to Section 41(4).
Compromising radiation
§ 45
(1) The protection of classified information classified as Top Secret, Secret or Confidential against leaks compromising radiation shall be the security of electrical and electronic equipment, a secure area, a meeting area or an object.
(2) If the protection of classified information against leaks compromising radiation is secured by a shielding chamber, this chamber must be certified by the National Cyber and Information Security Office [Section 46(1)(e)].
(3) Verification of the eligibility of electrical and electronic equipment, a secure area, a meeting area or an object for protection against leakage of classified information compromising radiation shall be ensured by the National Cyber and Information Security Office when certifying an information system or cryptographic device, when approving a communication system security project or upon a reasoned written request of a state authority, a legal entity under Section 60b or an entrepreneur in connection with the protection of classified information.
(4) In order to measure the possible leakage of classified information pursuant to paragraph 3, the National Cyber and Information Security Office may conclude a contract with a state authority, a legal entity pursuant to Section 60b or an entrepreneur pursuant to Section 52 to ensure such activity.
(5) Intelligence services shall be authorised to carry out measurements of equipment, secure area, meeting area or facility referred to in paragraph 3 which are operated or used by intelligence services. In such cases, the contract shall not be concluded in accordance with Section 52. The measurement reports and measurement protocols referred to in paragraph 3 shall be deposited with the intelligence service and submitted to the National Cyber and Information Security Authority at its request.
(6) When performing the measurements referred to in paragraph 5, intelligence services are obliged to comply with the provisions of this Act, implementing legislation and security standards of the National Cyber and Information Security Authority.
Title IX
Certification
Section 45a
State administration in the field of the protection of classified information under this Title shall be carried out by the National Cyber and Information Security Authority, unless this Act provides otherwise.
§ 46
Common provisions
(1) Certification is a procedure whereby the Office or the National Office for Cyber and Information Security
verify the capability of the technical means to protect classified information;
(b)) verifies the capability of the information system to handle classified information,
verify the eligibility of the cryptographic product to protect classified information;
(d)) verifies the eligibility of the cryptographic workplace for the performance of activities pursuant to Section 37(4), or
verify the suitability of the shielding chamber to protect classified information.
(2) If the Office or the National Cyber and Information Security Office determines the competence pursuant to paragraph 1, the certificate of technical means, certificate of information system, certificate of cryptographic means, certificate of cryptographic workplace or certificate of shielding chamber shall be issued.
(3) The certificates referred to in paragraph 2 are public documents.
(4) the certificate of the technical device contains
the registration number of the certificate;
the name and type designation of the technical device;
c) the identification of the manufacturer of the technical means by the business name (hereinafter referred to as the "Company") or by the name, the identification number of the person (hereinafter referred to as the "Identification Number") and the registered office in the case of a legal person, or by the name, surname and place of permanent residence in the case of a natural person,
the identification of the holder of the certificate of the technical device referred to in point (c);
e) evaluation of the technical device,
the date of issue and the period of validity of the certificate; and
the stamp and signature of the authorised representative of the Office; the stamp of the official stamp is not required if the certificate has been issued in electronic form.
(5) the certificate of the information system, the certificate of the cryptographic device, the certificate of the cryptographic workplace and the certificate of the shielding chamber contains
the registration number of the certificate;
the identification of the holder of the certificate referred to in point (c) of paragraph 4;
the date of issue and the period of validity of the certificate; and
the official stamp of the National Cyber and Information Security Authority and the signature of an authorised representative of the National Cyber and Information Security Authority; the stamp of the official stamp is not required if the certificate has been issued in electronic form.
(6) The information system certificate shall contain, in addition to the particulars referred to in paragraph 5, the identification of the information system and the classification level of classified information for which the competence of the information system has been verified.
(7) the certificate of cryptographic device in addition to the requirements referred to in paragraph 5 contains
identification of the cryptographic product;
the identity of the manufacturer of the cryptographic product referred to in paragraph 4(c); and
the classification level of the classified information for which the capability of the cryptographic product has been approved.
(8) the certificate of the cryptographic workplace in addition to the requirements referred to in paragraph 5 contains
a) identification of the cryptographic workplace,
the scope of competence of the cryptographic workplace; and
c) the category of cryptographic workplace.
(9) the certificate of the shielding chamber in addition to the requirements referred to in paragraph 5 contains
the identification of the shielding chamber for which it is issued;
the identification of the manufacturer of the shielding chamber referred to in paragraph 4(c); and
the classification level of the classified information for which the capability of the shielding chamber has been approved.
(10) If the competence referred to in paragraph 1 is not established by the Office or the National Cyber and Information Security Authority, it shall decide not to issue a certificate. An appeal shall not be admissible against a decision not to issue a certificate pursuant to paragraph 1(b) and (c).
(11) The Office shall decide on the termination of the validity of the certificate in the cases referred to in Section 47(4)(b). The National Cyber and Information Security Authority shall decide on the expiry of the certificate in the cases referred to in Section 48(4)(d), Section 49(5)(b), Section 50(4)(d) and Section 51(4)(d). An appeal lodged against a decision of the Office or the National Cyber and Information Security Authority on the expiry of a certificate shall not have suspensive effect. An appeal shall not be admissible against a decision of the National Cyber and Information Security Authority on the expiry of an information system certificate and a cryptographic device certificate.
(12) If a certificate that has not been issued in electronic form has expired pursuant to Section 48(4)(b) and (d), Section 49(5)(b), Section 50(4)(b) and (d) or Section 51(4)(b) and (d), the certificate holder is obliged to submit the certificate to the National Cyber and Information Security Authority within 5 days from the date of receipt of the notification by the National Cyber and Information Security Authority. If a certificate that has not been issued in electronic form has expired pursuant to Section 47(4)(b), the certificate holder is obliged to surrender the certificate to the Office within 5 days from the date of delivery of the notification to the Office.
(13) The certificate of an information system, cryptographic product, cryptographic workplace or shielding chamber shall be accompanied by a certification report containing the principles and conditions for their operation. The conditions of use of the technical device may be laid down in an annex to the certificate.
(14) The Office verifies the capability of a technical device pursuant to paragraph 1(a) on the basis of an assessment of the properties of the technical device (hereinafter referred to as the "assessment"). In order to issue an opinion pursuant to the first sentence, the Office may conclude a contract with an authority of the State, a legal person pursuant to Section 60b or an entrepreneur pursuant to Section 52 on the provision of activities.
(15) In order to perform sub-tasks in the verification of competence pursuant to paragraph 1(b) to (e), the National Cyber and Information Security Authority may conclude a contract with a state authority, a legal person pursuant to Section 60b or an entrepreneur pursuant to Section 52 for the provision of such activities; this shall not apply in the case of verification of the competence of an information system, cryptographic product or workplace or shielding chamber to be operated by intelligence services.
(16) A list of state authorities, legal persons pursuant to Section 60b and entrepreneurs with whom a contract is concluded pursuant to Section 52, with the exception of intelligence services, is published by the Office and the National Cyber and Information Security Office in the relevant gazette or on its website.
(17) Those intelligence services shall be authorised to perform sub-tasks for the verification of competence referred to in points (b) to (e) of paragraph 1 which, for reasons of confidentiality, cannot be performed by the National Cyber and Information Security Authority in the case of an information system, a cryptographic product, a cryptographic site or a shielding chamber to be operated by intelligence services. In such cases, the intelligence services shall submit to the National Cyber and Information Security Authority the results of the execution of the sub-tasks and, at the request of the National Cyber and Information Security Authority, the reports on the execution of the sub-tasks for inspection.
(18) When performing the sub-tasks referred to in paragraph 17, intelligence services are obliged to comply with the provisions of this Act, implementing legislation and security standards of the National Cyber and Information Security Authority.
(19) An applicant under Section 47(1), Section 48(1), Section 49(1), Section 50(1) and Section 51(1) is a party to proceedings for certification or revocation of a certificate.
§ 47
Application for certification of a technical device and validity of a certificate of a technical device
(1) A manufacturer, importer, distributor or user of a technical device shall apply for certification of a technical device in writing to the Office. The application shall be accompanied by the opinion referred to in Section 46(14) and the documentation necessary to carry out the certification of the technical device.
(2) The period of validity of the certificate of technical means shall be determined by the Office for a maximum period of 5 years.
(3) The list of certified technical means, in addition to the technical means certified at the request of the user of the technical means, is published on the website of the Office.
(4) the validity of the certificate of the technical device expires
the expiry of its period of validity; or
b) a decision of the Office on the expiry of the certificate if the manufactured technical device does not meet the requirements of this Act and implementing legislation or is not in conformity with the assessed technical device.
(5) If the certificate of a technical device has expired pursuant to paragraph 4, the Office shall remove the technical device from the list published pursuant to paragraph 3.
(6) The technical means used to protect classified information may continue to be used after the expiry of its certificate.
(7) When certifying a technical device, the Office may take into account a certificate or similar technical device document issued by an authorized workplace of a foreign power.
§ 48
Application for certification of an information system and validity of an information system certificate
(1) The certification of an information system is requested in writing from the National Cyber and Information Security Office by a state authority, a legal entity pursuant to Section 60b or an entrepreneur who will operate the information system.
(2) A person who has applied for the certification of an information system pursuant to paragraph 1 shall, at the request of the National Cyber and Information Security Authority, submit the documentation necessary to carry out the certification in the course of the certification.
(3) The period of validity of the certificate of the information system shall be determined by the National Cyber and Information Security Authority. Validity of the information system certificate is for the classification level
a) Top Secret, Secret and Confidential for a maximum of 3 years; and
b) Reserved for a maximum of 5 years.
(4) the validity of the certificate of the information system expires
the expiry of its period of validity;
b) in the case of an information system for handling classified information at the level of Confidential or higher expiration of the validity of the certificate of the entrepreneur,
c) the dissolution of a state authority or the dissolution of a legal person pursuant to Section 60b,
a decision of the National Cyber and Information Security Authority on the expiry of the certificate if the information system has ceased to be capable of handling classified information; or
e) by notifying an authority of the state, a legal person pursuant to Section 60b or an entrepreneur holding a certificate about the cancellation of the information system.
(5) If the information system is to be used immediately after the expiry of its certificate, the applicant is required under paragraph 1 to apply to the National Cyber and Information Security Office for certification of the information system. The repeated request shall be delivered to the National Cyber and Information Security Authority at least 6 months before the expiry date of the original certificate of the information system.
(6) The National Cyber and Information Security Authority is obliged to decide on the certification of the information system within 1 year from the start of the certification procedure, in particularly complex cases within 2 years; if, due to the nature of the case, it cannot be decided within that period, the Director of the National Cyber and Information Security Authority may extend it by a reasonable period of time, up to a maximum of 6 months.
§ 49
Application for certification of a cryptographic product and validity of a cryptographic product certificate
(1) The certification of a cryptographic product shall be requested in writing from the National Cyber and Information Security Authority by the manufacturer, importer, distributor or user of the cryptographic product. If an entrepreneur applies for certification of a cryptographic product, the entrepreneur must hold a valid certificate for access to classified information pursuant to Section 20(1)(a).
(2) The National Cyber and Information Security Authority shall reject the request referred to in paragraph 1 by decision if it is not in accordance with the intentions of the Czech Republic in the field of ensuring the protection of classified information by cryptographic protection. An appeal against a decision under the first sentence shall not be admissible nor may it be reviewed by a court.
(3) A person who has applied for the certification of a cryptographic product pursuant to paragraph 1 shall, at the request of the National Cyber and Information Security Authority, submit the cryptographic product in the number and documentation necessary to carry out the certification.
(4) The period of validity of the certificate of cryptographic product shall be determined by the National Cyber and Information Security Authority for a maximum period of 5 years.
(5) the validity of the certificate of cryptographic device expires
the expiry of its period of validity; or
a decision of the National Cyber and Information Security Authority on the expiry of the certificate if the cryptographic product has ceased to be capable of protecting classified information.
(6) If a cryptographic product is to be used immediately after the expiry of its certificate, the applicant shall, pursuant to paragraph 1, apply to the National Cyber and Information Security Authority for certification of the cryptographic product. The repeated application shall be delivered to the National Cyber and Information Security Authority at least 6 months before the expiry date of the original certificate of the cryptographic product.
(7) When certifying a cryptographic product, the National Cyber and Information Security Authority may take into account a certificate or similar document of the cryptographic product issued by an authorized office of a foreign power.
(8) The procedure for certification of a cryptographic product may also be interrupted at the same time as sending a request to a foreign entity for information necessary for reliable determination of the state of affairs.
(9) When certifying a cryptographic product, the National Cyber and Information Security Authority may determine its capability to protect tactical information.
(10) Section 48(6) shall apply to the time limits for issuing a decision.
§ 50
Application for certification of a cryptographic workplace and validity of a certificate of a cryptographic workplace
(1) The certification of a cryptographic workplace is requested in writing at the National Cyber and Information Security Office by a state authority, a legal entity pursuant to Section 60b or an entrepreneur at whom the cryptographic workplace is to be operated. If an entrepreneur applies for certification of a cryptographic workplace, he/she must hold a valid certificate of the entrepreneur.
(2) A person who has applied for certification of a cryptographic site pursuant to paragraph 1 shall, at the request of the National Cyber and Information Security Authority, submit the documentation necessary to perform the certification in the course of the certification.
(3) The period of validity of the certificate of cryptographic workplace shall be determined by the National Office for Cyber and Information Security for a maximum period of 3 years.
(4) the validity of the certificate of the cryptographic workplace expires
the expiry of its period of validity;
b) the expiration of the validity of the certificate of the entrepreneur,
c) the dissolution of a state authority or the dissolution of a legal person pursuant to Section 60b,
d) the decision of the National Cyber and Information Security Authority on the expiry of the certificate, if the cryptographic workplace ceased to be eligible for carrying out the specified activities, or
e) by notifying an authority of the state, a legal entity pursuant to Section 60b or an entrepreneur holding a certificate about the cancellation of a cryptographic workplace.
(5) If a cryptographic workplace is to be used immediately after the expiry of its certificate, the applicant is required under paragraph 1 to apply to the National Cyber and Information Security Office for certification of the cryptographic workplace. The repeated application must be delivered to the National Cyber and Information Security Authority at least 6 months before the expiry date of the original certificate of the cryptographic workplace.
(6) The National Cyber and Information Security Authority is obliged to decide on the certification of a cryptographic site within 6 months of the commencement of the certification procedure, in particularly complex cases within 1 year; if, due to the nature of the case, it cannot be decided within this period, the Director of the National Cyber and Information Security Authority may extend it by a reasonable period of time, up to a maximum of 3 months.
§ 51
Application for certification of the shielding chamber and validity of the shielding chamber certificate
(1) The certification of the shielding chamber is requested in writing at the National Cyber and Information Security Office by a state authority, a legal entity pursuant to Section 60b or an entrepreneur to whom the shielding chamber is used.
(2) A person who has applied for the certification of a shielding chamber pursuant to paragraph 1 shall, at the request of the National Cyber and Information Security Authority, submit the documentation necessary to carry out the certification during the certification.
(3) The period of validity of the shielding chamber certificate shall be determined by the National Cyber and Information Security Office for a maximum period of 5 years.
(4) the validity of the shielding chamber certificate expires
the expiry of its period of validity;
b) the expiration of the validity of the certificate of the entrepreneur,
c) the dissolution of a state authority or the dissolution of a legal person under section 60b, or
d) the decision of the National Cyber and Information Security Authority on the expiry of the certificate, if the shielding chamber ceased to be eligible for the protection of classified information.
(5) If the shielding chamber is to be used immediately after the expiry of its certificate, the applicant shall, pursuant to paragraph 1, apply to the National Cyber and Information Security Authority for certification of the shielding chamber. The repeated application must be delivered to the National Cyber and Information Security Authority at least 12 months before the expiry date of the original shielding chamber certificate.
(6) Section 50(6) shall apply to the time limits for issuing a decision.
§ 52
Contract for the provision of activities
(1) The contract for the provision of activities (hereinafter referred to as "the contract") referred to in Section 39(3), Section 45(4) and Section 46(14) and (15) shall be concluded for a fixed or indefinite period. The contract must be in writing. The declaration of intent of the parties to the contract must be on the same list.
(2) a contract may be concluded with an authority of the state, a legal person under section 60b or an entrepreneur on the basis of their written request, and only if the activities that are the subject of the contract,
a) carried out by professionally qualified employees of the state, legal persons under section 60b or entrepreneurs,
b) secured with a state authority, a legal person pursuant to Section 60b or an entrepreneur organizationally, technically and materially.
(3) the contract with the entrepreneur can be further concluded only if it is
a) its registered office in the territory of the Czech Republic,
the holder of a valid entrepreneur's certificate at the relevant security classification level; this condition does not apply if a contract for the issue of an opinion referred to in Section 46(14) and (15) is to be concluded.
(4) the contract must contain
a) identification of the parties to the contract,
b) the definition of the subject matter of the contract and its scope,
the rights and obligations of the parties to the contract;
the method of control carried out by the Office or the National Cyber and Information Security Authority pursuant to paragraph 6;
e) the manner and conditions of withdrawal of the participants from the contract,
f) consent to the publication of the technical means on the website of the Office, in the case of a contract to issue an opinion referred to in Section 46(14).
(5) The conditions referred to in paragraph 4(e) must also provide that the Office or the National Cyber and Information Security Office shall withdraw from the contract in the event that the other party to the contract breaches the obligation laid down in this Act, implementing legislation or concluded contract.
(6) The Office or the National Cyber and Information Security Office shall check whether the other party to the contract complies with the provisions of this Act, the implementing legislation and the contract concluded.
(7) The content of the contract may be changed only by written agreement of the parties to the contract.
(8) The contract may be terminated only in writing.
(9) Unless otherwise provided for in this Act, the provisions of the Civil Code shall apply mutatis mutandis to the others.
§ 53
Enabling provisions
The implementing legislation shall provide for:
the details of the application for the certification of a technical device, the documentation necessary to carry out the certification of a technical device, the rules for determining the period of validity of a certificate of a technical device, the rules and method of use of a technical device after the expiry of its certificate and the model certificate of a technical device;
the particulars of the application and repeated application for the certification of an information system, the certification of a cryptographic product, the certification of a cryptographic site and the certification of a shielding chamber, and the documentation necessary to carry out the certification of an information system, the certification of a cryptographic product, the certification of a cryptographic site and the certification of a shielding chamber;
the method and conditions for carrying out certification or accreditation; the information system, the certification of the cryptographic product, the certification of the cryptographic workplace and the certification of the shielding chamber and their repetition, and the content of the certification report pursuant to Section 46(13);
d) templates of the certificate of the information system, the certificate of the cryptographic device, the certificate of the cryptographic workplace and the certificate of the shielding chamber,
the details of the application for verification of the eligibility of electrical and electronic equipment, a secure area or an object to protect against leakage of classified information compromising radiation and the method for evaluating its eligibility; and
f) the requirements of the application of the authority of the State, a legal person pursuant to Section 60b or an entrepreneur for the conclusion of a contract pursuant to Section 52.
Title X
Certificate of natural person, certificate of entrepreneur, special access and non-disclosure
Certificate of natural person and certificate of entrepreneur
§ 54
(1) Certificates of natural persons and certificates of entrepreneurs are public documents.
(2) the certificate of the natural person contains
a) first name, surname, maiden name,
the day, month, year and place of birth;
(c)) nationality,
an indication of the highest classification level of the classified information for which access is authorised by the natural person's certificate;
the date of issue and the period of validity; and
the stamp and signature of the authorised representative of the Office.
(3) the certificate of the entrepreneur contains
a) identification of the entrepreneur by the company or name and identification number, in the case of a legal person, and name and surname or by the company and identification number, in the case of a natural person,
b) an indication of the highest classification level of classified information, for access to which the certificate of the entrepreneur entitles,
c) the form of access under section 20,
the date of issue and the period of validity; and
the stamp and signature of the authorised representative of the Office.
(4) In the event of a change in some of the information contained in the certificate of a natural person or in the certificate of an entrepreneur, the Office shall immediately issue a new certificate of a natural person or a new certificate of an entrepreneur. Access to classified information shall not be affected until a new certificate has been received.
§ 55
The validity of the certificate of the natural person and the certificate of the entrepreneur is for the classification level
a) Top secret 5 years; and
Secret and Confidential for 10 years.
§ 56
(1) the validity of the certificate of a natural person or the certificate of the entrepreneur expires
the expiry of its period of validity;
b) the date of enforceability of the decision of the Office (Section 123(3), Section 126(4)) revoking its validity,
c) death of a natural person, or if declared dead,
d) the dissolution or dissolution of the entrepreneur,
e) by announcing its theft or loss,
f) by reporting such damage that the entries referred to therein are illegible or its integrity is violated,
g) in the case of a certificate of a natural person issued by the Office
1. the establishment of the service relationship of a member of the intelligence service,
2. transfer of a member of the security corps to a post in the Security Information Service or the Office for Foreign Relations and Information,
3. the service assignment of a soldier to a service position in the Military Intelligence,
4. the establishment of an employment relationship of an employee assigned to the intelligence service, or
5. the date on which a natural person becomes a person referred to in Section 141(1),
h) in the case of a certificate of a natural person issued by the relevant intelligence service
1. termination of service of a member of the intelligence service,
2. transfer of a member of the Security Information Service or the Office for Foreign Relations and Information to a post in another security corps,
3. the assignment of a member of the Military Intelligence to a post outside this intelligence service, or
4. the termination of the basic employment relationship of an employee assigned to the intelligence service,
in the case of a certificate of a natural person issued by the Ministry of the Interior, on the date on which the natural person ceases to be a person referred to in Section 141(1);
j) return by its holder to the person who issued it,
k) the date of delivery of the new certificate of the natural person, or
l) the date of delivery of the new certificate of the entrepreneur for the same form of access of the entrepreneur to classified information.
(2) Upon expiration of the validity of the certificate of the entrepreneur pursuant to paragraph 1 (a), (b), (d) or (j), the entrepreneur is obliged to surrender the classified information provided to him, to the person who provided it or to whose area of material competence he belongs; if it is not possible to do so, it is obliged to hand it over to the Office. Classified information generated by the entrepreneur is obliged to hand over the classified information to the authority of the State in whose area of material competence the classified information belongs, if it is not, to the Office. The surrender and transmission of classified information pursuant to this paragraph shall be carried out by the entrepreneur immediately after the expiration of the validity of the entrepreneur's certificate.
(3) When the certificate of a natural person referred to in paragraph 1 (a), (b) or (j) expires, the responsible person or the person who provided the instruction shall ensure that this natural person does not have access to classified information. In the event of the expiry of the certificate of a natural person pursuant to paragraph 1(j) and (m), the Office shall notify its responsible person in writing of the expiry of the certificate of a natural person; The Office shall do the same in the event of the expiry of a natural person's certificate referred to in paragraph 1(k) in respect of a natural person's certificate issued for a lower classification level.
(4) If the holder of a certificate of a natural person or entrepreneur within 15 days from the date of expiry of its validity pursuant to paragraph 1(e) or (f) applies in writing to the Office for the issue of a new certificate, the access of a natural person or entrepreneur to classified information is not affected by the expiry of the original certificate; Within 5 days of receipt of the application, the Office shall issue a new certificate replacing the original one. If no application is submitted in accordance with the first sentence, the Office shall proceed in accordance with the second sentence of paragraph 3.
(5) In the event of the expiry of the certificate of a natural person referred to in paragraph 1(k), access to classified information shall not be affected if the natural person is informed within 15 days from the date of such expiry.
Section 56a
(1) In the event of termination of validity of the certificate of a natural person pursuant to Section 56(1)(g), the competent intelligence service or the Ministry of the Interior shall issue a new certificate to that natural person, which shall replace the original certificate, on the date of the establishment of his service or employment relationship or on the date on which that natural person became a person referred to in Section 141(1).
(2) In the event of termination of the validity of the certificate of a natural person pursuant to Section 56(1)(h) and (i), it shall issue to that natural person a new certificate, which replaces the original certificate,
a) the relevant intelligence service, on the date on which the natural person has established the service relationship of a member of the intelligence service or the basic employment relationship of an employee assigned to the intelligence service,
b) the Ministry of the Interior, on the date on which that natural person became a person referred to in Section 141(1), or
the Office in other cases, on the day following the date of expiry of the original certificate. The Office shall issue a new certificate of a natural person on the basis of a written request of that natural person within 5 days from the date of delivery of the request. An application for a new certificate of a natural person may be submitted within 30 days from the date of expiry of the original certificate; the request must be accompanied by a certificate from the competent intelligence service or the Ministry of the Interior pursuant to paragraph 3.
(3) The competent intelligence service or the Ministry of the Interior shall, in the case of a procedure under paragraph 2(c), confirm the expiration of the validity of the certificate of a natural person upon the request of that natural person, within 5 days from the date of receipt of the request. The certificate shall identify the authority of the State which issued the original certificate of the natural person, the information referred to in Section 54(2)(a) to (e) and the date of expiry of the certificate.
(4) The authority of the State which issued the new certificate of a natural person shall request in writing the security bond of that person from the authority of the State which issued the original certificate; the security file shall be transmitted within 5 days of the date of receipt of this request.
§ 57
Certificate of natural person for foreign power and certificate of entrepreneur for foreign power
(1) If a natural person or entrepreneur is to have access to classified information of a foreign power, he must meet the conditions under Section 11 or 15 (b), and if so required by a foreign power, he must also hold a certificate for a foreign power.
(2) If it is in accordance with the security and economic interests of the Czech Republic and with the obligations arising for the Czech Republic from an international agreement and if the person is not in the process of revoking the validity of the certificate of a natural person or the certificate of an entrepreneur, the Office shall, on the basis of a written reasoned request of the holder of a valid certificate of a natural person or a valid certificate of an entrepreneur, issue
a) certification of a natural person for foreign power, or
b) Entrepreneur's certificate for foreign power.
(3) If an application pursuant to paragraph 2 is submitted at the same time as an application pursuant to Section 94 or 96 or during the proceedings pursuant to Part Four on such application, the Office shall proceed pursuant to paragraph 2 immediately after issuing the certificate of a natural person or the certificate of an entrepreneur.
(4) The certificate referred to in paragraph 2 is an authentic instrument.
(5) The certificate referred to in paragraph 2 shall contain the particulars referred to in Section 54, with the indication of the highest classification level of classified information for access to which this certificate entitles, including an abbreviation within the meaning of Section 21(2).
(6) The certificate referred to in paragraph 2 confirms that its holder has been subject to a security procedure pursuant to Part Four and holds a valid certificate of a natural person or a certificate of an entrepreneur of a given classification level; in the case of an entrepreneur’s certificate, it also confirms the forms of access by the entrepreneur to classified information pursuant to Section 20.
(7) The certificate referred to in paragraph 2 shall be issued for the period necessary, but no longer than the period for which the certificate of a natural person or the certificate of an entrepreneur is issued.
(8) the certificate referred to in paragraph 2 expires
a) by the termination of the validity of the certificate of a natural person or the certificate of an entrepreneur, unless the termination is pursuant to Section 56(1)(e) or (f) and the natural person or entrepreneur has requested the issue of a new certificate within 15 days (Section 56(4)), or
b) for the reasons set out in Section 56(1)(a), (e), (f) or (j).
(9) The validity of the certificate referred to in paragraph 2 shall not expire on the grounds referred to in Section 56(1)(a) until the decision on the application pursuant to Section 94(3) or Section 96(3), but no longer than 12 months after the expiry of the certificate, if the application was submitted at the time when the state of war was declared or, for the whole territory of the Czech Republic, the state of emergency or state of danger (hereinafter referred to as the ‘state of crisis’), or if the state of crisis was declared during the procedure on this application
(10) In the event of a change in any of the particulars contained in the certificate referred to in paragraph 2, the Office shall issue a new certificate as referred to in paragraph 2 without delay. The Office shall also issue the certificate referred to in paragraph 2 within 5 days if the holder of that certificate applies for a new certificate within 15 days from the date of its expiry pursuant to Section 56(1)(e) or (f). Access to classified information of a foreign power shall not be affected until receipt of the new certificate referred to in paragraph 2.
(11) the holder of the certificate referred to in paragraph 2 is obliged to surrender them within 15 days to the Office, if the
a) the validity of the certificate of a natural person or the certificate of an entrepreneur pursuant to Section 56(1)(b) or (g) to (l),
b) the validity of the certificate of a natural person or the certificate of an entrepreneur pursuant to Section 56(1)(e) and (f) and, as a result, access to classified information has ceased;
its validity on the grounds set out in Section 56(1)(f), or
its validity upon receipt of the new certificate referred to in paragraph 2 in connection with the procedure referred to in paragraph 8.
(12) On the basis of a reasoned written request of a legal person pursuant to Section 60b, the Office shall, if required by its foreign partner or foreign power, issue a temporary confirmation of the extent of protection of classified information secured pursuant to Section 5 for a legal person pursuant to Section 60b. Before issuing a certificate, the Office shall, to the extent necessary, verify compliance with the conditions of this Act.
Specific access to classified information
§ 58
(1) persons who have access to classified information of all classification levels without a valid certificate of a natural person and instruction, are
a) the President of the Republic,
Members and Senators of Parliament;
c) members of the Government,
d) ombudsman, ombudsman of children's rights and their representatives,
Judges; and
the President, the Vice-President and the members of the Supreme Audit Office.
(2) The persons referred to in paragraph 1 shall have access to classified information from the date of their election or appointment for the duration of their duties and to the extent necessary for their performance.
(3) Access to classified information without a valid certificate of a natural person may be granted to a natural person acting for the benefit of an intelligence service24), the informant25) or a natural person who is granted special or short-term protection under a special legal regulation26), or a member of the intelligence service, which is included in the special reserve27) or assigned to a special disposition58) That person shall be instructed by the person who gives him or her access to the classified information. Such a person may be granted access to classified information of a foreign power only in accordance with the requirements of that foreign power.
(4) Special legislation28) determine which natural persons, and under what conditions, have access to classified information without a valid natural person’s certificate in criminal proceedings, civil judicial proceedings, administrative proceedings and administrative judicial proceedings, to the extent necessary for the exercise of their rights and the fulfilment of their obligations in those proceedings. In such cases, access to classified information may be granted only on the basis of the information referred to in paragraph 5.
(5) the information referred to in § 2 (b). (i)) in the case of persons referred to in paragraph 4 shall be carried out by the one about which it is provided for by a special legal regulation28). The instruction shall be carried out in the manner specified in Section 9(1), mutatis mutandis; the information must also contain the file reference of the subject matter of the proceedings and the information that data on persons who have access to classified information pursuant to paragraph 4 are registered by the Office and may be used in the manner laid down in this Act.
(6) The persons referred to in paragraphs 1 and 4 shall not have access to classified information of a foreign power, unless they are the President of the Republic, a Member of Parliament and a Senator, a member of the Government and a judge deciding on cases where classified information of a foreign power is handled, who must be informed, prior to the first access to classified information of a foreign power, of the rights and obligations in the field of the protection of classified information of a foreign power. In criminal proceedings, jurors adjudicating in cases where classified information of a foreign power is handled, the accused, the person involved, the injured party, their legal representative, guardian, agent, confidant, lawyer, expert and interpreter shall also have access to classified information of a foreign power, subject to the prior consent of the foreign power, to the extent necessary for the exercise of their rights and the fulfilment of their obligations in such proceedings. Prior to first access to classified information of a foreign power in proceedings, the persons referred to in the second sentence shall be informed, in accordance with the procedure referred to in paragraph 5, of the rights and obligations relating to the protection of classified information of a foreign power. The instruction shall be given in the pre-trial proceedings by the police authority or the public prosecutor and in the proceedings before the court by the President of the Chamber. The instruction shall be signed by the natural person and by the person who carried out the instruction; the person who carried out the instruction shall forward one copy of the instruction to the natural person, enter one copy in the file and send a copy to the Office; a copy of the instructions may also be sent to the Office electronically.
Section 58a
(1) persons who have access to classified information at the level reserved without valid notification for the duration of the service or employment relationship and to the extent necessary for its performance, are
a) members of the security forces,
civil servants;
active-duty soldiers; and
d) public prosecutors,
if they are informed and assigned on the spot or perform a function in which it is necessary to have access to classified information and which is listed in the overview pursuant to Section 69(1)(b).
(2) In order to inform the persons referred to in paragraph 1, Section 9(1) shall apply mutatis mutandis.
(3) In the event of termination of the service or employment relationship or in the event of a change in the service office of natural persons referred to in paragraph 1, the natural person shall be deemed not to have been informed, and in the event that he had access to classified information, the procedure referred to in Section 11a shall continue.
Section 58b
(1) An intelligence service may grant access to classified information to a natural person who does not hold a natural person's certificate or does not have access to restricted classified information, or to an entrepreneur who does not hold an entrepreneur's certificate or does not have access to restricted classified information, if necessary
a) for the performance of an obligation imposed on that natural person or entrepreneur by another legal regulation, or
in the context of intelligence operations.
(2) In the case of access to classified information pursuant to paragraph 1, the procedure pursuant to Section 60(2) to (6) shall apply mutatis mutandis.
Section 58c
(1) The police may allow access to classified information to a natural person who does not hold a certificate of a natural person or does not have access to classified information classified at the level reserved, if this is necessary for the performance of an obligation imposed on that natural person by another legal regulation in connection with the performance of the tasks of the police in the field of providing special protection and assistance59), short-term protection, ensuring the safety of protected objects and premises and designated persons60) and carrying out surveillance of persons and objects61). The procedure referred to in the first sentence shall not apply in the case of access to classified information of a foreign power and classified information classified at the level Top Secret.
(2) In the case of access to classified information pursuant to paragraph 1, the procedure pursuant to Section 60(2) to (5) shall apply mutatis mutandis, provided that neither the written record nor the instruction shall be sent to the Office, but shall be deposited with the police.
§ 59
One-time access to classified information
(1) On the basis of a written request of the responsible person, the Office may, in exceptional and justified cases, give consent to one-off access to classified information with a classification level one higher than that for which a valid certificate of a natural person or a certificate of an entrepreneur is issued, for a period of time strictly necessary, but not longer than 6 months.
(2) The consent referred to in paragraph 1 may be issued to an entrepreneur only for access to classified information pursuant to Section 20(1)(b).
(3) Consent to one-off access pursuant to paragraph 1 may be given by the Director of the relevant intelligence service for intelligence officers and, in the cases of police officers pursuant to Section 141(1), by the Minister of the Interior, on the basis of a written request from the relevant service officer.
(4) the request referred to in paragraph 1 shall contain
the justification for the one-off approach;
an indication of the area of classified information to which one-off access is to be granted;
c) a copy of the certificate of the natural person or the certificate of the entrepreneur,
the required one-time access time; and
e) in the case of an entrepreneur, the written consent of the provider of classified information to the issuance of consent pursuant to paragraph 1.
(5) The Office shall issue the consent referred to in paragraph 1 without delay, no later than 5 days from the date of delivery of the request. A person responsible or a person authorised by him who, after obtaining the consent of the Office, grants a natural person access to classified information pursuant to paragraphs 1 or 3 shall instruct him or her.
(6) The granting of consent for one-time access to classified information is not a legal right and can only be granted once to the same person.
(7) For classified information of a foreign power, one-time access may be granted only in accordance with the requirements of that foreign power.
Section 59a
(1) on the basis of a written request of the responsible person, the Office may in exceptional
and, in justified cases, to give consent to access to classified information classified up to two above the level for which a valid certificate of a natural person is issued, namely a person serving in a police authority, a public prosecutor as a law enforcement authority or a public prosecutor performing tasks in criminal proceedings under another legal regulation62), unless the person is subject to a procedure for revocation of the certificate of a natural person.
(2) The request referred to in paragraph 1 for a person working in a police authority must be accompanied by the consent of the public prosecutor, who supervises the observance of the lawfulness in the pre-trial proceedings, and in the case of classified information classified at the level of the Top Secret must also be accompanied by the consent of the chief public prosecutor of the closest higher public prosecutor's office.
(3) The request referred to in paragraph 1 for the public prosecutor in the case of classified information classified at the level Top Secret must be accompanied by the consent of the head of the public prosecutor closest to the higher public prosecutor's office, with the exception of the public prosecutor working at the Supreme Public Prosecutor's Office.
(4) the request referred to in paragraph 1 shall contain
a) justification of access,
an indication of the classified information to which access consent is to be given;
c) file reference of the case, which is the subject of criminal proceedings, and
a copy of the certificate of the natural person to whom the consent referred to in paragraph 1 is to be given.
(5) The Office shall issue the consent referred to in paragraph 1 without delay, no later than 5 days from the date of delivery of the request, and only for the period necessary for the participation of a natural person in criminal proceedings.
(6) The person responsible or a person authorised by him shall instruct the natural person and ensure that a written record of his instruction is entered in the criminal file and that a copy of the instruction is sent within 30 days of the date of the instruction to the Office; a copy of the instructions may also be sent to the Office electronically.
(7) The consent referred to in paragraph 1 shall expire on the day following the day on which the natural person's participation in criminal proceedings ceased, but at the latest on the day on which the natural person's certificate ceased to be valid pursuant to Section 56(1).
(8) For classified information of a foreign power, the consent referred to in paragraph 1 may be issued only in accordance with the requirements of that foreign power.
§ 60
(1) A natural person who does not have access to restricted classified information, or does not hold a certificate of a natural person of the necessary classification level, or an entrepreneur who does not have access to restricted classified information, or does not hold a certificate of an entrepreneur of the necessary classification level, may be granted access to classified information if he performs tasks in a period of increasing international tension or in the context of the participation of the Czech Republic in armed conflict abroad, in rescue or humanitarian action abroad or in the context of a declared state of war, state of threat to the state of the state, state of emergency, state of danger20) or the state of cyber danger.
(2) Access by a natural person pursuant to paragraph 1 may be granted only if there are no doubts as to the trustworthiness of the natural person and his ability to conceal information.
(3) In the case of access pursuant to paragraph 1, the responsible person is obliged to ensure the instruction of the natural person. Where there is a risk of delay or due to other urgency and importance of a particular task, the instruction may be replaced by an oral acquaintance of the natural person with his or her duties in the field of protection of classified information and with the consequences of breaching them.
(4) A written record of access pursuant to paragraph 1 shall be drawn up by the responsible person or a person authorised by him. That written record, together with the information, shall be sent without delay by the person responsible or by a person authorised by him to the Office; if the instruction has been replaced by oral acquaintance in accordance with the second sentence of paragraph 3, this fact shall be stated in the written record. Where access pursuant to paragraph 1 is granted by an intelligence service, the written record referred to in the first sentence and in the second part of the second sentence after the semicolon and the instructions shall not be sent to the Office but shall be deposited with the competent intelligence service.
(5) If an entrepreneur is granted access to classified information pursuant to paragraph 1, his responsible person is obliged to process a written record of access, which he shall immediately send to the Office.
(6) In emergency situations, access to classified information of a foreign power may be granted only in accordance with the requirements of that foreign power.
Section 60a
The holder of a natural person’s or entrepreneur’s certificate is entitled, if the certificate has expired for the reason referred to in Section 56(1)(a), to have access to classified information up to the level of classification and, in the case of an entrepreneur, in the form of access corresponding to the existing certificate, until the decision on the application has been taken pursuant to Section 94(3) or Section 96(3), but no later than 12 months after the expiry of the certificate, if the application was submitted at the time when the state of crisis was declared or if the state of crisis was declared during the procedure for that application.
Section 60b
(1) Access to classified information may be granted to a legal person who is not an entrepreneur under this Act and necessarily needs it for the performance of its main activity.
(2) The legal person referred to in paragraph 1 shall ensure the protection of classified information and fulfil the obligations under this Act in a manner similar to that of an authority of the State.
§ 61
(1) Access to classified information pursuant to Section 58b, one-time access pursuant to Section 59 and access by an entrepreneur pursuant to Section 60 shall not be allowed to classified information classified at the level of Top Secret or classified information subject to a special handling regime.
(2) Access to classified information pursuant to Section 60 to classified information classified at the level of the Top Secret may be granted to a natural person on condition that the natural person holds a valid certificate for access to classified information classified at the level of the Secret and is informed.
§ 62
Recognition of a security authorisation issued by an authority of a foreign power
(1) The Office may recognise a security authorisation issued by an office of a foreign power competent for the protection of classified information (hereinafter referred to as a "security authorisation") if an international agreement is concluded in the field of the protection of classified information by which the Czech Republic is bound. The Office may also recognise security authorisations if recognition is in accordance with the foreign policy and security interests of the Czech Republic; there is no legal entitlement to such recognition. In the procedure referred to in the first and second sentences, the Office may request the written opinion of the Ministry of Foreign Affairs and the relevant intelligence services; If the Office does not receive the requested opinion within 30 days from the date of receipt of the request for such opinion, the opinion shall be positive.
(2) The recognition referred to in paragraph 1 shall be carried out by the Office at the request of the security authorisation holder. An application may also be made through an office of a foreign power competent for the protection of classified information; in such a case, the time limits referred to in paragraph 4 shall run from the date on which the request reaches the Office.
The application shall contain:
a) for a non-entrepreneurial natural person
1. the name(s) and surname(s) of the security authorisation holder;
2. the date and place of birth of the security authorisation holder;
3. the nationality of the holder of the security authorisation,
4. the reason for the recognition referred to in paragraph 1;
5. the period for which recognition is to be carried out; and
6. the signature of the holder of the security authorisation or of an official of a foreign authority competent for the protection of classified information and the address to which the recognition referred to in paragraph 1 is to be delivered; and
(b)) for other holders of security authorisations
1. name, identification number, if assigned, and registered office in the case of a legal person, or first name and surname or registered office, identification number, if assigned, and registered office or place of permanent residence in the case of a natural person,
2. the reason why the recognition referred to in paragraph 1 is to be carried out,
3. the form of access by the holder of a security authorisation to classified information and the form of access corresponding to the form of access pursuant to Section 20(1) for which recognition is sought;
4. the period for which recognition is to be granted; and
5. the signature of the holder of the security authorisation or the signature of an official of a foreign authority competent for the protection of classified information and the address to which the recognition referred to in paragraph 1 is to be delivered.
(3) The request referred to in paragraph 2 shall be accompanied by an official translation of the security authorisation or a certified copy thereof; such documents shall not be required where the application is made through an authority of a foreign power competent for the protection of classified information, provided that such authority confirms, on the application or in a certificate attached to the application, that the applicant is in possession of the relevant security authorisation.
(4) The recognition referred to in the first sentence of paragraph 1 shall be sent by the Office to the holder of the security authorisation within 10 days of the date of submission of his application; if the application referred to in paragraph 2 is not submitted through the Office of a Foreign Power, the Office shall send the holder of the security authorisation the recognition referred to in paragraph 1 within 20 days of the date of receipt of the application by the Office. The Office shall send the recognition referred to in the second sentence of paragraph 1 to the security authorisation holder within 60 days of the date of submission of the application; if recognition would not be in accordance with the foreign political or security interests of the Czech Republic, the Office will not comply with the request and will notify the applicant in writing within the same period.
(5) the recognition referred to in paragraph 1 shall include
the particulars referred to in paragraph 2(a)(1) to (3) and paragraph 2(b)(1);
b) identification of the security authorization issued by the Office of a foreign power,
the identification of the highest classification level of the classified information for which the recognition referred to in paragraph 1 entitles access;
(d)) for the applicant referred to in paragraph 2 (b)) the form of access pursuant to Section 20,
the date of issue and the period of validity;
the stamp and signature of the authorised representative of the Office; an official stamp is not required if recognition has been issued in electronic form.
(6) on the basis of the recognition referred to in paragraph 1 may be allowed to
a) a non-entrepreneurial natural person
1. the performance of a sensitive activity; and
2. if instructed, access to classified information or separate access to a Secured Area or Negotiating Area; and
holders of security authorisations other than those referred to in point (a) shall have access to classified information.
Non-disclosure
§ 63
(1) The responsible person of the authority of the State to whose material jurisdiction the classified information belongs shall release the natural person from the obligation of confidentiality (hereinafter referred to as "non-disclosure") at the request of the authority of the State conducting the proceedings in which it is strictly necessary to discuss the classified information, unless this Act provides otherwise. The application for non-disclosure shall contain an identification of:
a) the proceedings conducted by the authority of the State and a justification of the need and scope of the non-disclosure;
the classified information or the identification of the item to which the classified information to be released relates; and
c) a natural person to be exempted from confidentiality, if possible.
(2) In the event that an authority of the State ceases to exist without a legal successor, the Director of the Office may waive confidentiality.
(3) for the purposes of the proceedings referred to in paragraph 1 of the exemption from confidentiality further performs
a) the President of the Republic with the Prime Minister, the President, the Vice-President and members of the Supreme Audit Office, the President and Vice-President of the Constitutional Court, the President and Vice-President of the Supreme Court, the President and Vice-President of the Supreme Administrative Court, the Head of the Office of the President of the Republic, the Ombudsman, the Children's Rights Ombudsman and their Deputy, and the Governor and Vice-Governors of the Czech National Bank;
b) the Chamber of Deputies,
c) the Senate of Senators,
d) the President of the Chamber of Deputies at the head of the Office of the Chamber of Deputies,
e) the President of the Senate at the Head of the Office of the Senate,
f) the Prime Minister to ministers and heads of other central administrative offices,
g) the President of the Constitutional Court in the judges of the Constitutional Court,
the Minister for Justice for judges other than those referred to in point (g), prosecutors and jurors;
the Government to the Director of the Security Information Service,
j) the Minister of the Interior to the Director of the Office for Foreign Relations and Information,
k) the Minister of Defence to the Director of Military Intelligence and
l) the Prime Minister to the Director of the General Inspectorate of Security Forces,
after a statement by the person responsible to the authority of the State to whose material jurisdiction the classified information belongs, which contains consent to the non-disclosure or a reasoned statement that they do not agree to the non-disclosure for serious reasons.
(4) If the obligation to maintain the confidentiality of a matter under consideration by a parliamentary body, the exemption from the confidentiality of a natural person may be carried out by the Chamber of Deputies or the Senate in accordance with the procedure referred to in paragraph 3.
(5) Exemption from confidentiality is not required for the President of the Republic.
(6) The non-disclosure shall be carried out in writing, to the extent and for the period strictly necessary. The classification of classified information shall not be affected by the waiver of confidentiality.
(7) Exemption from confidentiality may be refused if the interest in protecting classified information pursuant to paragraph 1 outweighs the interest in discussing it.
Enabling provisions
§ 64
The implementing legislation shall lay down a model for:
a) the certificate of the natural person and the certificate of the entrepreneur,
b) an application for the issue of a certificate of a natural person for foreign power and a certificate of an entrepreneur for foreign power; and
c) applications for recognition of security authorisation pursuant to Section 62.
Title XI
Obligations in respect of the protection of classified information
§ 65
General obligations
(1) Everyone is obliged to immediately hand over found classified information or classified information obtained in violation of this Act or the certificate of a natural person, the certificate of an entrepreneur, the certificate of a natural person for a foreign power or the certificate of an entrepreneur for a foreign power (hereinafter referred to as the "found document") to the Office, the Police or the Embassy of the Czech Republic.
(2) Everyone who has had or has access to classified information is obliged to maintain confidentiality about it and must not give access to it to an unauthorized person.
(3) Everyone is obliged, when performing an inspection by the Office, to comply with the instructions of the inspection officer when implementing urgent measures pursuant to Section 144(1).
§ 66
Obligations of the natural person having access to classified information and of the natural person holding the natural person’s certificate
(1) a natural person who has access to classified information is obliged to
comply with obligations to protect classified information;
b) surrender to the person who issued the certificate of a natural person within 15 days his certificate of a natural person whose validity has expired pursuant to Section 56(1)(b) and (f) to (i) or (k);
immediately notify in writing the person who issued the certificate of a natural person or the certificate of a natural person for a foreign power, the loss or theft of his certificate of a natural person or the certificate of a natural person for a foreign power and such damage to his certificate of a natural person or the certificate of a natural person for a foreign power that the entries therein are illegible or its integrity is violated;
immediately notify the Office in writing of changes to the data contained in the request of a natural person; the limitation of the scope of notification of changes, as well as the method and form of their substantiation, shall be laid down in the implementing legislation,
e) immediately notify the person who carried out its instruction pursuant to Section 9(1) or Section 11(2), breach of the obligations laid down in this Act and loss or unauthorized destruction of a medium containing classified information,
f) participate in training pursuant to Section 67(1)(b).
(2) A natural person who holds a natural person's certificate but does not have access to classified information shall be subject only to the obligations referred to in paragraph 1(b) to (d).
§ 67
Responsibilities of the responsible person
(1) the responsible person is obliged to ensure
a) the instruction of a natural person,
(b)) once a year to conduct training of natural persons who have access to classified information from the legislation in the field of protection of classified information and to keep an overview of these trainings,
verification of compliance with the conditions for access by a natural person to classified information classified at the level reserved;
d) approval of the information system into operation and written notification of this fact to the National Cyber and Information Security Office,
entrusting a natural person with the exercise of cryptographic protection;
f) immediately notify the Office in writing that, before issuing a certificate of a natural person or a decision pursuant to Section 121(2), the facts justifying the application of the natural person have ceased to exist;
an immediate written notification to the Office of the termination of service or of an employment, membership or similar relationship in which a natural person has been granted access to classified information classified as Top Secret, Secret or Confidential; this obligation does not apply to the responsible person of the intelligence service or the Ministry of the Interior in cases of police officers pursuant to Section 141(1);
h) checking compliance with other obligations laid down in this Act,
immediate written notification to the National Cyber and Information Security Authority of the cessation or interruption of the operation of the information system; and
j) the performance of the acts referred to in § 11a.
(2) No other person may be authorised to perform the duties laid down in Section 21(5), Section 23(1)(b), Section 59(1), Section 60(5), Section 63(1) and (3), Section 70(5) and Section 77(2)(a).
§ 68
Obligations of an entrepreneur holding an entrepreneur's certificate
Entrepreneur who holds a certificate of entrepreneur is obliged to
a) hand over to the Office within 15 days a certificate of an entrepreneur whose validity has expired pursuant to Section 56(1)(b), (f) or (l),
b) immediately notify the Office in writing of the loss or theft of the entrepreneur's certificate or the entrepreneur's certificate for foreign power and such damage to the entrepreneur's certificate or the entrepreneur's certificate for foreign power that the entries therein are illegible or its integrity is violated,
immediately notify the Office in writing of changes to the data specified pursuant to Section 97(a), (b), (c) or (q) or Section 98(c) in the entrepreneur's questionnaire and security documentation, as well as the establishment or cancellation of a secure area of the reserved category; the limitation of the scope of notification of changes, as well as the method and form of their substantiation, shall be laid down in the implementing legislation,
d) notify the Office in writing each year, on the date which coincides with the date of issue of the entrepreneur's certificate, of changes to the information given in the entrepreneur's application pursuant to Section 96; the limitation of the scope of notification of changes and the form of their substantiation shall be laid down in the implementing legislation,
e) to ensure the protection of classified information when the validity of the entrepreneur's certificate expires,
f) send the Office a decision on the approval of the project of transformation pursuant to the Act on Transformations of Commercial Companies and Cooperatives28a) the entrepreneur within 15 days from the date of its receipt.
Section 68a
Obligations of the entrepreneur who made the declaration of the entrepreneur
An entrepreneur who has made a declaration of an entrepreneur is obliged to
a) keep the security documentation of the entrepreneur in the scope of § 98 (b). (c)) and on request of the provider reserved information to provide it,
b) to ensure the protection of classified information when access to classified information ceases;
c) send the declaration of the entrepreneur to the Office pursuant to Section 15a(3),
d) notify the Office or the provider of the reserved information in writing pursuant to Section 15a(4) of the termination of access to it or pursuant to Section 15a(6) of the termination of validity of the entrepreneur's declaration,
e) to proceed mutatis mutandis in accordance with Section 56(2) when the entrepreneur’s declaration ceases to be valid for the reasons set out in Section 15a(5);
f) make and immediately transmit to the provider reserved information, or in the case of Section 15a(3) of the Office, a new declaration of the entrepreneur, if even after the expiration of the validity of the original declaration of the entrepreneur pursuant to Section 15a(5)(a) or (f) continues to necessarily need access to classified information classified at the level reserved.
§ 69
Obligations of an entrepreneur who has access to classified information, legal entities under Section 60b and a state authority
(1) an entrepreneur who has access to classified information, a legal entity under section 60b and the authority of the state are obliged to
ensure the protection of classified information under this Act and international treaties;
b) to process and maintain an overview of places or functions where it is necessary to have access to classified information, including classified information of the European Union, the North Atlantic Treaty Organization and classified information requiring a special handling regime, indicating the level of classification, or which cannot be carried out without a certificate of special professional competence pursuant to this Act (Section 39); this is without prejudice to the provisions of special legislation in the field of professional competence29),
c) immediately notify the Office in writing of a fact that may affect the issue or validity of a certificate of a natural person or a certificate of an entrepreneur,
d) to ensure the creation of conditions for marking, recording, lending, storing, transporting, further handling and decommissioning classified information and classified information with a special handling regime in accordance with the implementing legislation,
e) operate only an information system that is certified by the National Cyber and Information Security Authority and approved in writing for operation, or an information system of a foreign power that is accredited by the National Cyber and Information Security Authority,
stop the operation of an information system that does not meet the conditions set out in the certification report and ensure the protection of classified information therein, and inform the National Cyber and Information Security Authority thereof;
g) operate only a communication system whose security project has been approved by the National Cyber and Information Security Authority,
to stop the operation of a communication system that does not meet the conditions set out in the communication system security project and to inform the National Cyber and Information Security Authority thereof;
i) use for cryptographic protection only a device that is certified by the National Cyber and Information Security Authority or is part of a foreign power information system accredited by the National Cyber and Information Security Authority, and use the cryptographic workplace only for the purpose for which it has been certified and approved for operation;
keep records of natural persons who have access to classified information and records of cases of unauthorised handling of classified information;
to report breaches of an obligation to protect classified information or an obligation imposed by an international treaty in the field of the protection of classified information and to take measures to eliminate the causes and adverse consequences of breaches of the Office; this obligation shall not apply to intelligence services in cases pursuant to Section 140(1)(a) and to the Ministry of the Interior in cases pursuant to Section 141(1), except in cases of breach of the protection of classified information of the North Atlantic Treaty Organisation or the European Union;
l) establish a register of classified information provided (Section 79) and report changes in it to the Office to the extent specified in the implementing legislation,
carry out an inspection of classified information registered in the Classified Information Register on 31 December of the calendar year and send a report on its outcome to the Office by 15 February of the following calendar year, together with an indication of the number of classified information and its classification levels; intelligence services shall send a report on classified information provided by the central register and the register kept by the Ministry of Foreign Affairs pursuant to Section 78(1);
to transmit classified information provided by a foreign power or foreign partner for registration to the Office or the Ministry of Foreign Affairs pursuant to Section 79(5);
o) send classified information to a foreign power through the central register (Section 79(2)) in the cases provided for by this Act,
p) ensure the written authorisation of a natural person to access classified information with a special handling regime marked "ATOMAL",
q) as a provider of reserved information, immediately send the Office a copy of the entrepreneur's declaration pursuant to Section 15a(2),
r) as the contracting authority, if it is not an intelligence service, immediately notify the Office in writing and document the documents to
- the fact that it will award a contract outside a procurement procedure for the protection of classified information;49) or will award an above-threshold public contract outside the procurement procedure for another reason63)where access to classified information is granted at the time of the award of the contract;
- the fact that, in the procurement procedure, it lays down measures to ensure the protection of classified information;50) Confidential or above;
- the establishment of a requirement of professional competence in a public procurement procedure;51), consisting in the presentation of a document proving the supplier’s ability to secure the protection of classified information classified as Confidential or above or the authorisation for persons of the supplier to enter a Secured Area of the category Confidential or above or a Negotiating Area under this Act; or
- laying down a condition for the conclusion of a contract in a public procurement procedure consisting in the production of a document proving the contractor’s ability to ensure the protection of classified information64) Confidential or above;
s) to monitor compliance with other obligations laid down in this Act,
t) keep records of cryptographic material, records of cryptographic protection personnel, records of operating personnel of the cryptographic device and records of couriers of cryptographic material;
u) notify the Office of the destruction of classified information pursuant to Section 21(11).
(2) the obligation referred to in paragraph 1 (b). (c)) does not apply to intelligence services
in the cases referred to in Section 140(1)(a) and to the Ministry of the Interior in the cases referred to in Section 141(1).
(3) The obligation under paragraph 1(r) shall also apply to the region in the exercise of its independent competence.
§ 70
Obligations in respect of the protection of industrial property
(1) Any person who files an application for an invention, utility model or topography of a semiconductor product with the Industrial Property Office (hereinafter referred to as the "applicant") is obliged to indicate on the application a draft classification level if he considers that the subject of the application contains classified information. Where the applicant is a legal person, he shall indicate in the application the name, surname and position or position of the person responsible.
(2) The Industrial Property Office shall submit the application referred to in paragraph 1 to the Office, which shall, after receiving the opinion of the Central Administrative Office in whose field of competence the subject-matter of the application falls, confirm, amend or, if the subject-matter of the application does not contain classified information, reject the application; if the subject-matter of the application does not fall within the material competence of any central administrative authority, a statement shall not be required.
(3) The Office shall notify the Industrial Property Office, within 60 days from the date of receipt of the application by the Office, of the confirmation or amendment of the draft classification level made pursuant to paragraph 2, or inform the Office within the same period that it has rejected the draft classification level, and shall return the application to the Office; in the notification, the Office shall also indicate whether the applicant fulfils the conditions for access to classified information.
(4) The Industrial Property Office shall mark the classification level notified in accordance with paragraph 3 on the application and shall notify it without delay to the applicant, who shall mark this classification level in the specified manner (Sections 21 and 22) on the subject of the application; if the applicant is a natural person not engaged in business activities, the Industrial Property Office shall have the status of originator. The Industrial Property Office shall also notify the applicant without delay of the communication referred to in paragraph 3.
(5) If the subject of the application pursuant to paragraph 1 contains classified information and if the applicant does not meet the conditions for access to classified information of this level of classification, the Industrial Property Office shall, if the applicant is a natural person, instruct him or her, and if the applicant is a legal person, instruct the responsible person of the applicant; the responsible person of the applicant shall instruct any natural person who, within the legal person of the applicant, has had access to, or is in urgent need of, the subject-matter of the application; instructing such persons shall be deemed to meet the conditions for access to classified information contained in the subject of this application. The last sentence of Paragraph 9(1) and the third sentence of Paragraph 11(2) shall apply mutatis mutandis.
§ 71
Security Director
(1) The authority of the State with which classified information arises or to which it is provided, as well as the legal person under Section 60b with which classified information arises or which is provided, and the entrepreneur who has access to classified information, are obliged to establish and occupy the position of security director. The position of Security Director may also be exercised by the responsible person himself; otherwise the Security Director shall report directly to the person responsible.
(2) The authority of the State, a legal person pursuant to Section 60b and an entrepreneur pursuant to paragraph 1 are obliged to notify the Office in writing of the name, surname and birth number of the person performing this function within 15 days from the date of filling the position of security director.
(3) The Security Director approves the list of places or functions pursuant to Section 69(1)(b) for which access to classified information is required, and fulfils other obligations laid down in writing by the person responsible within the scope of this Act, including the obligations laid down by it, except in the cases referred to in Section 67(2); the responsibility of the person responsible for protecting classified information shall not be affected by the appointment of the Security Director. The obligation to approve the list of places or functions pursuant to Section 69(1)(b) by the Security Director shall not apply to intelligence services. The written assignment of responsibilities to the Security Director by the Responsible Person shall not be required where the Responsible Person performs the function of Security Director.
(4) The function of Security Director may be performed only by a natural person who fulfils the conditions of access to classified information of the level to which he will have access in the performance of this function. In the case of an entrepreneur, a natural person in the position of Security Director must hold a certificate of a natural person for access to classified information at least at the level for which the entrepreneur has issued a certificate.
(5) The function of security director may not be exercised at more than one state authority, legal persons under section 60b or entrepreneurs simultaneously.
§ 72
Personnel project
(1) Ministries and other central administrative authorities annually prepare a personnel project.
(2) Personnel project includes
a) an assessment of the state of personnel security for the past year; and
b) the estimated number of natural persons for whom it will be necessary to carry out a procedure pursuant to Section 92(a) in the following year, distinguishing by security classification.
(3) Personnel projects shall be sent by ministries and other central administrative offices of the Office by 31 July of the relevant calendar year.
(4) Personnel projects shall be submitted by the Office together with its opinion to the Government by 30 November of the relevant calendar year for approval.
Title XII
Provision of classified information in international relations
§ 73
Conditions for the release of classified information
Classified information may be provided in international relations, unless otherwise provided for in Section 74,
a) in the case of classified information classified at the level of Top Secret, Secret or Confidential, on the basis of a written request from an authority of the State, a legal person pursuant to Section 60b or an entrepreneur and a written authorisation from the Office,
in the case of classified information classified at the level Reserved, on the basis of a written request from an authority of the State, a legal person pursuant to Section 60b or an entrepreneur and the written consent of the central administrative authority in whose field of competence the classified information falls; where the classified information does not fall within the material competence of any central administrative authority, with the written consent of the Office.
§ 74
Conditions for the release of classified information between a State authority and a foreign power
(1) Fulfilment of the conditions under Section 73(a) when providing classified information between a state authority and a foreign power is not required
a) if an international agreement is concluded in the field of protection of classified information by which the Czech Republic is bound,
b) if the release of classified information results from an obligation of membership of the Czech Republic in the European Union or the North Atlantic Treaty Organization,
c) if classified information is provided under a special legal regulation30),
d) if classified information is provided between the intelligence service and a similar service of a foreign power in the framework of cooperation carried out under a special legal regulation19), or
if classified information is provided pursuant to Section 77(2)(b) or (c) or the second sentence of Section 78(2).
(2) Classified information classified as reserved may be provided between an authority of the State and a foreign power without the consent referred to in Section 73(b).
§ 75
(1) an application under section 73 contains
an indication of the foreign power or foreign partner to whom the classified information is to be disclosed;
the reasons for which authorisation or consent is sought; this shall not apply if the classified information is to be provided to a foreign power by an authority of the State.
(2) the annex to the application for a permit or consent under section 73 is
a contract under which classified information is to be provided to a foreign power or foreign partner, containing a specification of the classified information and the conditions for its protection; or
b) if it is also a case under Section 75a, a draft contract under which classified information is to be provided to another foreign power (Section 77(7)) or to a foreign partner, containing a security instruction.
Section 75a
(1) A contract in the performance of which access to classified information of a foreign power or access to an information system that is certified or accredited for the handling of classified information of a foreign power is required shall contain a security instruction regulating the conditions of protection of classified information of a foreign power and classified information that may arise in the performance of such a contract.
(2) the security instructions take into account the requirements of foreign power and must be approved before the conclusion of the contract referred to in paragraph 1
a) the Office, if
1. is the originator of classified information of the North Atlantic Treaty Organisation or of the European Union;
2. the Office will reserve it,
3. the classified information does not fall within the material competence of another central administrative authority; or
4. there shall be no agreement as referred to in subparagraph (b);
another central administrative authority in whose field of competence the classified information falls and, where more than one central administrative authority falls within the field of competence, one of them by agreement between them. The central administrative authority which approved the safety instruction shall check compliance with the safety instruction in accordance with the control rules.
(3) The contract referred to in paragraph 1 concluded between a foreign power or foreign partner and the intelligence service shall not be subject to the provisions of paragraph 2.
(4) The content and structure of the safety instructions shall be laid down in implementing legislation.
§ 76
Authorisation and consent for the release of classified information
(1) Before issuing an authorisation pursuant to Section 73(a), the Office shall always seek the written opinion of the Ministry of Foreign Affairs and the competent intelligence service, as well as of the central administrative authority to whose material competence classified information falls, unless such authority applies for authorisation from the State; where the classified information does not fall within the material competence of any central administrative authority, an opinion shall not be required. If a state authority, a legal person pursuant to Section 60b or an entrepreneur applies for authorisation, the Office shall request from them the security authorisation of their foreign partner issued by the Office of a foreign power, whose competence includes the protection of classified information in the country of the foreign partner. Where classified information is to be released in international relations for the purposes of proceedings before certain international courts and other international supervisory bodies:65) or in connection with the international obligations of the Czech Republic, the Office shall, prior to issuing an authorisation pursuant to Section 73(a), request only the written opinion of the central administrative office to whose material competence the classified information belongs, or the relevant intelligence services or police, if they are the originator of the classified information.
(2) The Ministry of Foreign Affairs, the competent intelligence service and the central administrative office shall provide the Office with the opinion referred to in paragraph 1 within 30 days of the date of receipt of its request.
(3) The Office shall issue a permit pursuant to Section 73(a) within 60 days from the date of delivery of the application to an authority of the State, a legal person pursuant to Section 60b or an entrepreneur; in the event that classified information is jeopardised by its release, the Office shall not grant the request and shall notify the applicant thereof in writing within that period.
(4) The Central Administrative Office or the Office shall issue consent pursuant to Section 73(b) within 30 days from the date of delivery of the request to an authority of the State, a legal person pursuant to Section 60b or an entrepreneur; where classified information would be jeopardised by its release, the Central Administrative Office or the Office shall not grant the request and shall notify the applicant thereof in writing within that period.
(5) There is no legal entitlement to the issue of a permit and to the granting of consent under Section 73.
(6) The Office shall keep an overview of permits issued pursuant to Section 73(a).
§ 77
Method of release of classified information
(1) The release of classified information classified as Top Secret, Secret or Confidential in international relations shall take place through the register referred to in Section 79(2), unless otherwise provided for in paragraphs 2 to 5, Section 78 or in an international agreement.
(2) Paragraph 1 shall not apply to the release of classified information
a) between the intelligence service and a similar service of a foreign power within the framework of cooperation carried out pursuant to the Act on Intelligence Services of the Czech Republic; the release of classified information in this case is decided by the responsible person of the intelligence service,
b) between public prosecutor's offices, law enforcement agencies and similar foreign authorities established under directly applicable European Union legislation66),
between judicial authorities and foreign authorities, the European Union Agency for Criminal Justice Cooperation established by directly applicable European Union legislation;67), the European Union Agency for Law Enforcement Cooperation (Europol) established by directly applicable European Union law68), the institutions and bodies of the European Union, the International Criminal Police Organisation (Interpol) and other international organisations and international criminal courts, international criminal tribunals or similar international judicial bodies with competence in criminal matters and their authorities in the framework of international judicial cooperation in criminal matters carried out pursuant to the Act on International Judicial Cooperation in Criminal Matters.
(3) For the provision of classified information between the Ministry of Defence, the Ministry of Justice, courts, public prosecutor's offices, the police, the General Inspectorate of Security Forces or customs authorities and similar bodies of foreign power, paragraph 1, if provided for in an international agreement binding on the Czech Republic, or a special legal regulation31) Otherwise, it does not apply.
(4) State authorities and police keep a register of classified information provided under paragraphs 2 and 3.
(5) The provisions of paragraph 1 and Section 73 shall not apply to the provision of classified information in international relations in cases pursuant to Section 60(1).
(6) The release of classified information classified as Top Secret, Secret or Confidential in international relations for the purposes of proceedings before certain international courts and other international supervisory bodies pursuant to the Act on International Judicial Cooperation in Criminal Matters or in connection with the international obligations of the Czech Republic is carried out by courier or diplomatic means.
(7) Classified information of a foreign power may only be provided to another foreign power or to a foreign partner in accordance with its requirements.
(8) In the case of carriage by courier of classified information classified as Top Secret, Secret and Confidential in international traffic, the responsible person or the Security Director shall request the Office to issue a courier certificate. The courier certificate shall contain, in particular, the courier's identification data, information on the consignment transported and instructions for its handling. When transporting diplomatic mail through a diplomatic courier, the Office shall not issue a courier certificate; in such cases, the diplomatic courier is provided with an official document pursuant to an international treaty;69)by which the Czech Republic is bound.
§ 78
Method of release of European Union classified information
within and outside of it
(1) The release of classified information classified as Secret or Confidential between the Czech Republic and the Member States of the European Union or between the Czech Republic and the institutions of the European Union concerning mutual cooperation between the Member States of the European Union pursuant to the Treaty on European Union, the Treaty on the Functioning of the European Union or the Treaty establishing the European Atomic Energy Community shall be carried out through a register kept by the Ministry of Foreign Affairs pursuant to Section 79(3).
(2) The provisions of paragraph 1 shall not apply to the provision of classified information which requires a special handling regime pursuant to Section 21(3). Furthermore, the procedure referred to in paragraph 1 shall not apply in the case of the provision of classified information between the authorities referred to in Section 77(2).
§ 79
Registers, auxiliary registers and checkpoints
(1) Classified information shall be recorded in the registers or auxiliary registers of classified information in the minutes of negotiations and shall be stored or transmitted at the level of Top Secret, Secret or Confidential information provided in international relations. At the control points of the register, such classified information shall be recorded in auxiliary negotiation protocols and forwarded to the processor.
(2) The Office shall establish and maintain a central register of classified information referred to in paragraph 1 by it or directly provided to it and classified information provided through it pursuant to Section 77(1) (hereinafter referred to as the "central register").
(3) The authority of the State, a legal person pursuant to Section 60b and an entrepreneur establish and maintain a register of classified information referred to in paragraph 1 by them or provided to them (hereinafter referred to as the "register"); classified information provided through the Ministry of Foreign Affairs pursuant to Section 78(1) shall also be recorded in the register of the Ministry of Foreign Affairs. The establishment of the register shall be approved by the Office on the basis of a written request from an authority of the State, a legal person pursuant to Section 60b or an entrepreneur; This does not apply to intelligence agencies. Before issuing its consent, the Office shall be entitled to carry out a verification of the facts specified in the application for the establishment of a register and, where appropriate, of other facts and conditions relating to the establishment of a register.
(4) A state authority, a legal person pursuant to Section 60b or an entrepreneur may, in order to increase the operational use of their register, establish, as its internal components, auxiliary registers or control points.
(5) Classified information referred to in paragraph 1 provided by a foreign power or foreign partner of a state authority, a legal entity under Section 60b or an entrepreneur by any means other than those referred to in Section 77(1) or Section 78(1) shall be transmitted by a state authority, a legal entity under Section 60b or an entrepreneur for registration in the central register or, in the case of classified information under Section 78(1) in the register of the Ministry of Foreign Affairs, immediately after its provision; this obligation does not apply to intelligence services.
(6) The authority of the State, a legal person pursuant to Section 60b or an entrepreneur shall notify the Office of changes in the register to the extent specified in the implementing legislation.
(7) The Office keeps an overview of established registers and supervises their activities.
(8) the implementing legislation provides for
the organisation and operation of the central register;
the organisation and operation of the register, auxiliary register and control point;
the details of the report on the inspection of classified information registered in the register pursuant to Section 69(1)(m);
d) the content of the written request for the establishment of a register,
the conditions for the establishment, content and method of keeping the register; and
the extent of changes in the register notified to the Office and the procedure for cancelling the register.
PART THREE
SECURITY ELIGIBILITY
§ 80
Sensitive activity
(1) Sensitive activity means an activity laid down in this Act (Section 88) or a special legal regulation32), the misuse of which could jeopardise the interests of the Czech Republic.
(2) Sensitive activity may be carried out by a natural person who is security competent, holds a valid certificate of a natural person or has been recognized by a security authorisation issued by an authority of a foreign power.
(3) A person who is the holder of a valid document on the security capability of a natural person (hereinafter referred to as "document") is security-qualified.
Section 80a
The holder of a document shall be entitled, in the event that the validity of the document has expired for the reason referred to in Section 85(3)(a), until a decision is taken on the application pursuant to Section 99(3), but no later than 12 months after the expiry of the validity of the document, to carry out sensitive activities or have access to classified information classified at the level Reserved if the application was submitted at the time when the state of crisis was declared or if the state of crisis was declared in the course of the procedure for that application.
§ 81
Conditions for issuing the document
(1) the Office shall issue the document to a natural person who
a) is a citizen of the Czech Republic or a national of a Member State of the European Union or the North Atlantic Treaty Organization,
(b)) is fully lawful,
has reached at least 18 years of age;
(d)) is of good repute pursuant to § 13 and
e) is reliable.
(2) The age condition is verified by an identity card or travel document of a natural person.
(3) The conditions referred to in paragraph 1 must be fulfilled by the natural person throughout the period of validity of the document.
§ 84
Reliability
(1) The condition of reliability is met by a natural person who has not been found to have a negative circumstance.
(2) Negative circumstances are
a) the activity of a natural person against the interest of the Czech Republic,
the fact that the financial situation is manifestly disproportionate to the duly declared income of the natural person; or
c) repeated failure to provide the necessary cooperation or to grant consent pursuant to Section 109(2) in ongoing proceedings for the annulment of the validity of a document, if it is not possible to decide on the matter without providing cooperation.
(3) a negative circumstance can also be considered
a) conduct that negatively affects the credibility or influenceability of a natural person and may lead to abuse of the performance of a sensitive activity;
b) contacts with a person who develops or has developed activities against the interest of the Czech Republic, or
c) the fact that a natural person suffers from such a health disorder or there are such characteristics in the structure of his personality that may negatively affect the performance of a sensitive activity.
(4) The negative circumstances referred to in paragraph 2(a) and (b) shall be ascertained for the period from the age of 15 years, the negative circumstances referred to in paragraph 2(c) shall be ascertained only in an ongoing cancellation procedure and the negative circumstances referred to in paragraph 3(a) and (b) shall be ascertained for the period of 10 years preceding the date of initiation of the procedure or for the period from the age of 15 years, whichever is the shorter.
(5) In assessing whether a circumstance referred to in paragraph 3 is a negative circumstance, account shall be taken of the extent to which it may affect the performance of the sensitive activity, the time of its occurrence, its extent and nature, and the behaviour of the natural person during the period referred to in paragraph 4.
§ 85
Document
(1) The document is a public document. The document is valid for 10 years.
(2) the document must contain
a) first name, surname, maiden name,
the day, month, year and place of birth;
(c)) nationality,
the date of issue and the period of validity; and
the stamp and signature of the authorised representative of the Office.
(3) the validity of the document expires
the expiry of its period of validity;
b) the date of enforceability of the decision of the Office (Section 123(3), Section 126(4)) revoking its validity (Section 101),
the death of a natural person holding a document or his/her declaration of death;
d) by announcing its theft or loss,
e) by reporting such damage that the entries in it are illegible or its integrity is violated,
by returning the document by its holder to the person who issued it; or
the date of receipt of the natural person's certificate or new document.
(4) If the holder of a document within 15 days from the date of expiry of its validity pursuant to paragraph 3 (d) or (e) requests the Office in writing to issue a new document, the performance of a sensitive activity is not affected by the expiry of the validity of the original document; Within 5 days of receipt of the application, the Office shall issue a new document replacing the original one. If no application is submitted in accordance with the first sentence, the Office shall proceed in accordance with the second sentence of paragraph 6.
(5) In the event of a change in any of the information contained in the document, the Office shall issue a new document without delay. The possibility of carrying out a sensitive activity is not affected until the delivery of the new document.
(6) When a document expires pursuant to paragraph 3 (a), (b) or (f), the responsible person is obliged to ensure that the natural person does not carry out a sensitive activity. In the event of termination of the validity of a document pursuant to paragraph 3 (b) or (f), the Office shall notify the person responsible in writing of the termination of the validity of the document.
(7) The implementing legislation shall lay down a model document.
§ 86
Obligations of a legal person, a natural person doing business and an authority of the State
A legal person, a natural person doing business and a state authority are obliged to
a) ensure the performance of a sensitive activity by a natural person who holds a valid document or certificate of a natural person or has been recognised by a security authorisation issued by an authority of a foreign power;
b) keep a register of natural persons who perform sensitive activities and are in a service relationship or in an employment, member or similar relationship with them,
c) ensure that the Office is promptly notified in writing that, before issuing a document or a decision pursuant to Section 121(2), the facts justifying the request for a document have ceased to exist;
d) notify the Office in writing of a fact other than that referred to in subparagraph (c) which may affect the issue of the document or the decision to revoke its validity or the validity of the certificate of a natural person (Section 101); and
ensure that the Office is immediately notified in writing that a sensitive activity has commenced or has ceased because of termination of service or employment, membership or similar relationship of the holder of the document or certificate; such notification shall also include the start or end date of the sensitive activity.
§ 87
Obligations of the natural person
(1) a natural person who is the holder of the document is obliged to
a) hand over to the Office within 15 days a document whose validity has expired pursuant to Section 85(3)(b), (e) or (g),
b) immediately notify the Office in writing of the loss or theft of the document and such damage to the document that the entries therein are illegible or its integrity is violated,
immediately notify the Office in writing of changes to the information contained in its request for a document; the limitation of the scope of notification of changes, as well as the method and form of their substantiation, shall be laid down in the implementing legislation.
(2) Everyone is obliged to immediately hand over the found document to the Office, the Police or the embassy of the Czech Republic.
§ 88
Carrying out sensitive activities for the needs of intelligence services
(1) Acts of persons not listed in Section 140(1)(a) performed for the intelligence service on the basis of an agreement in connection with the exercise of state administration or for any other reason shall be considered sensitive activities for the purposes of the intelligence service.
(2) The conditions of security capability of a natural person who is to carry out a sensitive activity for the intelligence service shall be verified by the intelligence service.
(3) The intelligence service verifies the conditions pursuant to § 81 on its own initiative to the extent necessary for the performance of a sensitive activity. Safety procedures referred to in Part Four is not carried out and the document is not issued.
(4) The intelligence service shall allow a natural person to carry out a sensitive activity if he meets the conditions under § 81, for the period necessary to carry out this activity.
PART FOUR
SECURITY MANAGEMENT
Title I
General provisions
Section 88a
This part regulates the Office’s procedure in security proceedings (hereinafter referred to as ‘proceedings’) when deciding on applications under Sections 94, 96 and 99 and when deciding on the revocation of the validity of a certificate of a natural person, a certificate of an entrepreneur or a document.
§ 89
General principles of safety management
(1) The Office shall proceed in security proceedings in such a way that the state of the case is fully and accurately ascertained to the extent necessary for the decision, so that no one incurs unnecessary costs and without unnecessary delays.
(2) The personal honour and dignity of all persons concerned by the proceedings must be safeguarded during the proceedings.
(3) The Office shall create conditions so that due to the disability of the party to the proceedings there is no harm or shortening of his rights.
(4) The proceedings are not public.
Section 89a
Management
(1) The Office conducts proceedings through official persons authorized to do so under the internal regulations of the Office. A record shall be made in the security file of which employee of the Office is an official in a given procedure and in which organisational unit he is assigned, and the Office shall inform the party to the proceedings thereof upon request.
(2) The individual acts in the proceedings shall be done in writing, unless this excludes the nature of the case. An individual communication in the course of proceedings may be made orally to a party present if that party does not insist in writing. The content of acts carried out in a form other than in writing shall be noted in the security file.
Section 89b
Language of the case
(1) The proceedings shall be conducted and the documents shall be drawn up in the Czech language, unless it concerns the exercise of the rights of a member of a national minority pursuant to paragraph 2. Documents drawn up in a foreign language must be submitted by the party to the proceedings in the original version and at the same time in an officially certified translation into the Czech language70).
(2) A citizen of the Czech Republic belonging to a national minority who has traditionally and for a long time lived in the territory of the Czech Republic has the right to act towards the Office and to act in the language of his national minority. If the Office does not have an official with knowledge of the language of a national minority, the person shall obtain an interpreter registered in the list of interpreters in accordance with the first sentence; the costs of interpretation and translation shall be borne by the Office.
(3) A party to proceedings pursuant to Section 92(a) and (b) and his representative pursuant to Section 92e, who declares that he does not speak the language in which the proceedings are conducted, shall, at his own expense, obtain an interpreter registered in the list of interpreters and translators; in other cases, the interpretation costs shall be borne by the Office.
Section 89c
Inspection of the security volume
The party to the proceedings and his representative shall have the right to inspect and extract from the security file, with the exception of that part of the security file which contains classified information. The contents of the security volume will be read to blind persons. Upon request, the Office shall allow the blind person to make a phonogram. The Office shall also, at the request of a blind person, allow his/her guide to consult the security file under the conditions set out in the first sentence.
§ 90
Exclusion
(1) The official of which it may reasonably be presumed, having regard to its relation to the case, to a party to the proceedings or to its representative, that it has such an interest in the course and outcome of the proceedings as to give rise to doubt as to its impartiality, that it is excluded from all acts of the proceedings in the performance of which it is likely to influence the outcome of the proceedings.
(2) An official who has participated in proceedings in the same case at a different stage of the proceedings shall also be excluded.
(3) A party to the proceedings may object to the bias of a public official within 15 days from the date on which he became aware of the official involved in the proceedings. The objection of bias shall indicate the official against whom the objection is directed, the grounds for doubt as to his bias and the evidence by which his claim may be proved. A later objection shall not be taken into account.
(4) An official who becomes aware of circumstances suggesting that he or she is biased shall immediately inform his or her superior thereof. Until such time as the hierarchical superior decides whether he or she is excluded, the official may perform only those acts which cannot be postponed.
(5) the superior of a public official who is excluded, for him immediately appoints another public official, which is not to the excluded in a relationship of subordination; the resolution on this shall only be noted in the security file.
(6) The decision on the exclusion of a public official shall be taken by the superior of the public official by means of a resolution against which no appeal may be lodged. The disqualification order referred to in paragraph 4 shall only be noted in the security file.
(7) The provisions of paragraphs 1 to 6 shall not apply to the Director of the Office.
(8) Paragraphs 1 and 3 to 5 shall apply mutatis mutandis to the participation of experts and interpreters in proceedings.
§ 92
Party to the proceedings
The party to the proceedings is:
a) in proceedings on applications pursuant to Section 94 or 99, a natural person who applies for the issue of a certificate of a natural person or a document, or a person for whom the issue of a certificate of a natural person is requested pursuant to Section 93(1)(c);
b) in the application procedure pursuant to § 96 entrepreneur who applies for the issue of a certificate of entrepreneur,
in proceedings for revocation of the validity of a certificate of a natural person, a certificate of an entrepreneur or a document, the holder of such public documents.
Section 92a
On behalf of the entrepreneur, actions in the management are carried out by his responsible person.
Section 92b
Procedural capacity
A party may act independently in the proceedings (hereinafter referred to as ‘procedural capacity’) to the extent that it has legal capacity.
Section 92c
Representation of a party
A party’s representative shall be a legal representative, guardian or agent.
Section 92d
Representation on the basis of law and guardianship
(1) To the extent that a party does not have the capacity to be a party to proceedings, he must be represented by a legal representative.
(2) the Office appoints a guardian
a) a party to the proceedings referred to in paragraph 1, if he does not have a legal representative or if he cannot be represented by a legal representative and if he does not have a guardian under a special law,
b) a party to the proceedings with a particularly severe disability, with whom it is not possible to communicate even through an interpreter or an intermediary,
c) a party affected by a temporary mental disorder which prevents him from acting independently in the proceedings, if this is necessary to defend his rights; in such cases, the Office shall decide on the basis of an expert medical opinion, or
d) an entrepreneur whose responsible person is not capable of acting on his behalf or cannot be served on him, or, if in other proceedings the subject of dispute, who is the responsible person of the entrepreneur.
(3) The Office shall appoint a guardian of the person with whom the person for whom the guardian is appointed is in custody, or another suitable person. This person is obliged to accept the position of guardian, unless there are serious reasons for not doing so. A party who, in anticipation of his own incapacity to act in law, has expressed his will to become his guardian shall be appointed by the Office as guardian with his consent by the person designated as guardian in the preliminary declaration. A guardian may not be appointed to a person who may reasonably be considered to have such an interest in the outcome of the proceedings as to justify a fear that he or she will not properly defend the interests of a party to the proceedings.
(4) The Office shall decide on the appointment of a guardian by means of an order, which shall be notified to the person appointed as guardian and to the party to the proceedings if this does not exclude the nature of the case or the status of the party to the proceedings, which makes him or her incapable of perceiving the content of the order.
(5) If the guardian fails to protect the rights or interests of a party to the proceedings, or if it can reasonably be assumed that the guardian has such an interest in the outcome of the proceedings, which justifies the fear that he will not properly defend the interests of a party to the proceedings, the Office shall by order cancel the previous appointment of a guardian and appoint a guardian of someone else in accordance with the procedure referred to in paragraph 4.
(6) The function of guardian ceases as soon as a party to the proceedings has begun to be represented by a legal representative, has acquired procedural capacity or the reasons for which a guardian has been appointed no longer apply. This fact shall be noted by the Office in the security file as soon as it becomes aware of it; in doubt, decide by order, which shall be notified only to the guardian and to the party to the proceedings or to his or her legal representative.
(7) An appeal against a resolution under paragraphs 4 to 6 shall not be admissible.
Section 92e
Representation by proxy
(1) A party to proceedings may be represented by a lawyer or another representative of his choice. Authorisation to represent shall be evidenced by a written power of attorney. A party may have only one agent at a time. In the case of personal acts, representation is excluded.
(2) An authorisation may be granted to:
for a specific act, group of acts or for a specific part of the procedure; or
b) for the entire proceedings.
(3) The proxy holder may grant a power of attorney to another person to act in his place as a party to the proceedings only if the proxy holder is expressly allowed to do so, unless a special law provides otherwise71).
Section 92f
(1) The representative in the proceedings shall act on behalf of the represented. Acts of the representative create rights and obligations for the directly represented person.
(2) In case of doubt about the extent of representation, the representative is entitled to act on behalf of the represented person throughout the proceedings.
Title II
Proceedings
§ 93
Initiation of the procedure
(1) the proceedings are initiated on the day on which it is
a) the Office received a written request under section 94 or 99,
b) the Office received a written request pursuant to § 96 and the administrative fee is paid,
c) the Office received an application from an institution of the European Union or an international organisation of which the Czech Republic is a member for the issue of a certificate of a natural person - a citizen of the Czech Republic who is an employee of an institution of the European Union or an employee of an international organisation of which the Czech Republic is a member, or
the holder of a certificate of a natural person, a certificate of an entrepreneur or a document is served with a written notification to the Office of the initiation of proceedings to invalidate these public documents.
(2) At the request of a party to the proceedings, the Office shall acknowledge receipt of the application pursuant to Section 94, 96 or 99.
(3) The Office shall also inform the person who is the responsible person for the holder of these public documents of the initiation of the proceedings referred to in paragraph 1(d) in the case of proceedings for the revocation of the validity of a natural person's certificate or document.
(4) An application under section 94, 96 or 99 may be withdrawn by a party to the proceedings; that right may not be exercised between the date of the decision of the Office and the date on which the appeal proceedings are initiated and the date on which the appeal decision is issued.
Request by a natural person
§ 94
(1) An application for the issue of a certificate of a natural person (hereinafter referred to as the "application of a natural person") shall contain, to the extent provided for in the implementing legislation, a written justification for the need for access to classified information indicating the classification level, consent to the conduct of the procedure and a declaration of the truthfulness and completeness of the data.
(2) The application referred to in paragraph 1 shall include the following annexes:
a) completed questionnaire of a natural person in paper and electronic form,
documents attesting to the accuracy of the information given in the questionnaire to the extent and in the form laid down in the implementing legislation; this does not apply if the accuracy of the data can be attested on the basis of data held in the basic register or agenda information system, which are made available to the Office for the performance of the agenda, or on the basis of consent,
(c)) one photo by its implementation corresponding to the requirements under other legislation72),
if the natural person is a foreign national, the documents and declarations referred to in Section 13(2);
e) a declaration of non-disclosure of the materially and locally competent tax administrator and other persons involved in tax administration pursuant to Section 52(2) of the Tax Code, to the full extent of the data for the purpose of conducting the proceedings; and
a justification of the need for access to classified information indicating the classification level and the designation of a place or function pursuant to Section 69(1)(b) confirmed by the responsible person or the security director of the person who will provide the natural person with classified information, to the extent specified in the implementing legislation.
(3) If a natural person has access to classified information immediately after the expiry of the validity of his previous certificate of natural person, he is obliged to apply in writing to the Office for the issue of a new certificate of natural person, before the expiry of the validity of the previous certificate of natural person within the period of at least
a) 3 months for the certificate of a natural person for the classification level Confidential,
(b)) 7 months for the certificate of a natural person for the classification level Secret and
10 months for a natural person's Top Secret certificate.
(4) The application referred to in paragraph 3 shall comply with the requirements referred to in paragraph 1 and shall be accompanied by the annexes referred to in paragraph 2.
(5) If a natural person pursuant to paragraph 3 applies for the issue of a new certificate of a natural person for the same classification level for which he has been issued the previous certificate of a natural person, the conditions for the issue of a new certificate of a natural person shall be ascertained retrospectively for at least the period that has elapsed since the issue of his previous certificate of a natural person.
(6) If the issue of a certificate of a natural person is requested by an authority of the European Union or an international organisation of which the Czech Republic is a member pursuant to Section 93(1)(c), the natural person whose certificate is requested shall proceed in accordance with paragraphs 2 to 5 mutatis mutandis.
(7) The reason for the need for a natural person to have access to classified information specified in the request must last for the entire duration of the proceedings pursuant to Section 93(1)(a) or (c).
§ 95
Questionnaire of a natural person
(1) The questionnaire of a natural person contains the following items:
a) first name, surname including previous and academic titles,
b) day, month, year and place of birth and birth number,
(c)) nationality, including previous ones,
the addresses of the places where they have resided or have resided continuously for more than 90 days in the last 10 years;
e) details of the identity document in the case of foreigners,
f) the employer and the designation of the position held, or an indication of the activity performed,
g) continuous stay abroad for more than 90 days,
h) ordered enforcement of the decision,
affiliation, contacts and links with the security services of a foreign power or its intelligence services, with the exception of contacts arising from professional or service duties after 1990;
j) personal contacts with foreign nationals or citizens of the Czech Republic living in non-member countries of the European Union or the North Atlantic Treaty Organization, with the exception of contacts arising from work or service obligations after 1990, if it can be reasonably assumed that these contacts are significant;
k) the use of narcotic or psychotropic substances referred to in the law governing the field of addictive substances35) and the use of alcohol,
l) pathological gambling,
m) treatment of addiction to the substances referred to in point (k) and alcohol and treatment of pathological gambling,
n) property relations,
o) membership or function in the association, foundation, institute and charitable society in the last 5 years,
p) address for the purpose of service,
the particulars referred to in points (a) to (d) and (f) for the spouse or partner;52) and persons over 18 years of age living with a natural person in the household36),
r) CV and
health and other professional care related to the state of health of a natural person, which may have a negative impact on his or her ability to conceal information.
(2) The stay referred to in paragraph 1(d) and (g) and Section 94(2)(d) shall be deemed to be continuous even in the event of its short-term interruption.
Entrepreneur's request
§ 96
(1) The application of the entrepreneur shall contain, to the extent specified in the implementing legislation, a written justification for the necessity of the entrepreneur's access to classified information, indicating the level of classification and the form of occurrence of classified information.
(2) The application referred to in paragraph 1 shall include the following annexes:
a) completed questionnaire of the entrepreneur in electronic form,
(b)) the security documentation of the entrepreneur and
c) documents necessary to verify compliance with the conditions referred to in Section 16 to the extent and in the form laid down in the implementing legislation,
d) a declaration of non-disclosure of the materially and locally competent tax administrator and other persons involved in the tax administration pursuant to Section 52(2) of the Tax Code, to the full extent of the data for the purpose of conducting the proceedings.
(3) If the entrepreneur has access to classified information immediately after the expiry of the validity of his previous certificate of entrepreneur, he is obliged to apply in writing to the Office for the issue of a new certificate of entrepreneur, before the expiry of the validity of the previous certificate of entrepreneur within the period of at least
a) 7 months for the certificate of the entrepreneur for the classification level Confidential,
(b)) 9 months for the certificate of the entrepreneur for the classification level Secret and
11 months in the case of an Entrepreneur's certificate for the classification level Top Secret.
(4) The application referred to in paragraph 3 shall comply with the requirements referred to in paragraph 1 and shall be accompanied by the annexes referred to in paragraph 2. In the entrepreneur's questionnaire, the data shall be filled in to the extent specified in the implementing legislation. The security documentation of the entrepreneur shall include only changes that have not been reported to the Office pursuant to Section 68(c) and (d).
§ 97
The Entrepreneur's Questionnaire
The Entrepreneur's Questionnaire contains the following items:
valid data which are entered in a commercial, trade or similar register or register, but always an indication of the birth number, if assigned, and the date, place, district and state of birth, even if they are not entered in such register or register;
b) name and surname, birth number, if assigned, and date, place, district and state of birth, company and identification number of partners or members of a business corporation with at least 10% share in the registered capital or voting rights of the entrepreneur or persons in the ownership structure of the entrepreneur up to a natural person holding at least 10% direct or indirect share in the registered capital or voting rights of the business corporation and persons exercising a decisive influence on entrepreneurs who do not have a share in the registered capital of the entrepreneur or on the voting rights of the entrepreneur,
c) name and surname, birth number, if assigned, and date, place, district and country of birth or company and silent partnership identification number of the entrepreneur,
d) the names of non-bank payment service providers, including foreign ones, and the numbers or other unique identifiers of accounts held with such persons in the Czech Republic and abroad, as well as the names of banks, foreign banks and credit unions and the numbers or other unique identifiers of accounts held with such persons abroad;
e) owns and leased real estate and commercial premises of the entrepreneur, in which there is a secured area pursuant to § 25, including the indication of their address,
f) data on the executed regular financial statements37), if the entrepreneur keeps accounts, or data to tax returns, if the entrepreneur keeps tax records, or if he applies expenses as a percentage of income under other legislation38), and the data on the regular financial statements verified by the auditor, if so provided by other legislation53)over the last 5 years,
g) liabilities arising from loan agreements or loan agreements where the entrepreneur is in default of instalments, concluded with entities with a licence, permit or registration issued by the Czech National Bank, entities operating on the basis of a single European licence, or with foreign banks, and borrowings and loans received from other legal or natural persons and loans and loans granted to natural or legal persons, in the last 5 years,
contracts or their proposals, the subject matter of which requires access to classified information, including a list of such classified information with an indication of its originator or provider, the classification level and specifications of the contract, including classified information of a foreign power to which the entrepreneur has access, and an indication of the number of classified information stored with the entrepreneur; in the case of the conclusion of a contract with an intelligence service, the data concerning such a contract shall be substantiated by the entrepreneur only by a written confirmation of the responsible person of the relevant intelligence service;
i) foreign business partners, with the exception of business partners from the Member States of the European Union, with a total financial volume of transactions exceeding CZK 2 000 000 in the last 5 years;
j) Czech business partners and business partners from the Member States of the European Union to the extent laid down in the implementing legislation,
k) information on the filing of an insolvency petition,
l) details of the decision on the insolvency petition,
m) details of the method of resolving bankruptcy,
n) data on the dissolution of the entrepreneur,
o) fulfilment of obligations towards the State pursuant to Section 17(2)(a) and (b),
p) the data of the responsible person of the entrepreneur, which are the name, surname, birth number, if assigned, date of birth and the position held with the entrepreneur,
criminal proceedings; and
r) a list of functions and persons presumed to have access to classified information, indicating their birth number, if assigned, and their classification level, and, in the case of notifications under Section 6 issued by the entrepreneur, the date of their issue.
§ 98
Security Documentation of the Entrepreneur
The security documentation of the entrepreneur provides for a system of protection of classified information with the entrepreneur, it must be stored with the entrepreneur, continuously updated and contains
a) specification of classified information to which the entrepreneur has access, including a list of such classified information with an indication of its originator or provider, classification level and specification of the contract, including classified information of a foreign power to which the entrepreneur has access, or confirmation pursuant to Section 97(h),
an analysis of the potential threat to classified information, appropriate and effective protective measures to reduce risks;
the methods of implementing the various types of ensuring the protection of classified information.
Document request
§ 99
(1) The application for a document shall contain, to the extent provided for in the implementing legislation, a written justification for the performance of a sensitive activity, consent to the conduct of proceedings and a statement of the truthfulness and completeness of the data.
(2) The application referred to in paragraph 1 shall include the following annexes:
a) completed questionnaire in electronic form,
documents attesting to the accuracy of the information given in the questionnaire to the extent and in the form laid down in the implementing legislation; this does not apply if the accuracy of the data can be attested on the basis of data held in the basic register or agenda information system, which are made available to the Office for the performance of the agenda, or on the basis of consent,
c) a declaration of non-disclosure of the materially and locally competent tax administrator and other persons involved in the tax administration pursuant to Section 52(2) of the Tax Code, to the full extent of the data for the purpose of conducting the proceedings,
if the natural person is a foreign national, the documents and declarations referred to in Section 13(2);
e) one photo by its implementation corresponding to the requirements under other legislation72) a
a justification for the performance of a sensitive activity confirmed by the responsible person or a person authorised by him or her to the extent specified in the implementing legislation.
(3) If a natural person is to carry out a sensitive activity immediately after the expiry of the validity of the document, he is obliged to apply to the Office for the issue of a new document at least 5 months before the expiry of the validity of the existing document.
(4) The application referred to in paragraph 3 shall comply with the requirements referred to in paragraph 1 and shall be accompanied by the annexes referred to in paragraph 2.
(5) The reason for carrying out a sensitive activity specified in the application for a document must last for the entire duration of the proceedings pursuant to Section 93(1)(a).
§ 100
Questionnaire
The questionnaire pursuant to Section 99(2)(a) shall contain the data set out in Section 95(1)(a) to (p), (r) and (s).
Revocation of a certificate of a natural person, a certificate of an entrepreneur or a document
§ 101
(1) Proceedings for the revocation of the validity of a certificate of a natural person, a certificate of an entrepreneur or a document shall be initiated by the Office if there is a reasonable doubt that the holder of such an authentic instrument continues to meet the conditions for its issue (Sections 12, 16 and 81).
(2) If the holder of a certificate of a natural person, a certificate of an entrepreneur or a document no longer fulfils the conditions for the issue of such an authentic instrument, the Office shall cancel its validity.
(3) Proceedings for the revocation of the validity of a natural person's certificate, entrepreneur's certificate or document may not be interrupted pursuant to Section 112 or discontinued pursuant to Section 113, except for discontinuance of proceedings pursuant to Section 113(1)(i) or (j).
Common provisions
§ 102
If an application under Sections 94, 96 or 99 does not have the prescribed particulars, the Office shall help the party to the proceedings to remedy the formal deficiencies of the application. If the deficiencies cannot be rectified on the spot, the Office shall immediately invite the party to the proceedings in writing to rectify the deficiencies of the request within 30 days from the date of receipt of the request; the letter of formal notice shall include information on the consequences of failure to remedy deficiencies in good time for the further course of the proceedings (Section 113(1)(c)).
§ 103
(1) The Office is entitled to require from the party to the proceedings, the holder of a certificate of a natural person, the holder of a certificate of an entrepreneur or a document to specify the data specified in the application pursuant to Sections 94, 96 and 99 and to provide additional data to verify compliance with the conditions for issuing a certificate of a natural person, certificate of an entrepreneur or document, if this is necessary for a complete and accurate determination of the actual state of the case. To this end, the Office shall invite the party to the proceedings in writing to submit this specification of data and the communication of additional data within 14 days and, in the application submitted pursuant to Section 96, within 30 days of the date of delivery of the request to the Office.
(2) The party to the proceedings, the holder of a certificate of a natural person, the holder of a certificate of an entrepreneur or the holder of a document is obliged to provide the Office with the necessary cooperation to verify the data held by the Office, to verify the fulfilment of the conditions for issuing a certificate of a natural person, a certificate of an entrepreneur or a document. For this purpose, the Office shall proceed in accordance with the second sentence of paragraph 1.
(3) In the course of the proceedings, the party to the proceedings is obliged to notify the Office without delay in writing of changes to the information contained in the application pursuant to Sections 94, 96 and 99; the limitation of the scope of notification of changes, as well as the method and form of their substantiation, shall be laid down in the implementing legislation.
§ 104
Witness
(1) Any person who is not a party to the proceedings is obliged to testify as a witness for the purpose of ascertaining the actual state of the case and identifying possible security risks and to attend a summons to the Office. It must be clear from the summons when, where and in what case the witness is to appear and what are the legal consequences of non-appearance (Sections 115 and 116). The witness must tell the truth and not hide anything. A witness may not be heard who would breach the protection of classified information or an obligation of confidentiality imposed or recognised by law, unless that obligation is waived. He or she may refuse to give evidence only if he or she is at risk of criminal prosecution against himself or herself or persons close to him or her.39). The dismissal may also be refused by a person close to the party.
(2) The Office shall, prior to the hearing, establish the identity of the witness and instruct him in accordance with paragraph 1 and on the legal consequences of an unjustified refusal, or false or incomplete witness statements (Section 116).
(3) A record of the testimony of the witness shall be drawn up. Section 105(5) and (6) shall apply mutatis mutandis to the preparation of the witness statement report.
(4) A witness may also be required to submit written observations on the facts stated by the Office. The signature of the witness must be on each side of the document containing his or her statement. In the following paragraphs 1, 2, 6 and 7 shall apply mutatis mutandis.
(5) the Office shall reimburse the witness for proven cash expenses under the law governing travel expenses40) and lost earnings. The claim must be filed within 5 days after the testimony, otherwise it expires. The witness must be informed of this in advance.
(6) A police or intelligence officer involved in the proceedings may not be heard as a witness.
(7) The testimony of a witness may not be substituted for acts in proceedings pursuant to Sections 107 to 109.
§ 105
Interview
(1) If facts arise in the course of the proceedings that need to be clarified in order to establish the reality of the case, the Office shall conduct an interview with the party to the proceedings; the Office shall always conduct an interview with the party requesting the issue of a top-secret natural person certificate.
(2) A party to the proceedings shall be summoned to the interview in writing, at least five days in advance. It must be clear from the summons when, where, in what case and for what reason the party is to appear and what are the legal consequences of non-appearance. The time-limit referred to in the first sentence may be shortened with the agreement of the party.
(3) During the interview, the party to the proceedings is obliged to testify in person; the lawyer or other representative of the party is not entitled to intervene in the course of the interview.
(4) Before the beginning of the interview, the party must be informed in writing of the significance and purpose of the interview, the manner in which it was conducted and the possible consequences of refusing to testify, or false or incomplete statements.
(5) A report shall be drawn up on the conduct of the interview. The record shall contain the place, time and content of the interview and data allowing the identification of the party, the official and other persons involved in the interview.
(6) The minutes shall be signed by the party to the proceedings, the official, the recorder and the interpreter, as the case may be; the signature of the party to the proceedings must appear on each page of the report. The refusal of signature and the reasons for such refusal shall be recorded in the Protocol. At the request of a party to the proceedings, the official shall issue a copy of the report. The interview may be recorded on an audio or video medium only with the consent of the party to the proceedings; the record shall always be made if a party to the proceedings so requests. This record is part of the security file (Section 124).
(7) Classified information shall not be disclosed during the interview.
(8) An interview with a party who has resided abroad for a long time may be replaced by his written observations. The Office shall inform the person concerned of the facts which are to be the subject of the observations and shall inform him or her in accordance with paragraph 4. The signature of the party must appear on each page of the written observations.
§ 106
Expert
(1) If an expert opinion is required for the professional assessment of the facts important for the decision, the Office shall appoint an expert41).
(2) The costs for the preparation of the expert opinion referred to in paragraph 1 shall be borne by the Office.
(3) The Office shall appoint an expert by order, which shall be served on the expert, and shall inform the party to the proceedings of the appointment of an expert in an appropriate manner. An appeal may not be lodged against a decision appointing an expert.
Proceedings
§ 107
Acts in the procedure for issuing a certificate of a natural person
(1) In proceedings for the issue of a certificate of a natural person at the level Confidential, the Office shall, in order to verify the conditions for the issue of such a certificate, request the necessary information from the competent authority of the State, a legal person or a natural person engaged in business activity, if they handle it.
(2) In proceedings for the issue of a certificate of a natural person for the classification of the Secret Office shall carry out the actions referred to in paragraph 1 and shall further verify the identity of the party to the proceedings. If the information obtained is not sufficient to decide the case and the Office is unable to verify or supplement it, it may be verified or supplemented, at the request of the Office, by an investigation by the competent intelligence service or police into a party to the proceedings, a spouse or a partner.52) and persons over the age of 18 living with the party in the household. The Office shall define in the request the circumstances in respect of which the investigation is to be carried out.
(3) In proceedings for the issue of a certificate of a natural person for the classification of a Top Secret Office shall carry out the actions referred to in paragraph 2 and shall further request the competent intelligence service to investigate the occurrence of security risks in the environment in which the party to the proceedings moves.
(4) If the information obtained in the procedure for issuing a certificate of a natural person at the level Confidential is not sufficient to decide on the case, the Office shall proceed in accordance with paragraphs 2 and 3. If the information obtained in the procedure for issuing a certificate of a natural person at the level Secret is not sufficient to decide on the matter, the Office shall proceed in accordance with paragraph 3. In such cases, the Office shall seek the written consent of a party to the proceedings and at the same time shall inform the party of the legal consequences that will arise if the Office does not receive the written consent. The Office shall specify in the request to the intelligence service or the police the circumstances in respect of which the investigation is to be carried out.
(5) For the purpose of the investigation carried out by the intelligence service or the police pursuant to paragraphs 2 to 4, the Office shall provide the information available to it on the subject of the investigation. The requests of the Office shall be complied with by the intelligence services and the police and shall report to the Office on the results of the investigations requested. The intelligence services and the police shall, in the report on the results of the investigation, comment on the subject matter of the investigation and provide further information in their possession which could have an impact on the outcome of the case.
(6) If the procedure is carried out on the basis of a request pursuant to Section 94(3), the Office is entitled to carry out acts pursuant to paragraphs 1 to 4. The provisions of the third sentence of paragraph 4 shall apply mutatis mutandis.
§ 108
Acts in proceedings for the issue of an entrepreneur's certificate
(1) In proceedings for the issue of an Entrepreneur's Certificate for the Confidential classification, the Office shall, in order to establish economic stability, security reliability, to verify the ownership relations of the Entrepreneur and to verify his ability to ensure the protection of classified information, request the necessary information from the competent authority of the State, a legal entity or a natural person engaged in business, if they handle it.
(2) In proceedings for the issue of an entrepreneur's certificate for the classification of the Secret Office shall perform the acts referred to in paragraph 1 and other acts to verify the business relationships of the entrepreneur.
(3) In proceedings for the issue of an Entrepreneur's Certificate for the classification level Top Secret, the Office shall perform the acts referred to in paragraph 2 and other acts to verify significant capital and financial relations of the Entrepreneur.
(4) For the purpose of verifying the conditions for issuing the certificate of the entrepreneur, officials are entitled to enter the objects, facilities, facilities or other premises and land of the entrepreneur and require the submission of the necessary documents by the entrepreneur.
(5) If the Office cannot verify the relationships referred to in paragraphs 1 to 3 or other facts to determine a possible security risk to the entrepreneur or his ability to ensure the protection of classified information, he may request their verification by the competent intelligence service or the police. The Office shall define in the request the circumstances in respect of which the investigation is to be carried out.
(6) For the purpose of the investigation carried out by the intelligence service or the police pursuant to paragraph 5, the Office shall provide the information available to it on the subject of the investigation. The intelligence services and the police shall comply with the requests of the Office referred to in paragraph 5 and report to it on the results of the investigations requested. The intelligence services and the police shall, in the report on the results of the investigation, comment on the subject matter of the investigation and provide further information in their possession which could have an impact on the outcome of the case.
(7) If the information obtained pursuant to paragraphs 1 or 2 in the procedure for issuing an entrepreneur's certificate for the relevant classification level is not sufficient to decide on the matter, the Office is entitled to ascertain them by the actions provided for in paragraphs 2 or 3 for the procedure concerning the higher classification level. In such cases, the Office shall seek the written consent of a party to the proceedings and at the same time shall inform the party of the legal consequences that will arise if the Office does not receive the written consent.
(8) If the procedure is carried out on the basis of a request pursuant to Section 96(3), the provisions of paragraphs 1 to 7 shall apply mutatis mutandis.
§ 109
Acts in the procedure for the application for a document
(1) In the procedure for applying for a document, the Office shall request the necessary information from the competent authority of the State, a legal person or a natural person doing business, if they handle it.
(2) If the information obtained pursuant to paragraph 1 is not sufficient to decide the case, it may be verified or supplemented by carrying out other necessary acts pursuant to Section 107, proportionate to the purpose of the proceedings; in such cases, the Office shall seek the written consent of the party to the proceedings and notify it of the legal consequences if the Office does not receive the written consent.
(3) If the procedure is carried out on the basis of a request pursuant to Section 99(3), the Office shall be entitled to carry out acts pursuant to paragraphs 1 and 2. The provisions of paragraph 2 of the part of the sentence after the semicolon shall apply mutatis mutandis.
§ 110
(1) During the period of validity of a certificate of a natural person, a document or a certificate of an entrepreneur, before issuing a certificate of a natural person for foreign power or a certificate of an entrepreneur for foreign power pursuant to Section 57, the Office shall verify, by means of proceedings, whether the natural person or entrepreneur continues to meet the conditions for issuing a certificate of a natural person, document or certificate of an entrepreneur.
(2) A natural person or entrepreneur is obliged to provide the necessary cooperation for the procedure of the Office pursuant to paragraph 1.
§ 111
When performing acts pursuant to Sections 107 and 108, Section 109(1) and Section 110, the Office is entitled to provide a state authority, a legal person or a natural person doing business to the extent strictly necessary with the necessary personal data relating to the requested information.
§ 112
Suspension of proceedings
(1) the Office shall suspend the proceedings by order, if
a) other proceedings are under way which resolve an issue relevant to the issue of a decision under this Act;
b) the party to the proceedings has been invited by the Office to remedy the deficiencies of the application of a natural person, the application of an entrepreneur, the application for a document or in dissolution within a specified period, or to supplement other data requested by the Office, or if he has been summoned for an interview;
c) the party to the proceedings has been invited by the Office to designate a responsible person within a specified period,
d) it is not possible to hear a witness whose testimony is important for the complete and accurate determination of the actual state of the case to the extent necessary for the decision,
a party to the proceedings requests a stay for a period not exceeding 60 days for a reason which has prevented him from participating in the proceedings on a long-term basis; a party to the proceedings on the request may request that the proceedings be stayed no more than twice; or
f) The Office issued a resolution on the appointment of an expert for the preparation of an expert opinion.
(2) The Office may, by means of an order, suspend the proceedings in the event of a refusal to inspect the file pursuant to Section 138(2).
(3) The proceedings shall be interrupted on the date of transmission of the order suspending the proceedings to the holder of the postal licence or special postal licence, on the date of personal receipt of such order by the party to the proceedings, if the Office delivers, or by delivery to the data box of the party to the proceedings54).
(4) An order to stay proceedings shall not be subject to appeal.
(5) During the stay of proceedings, the Office and the party to the proceedings shall take such steps as are necessary to eliminate the grounds for the stay referred to in paragraph 1. The Office shall resume the proceedings as soon as the obstacles for which the proceedings have been suspended have ceased to exist or, where appropriate, as soon as the time limit referred to in paragraph 1(e) has expired or the party to the proceedings has appeared for an interview. The party shall be informed of this in writing, except for the continuation of the procedure by means of an interview.
(6) For the duration of the stay of proceedings, the time limits referred to in Sections 117 and 131(6) shall not run.
§ 113
Suspension of proceedings
(1) the Office shall terminate the proceedings by order, if
a) the party to the proceedings has withdrawn the application under section 94, 96 or 99,
the party to the proceedings does not meet the conditions laid down in Section 12(1)(b) and (d) or Section 81(1)(b), (c) or (d);
c) the party to the proceedings has not remedied the deficiencies in the application of the natural person, in the application of the entrepreneur or in the application for a document within the prescribed time limit,
the party fails to appear again for the interview without an apology containing serious reasons;
e) the party to the proceedings has not given consent pursuant to Section 107(4), Section 108(7) or Section 109(2);
f) the party to the proceedings has not designated a responsible person within the specified time limit,
g) it is not possible to ascertain completely and accurately the actual state of the case to the extent necessary for the decision, because the party to the proceedings has been staying or staying in the territory of a foreign state for a long time,
h) a party to the proceedings has given a false or incomplete statement or does not provide any other necessary cooperation and on the basis of the given state of the case can not be decided,
a party to the proceedings has died, has been declared dead, has been dissolved or has ceased to exist; or
j) in proceedings for the revocation of the validity of a certificate of a natural person, a certificate of an entrepreneur or a document, his reason or object has disappeared.
(2) The Office may suspend security proceedings for the issue of a natural person's certificate or document on the basis of a notification by the person responsible pursuant to Section 67(1)(f) or Section 86(c).
(3) An order discontinuing proceedings pursuant to paragraph 1 (a), (b), (e), (f), (g), (i) and (j) shall not be subject to appeal.
Ensuring the purpose and conduct of the proceedings
§ 114
Summons
(1) The Office shall summon in writing persons whose personal participation in the case is necessary.
(2) In the summons, the Office shall notify the persons referred to in paragraph 1 of the legal consequences of non-appearance.
§ 115
Demonstration
(1) A witness who fails to appear at the Office without due apology or without serious reasons for a repeated summons, and without whose personal participation the proceedings cannot be carried out, may be at his expense brought in.
(2) The appearance of a witness shall be arranged at the request of the Police Office, in the case of a soldier in active service by the Military Police and in the case of a member of the security corps by the competent security corps.
§ 116
Penalty
(1) the Office may impose a civil fine
a) up to CZK 50 000 to a person who makes the procedure more difficult, in particular by not appearing without serious reasons at a written request to the Office, giving false or incomplete testimony or refusing to give testimony or present a document without justification;
up to CZK 500 000 to an authority of the State, a legal entity or a natural person doing business, for not providing, on request and free of charge, information requested by the Office for the purposes of proceedings pursuant to Section 117(6).
(2) The fine referred to in paragraph 1 may be imposed repeatedly. The total amount of civil fines imposed may not exceed CZK 100 000 in the case of a fine pursuant to paragraph 1(a) and CZK 1 000 000 in the case of a fine pursuant to paragraph 1(b).
Deadlines, time counting and delivery
§ 117
(1) the Office shall perform an act under section 121 in the case of proceedings for the issue of a certificate of a natural person from the date of its initiation within the period of
a) 2 months for the classification level Confidential,
(b)) 6 months for the classification Secret and
9 months for Top Secret.
(2) the Office shall perform the act referred to in section 121 in the case of the proceedings for the issue of the certificate of the entrepreneur shall end from the date of its initiation within the period of
6 months for Confidential;
(b)) 8 months for the classification Secret and
10 months for Top Secret.
(3) The Office shall perform the act referred to in Section 121 in the case of proceedings for the issue of a document within 75 days from the date of its commencement.
(4) The competent intelligence service and the police shall forward to the Office the results of the investigation carried out pursuant to the second sentence of Section 107(2) and Section 107(3) from the date of receipt of its request within a period of
a) 4 months for the classification level Secret,
6 months for Top Secret.
(5) the competent intelligence service and the police shall forward to the Office the results of the investigation carried out pursuant to Section 108(2) to (5) from the date of receipt of its request within the period of
a) 3 months for the classification level Confidential,
b) 4 months for the classification level Secret,
6 months for Top Secret.
(6) An authority of the State, a legal person or a natural person doing business is obliged to comply with its request for information free of charge within 30 days from the date of delivery of the request to the Office pursuant to Sections 107, 108 or 109.
(7) If a natural person consents to the verification of information pursuant to Section 107(4) or Section 109(2), or if an entrepreneur grants consent pursuant to Section 108(7), the relevant proceedings shall be subject to the time limits set for the classification level for the acts for which consent has been granted.
(8) The time limits referred to in paragraphs 1 to 6 shall not run for as long as a state of crisis is declared.
(9) In the case of a decision of the Director of the Office on appeal issued pursuant to Section 131(6), the time limits referred to in paragraphs 1 to 3 shall run from the date of service of the decision on the party to the proceedings.
§ 118
(1) If the intelligence service or the police cannot communicate the results of the investigation to the Office within the time limits referred to in Section 117(4) and (5), they shall notify the Office thereof, stating the reasons for non-compliance with those time limits.
(2) If an authority of the State, a legal person or a natural person doing business cannot provide information within the period referred to in Section 117(6), it shall notify the Office thereof.
(3) If the Office cannot, on the basis of the notification referred to in paragraph 1 or 2, decide within the time limits referred to in Section 117(1) to (3), the Director of the Office shall extend the time limit proportionately, but not more than twice, and inform the party of the proceedings in writing, stating the reasons.
(4) The period of extension of the period referred to in paragraph 3 may not be one-off longer than the period laid down for the conduct of proceedings pursuant to Section 117.
§ 119
(1) The Office shall determine a reasonable period of time for the party to the proceedings to perform the act, unless provided for by law and if necessary. The fixing of a time limit shall not jeopardise the purpose of the procedure. The order determining the time limit shall be notified only to the person to whom it is addressed or, as the case may be, to the person otherwise directly concerned.
(2) A party to the proceedings may submit a request for an extension of the time limit. The Office shall decide on such a request by means of a resolution which shall only be noted in the security file.
(3) The time limit does not include the day on which the event determining the beginning of the period occurred. The time-limits determined by month or year shall end on the expiry of the day which, in accordance with its designation, coincides with the date on which the event determining the beginning of the time-limit occurred or, if there is no such day in the month, on the last day of the month. If the end of the period falls on a non-working day, the last day of the period shall be the next working day.
(4) The deadline is maintained if the last day of the deadline is taken action at the Office, or if a postal item addressed to the Office, the holder of a postal licence or a special postal licence17) or a person who has a similar position in another State.
(5) In case of doubt, the time limit shall be deemed to be maintained unless proven otherwise.
(6) If a party to the proceedings misses a deadline for serious reasons, the Office shall remit the missed deadline by means of an order if the party to the proceedings so requests within 5 days from the day on which the cause of the missed deadline ceases to exist, and if the Office takes the missed action within the same deadline. The Office may grant suspensive effect to such a request. In the event that the Office waives the missed deadline, the resolution on the waiver of the missed deadline shall only be noted in the security file.
(7) The resolution on the application for remission of the missed time limit may not be appealed.
§ 120
Delivery
(1) Decisions and other documents shall be delivered by the Office itself, by delivery to the data box54) or through the holder of a postal licence or a specific postal licence, to whom from the postal contract17) there is an obligation to serve the document in a manner consistent with the requirements of this Act. Delivery abroad is usually carried out through the Ministry of Foreign Affairs. For members or staff of the armed forces and security forces, service abroad may be effected through the competent security director. All documents are delivered into their own hands. Where a party has a representative, documents shall be served only on the representative; in the case of personal acts, the documents are also served on the party to the proceedings. Service on the represented party shall have no effect on the running of the time-limits. In the event of discontinuance of proceedings pursuant to Section 113(1)(i), the decision shall not be served.
(2) If the addressee refuses to accept the document, the holder of the postal licence or special postal licence shall indicate this fact on the acknowledgement of receipt together with the date and return the document to the Office. The document shall be deemed to have been served on the date on which its receipt by the addressee was refused; if service is effected by the Office, the refusal to accept the document shall be marked on it in a similar manner.
(3) If the addressee has not been reached at the place of delivery, the courier shall deposit the consignment with the Office or at the locally competent place of business of the postal licence holder or special postal licence. The shipment is stored for 10 days. The addressee shall be invited to collect the document by inserting a notice in the mailbox or by any other appropriate means. If the addressee does not collect the document within 10 days of deposit, the last day of the period shall be deemed to be the date of service, even if the addressee has not learned of the deposit.
(4) The place of delivery for a natural person is the address in the territory of the Czech Republic designated by that person. If a natural person stays abroad for a long time in the state interest, the place of delivery may also be the address abroad.
(5) If the document is served on the addressee abroad, the time limits under this Act do not run at the time of service.
(6) A natural person may be served with the document wherever it is found. If a natural person refuses to accept a document, the procedure laid down in paragraph 2 shall be applied mutatis mutandis.
(7) A legal person and a natural person doing business shall be served with the document at the address of its registered office. The person responsible or an authorised employee receiving the documents shall be entitled to take over the document for the legal person.
(8) Persons of unknown residence or registered office and persons who demonstrably fail to deliver may be served by public decree. Service by public decree shall be effected by posting the document, or the notification of the possibility of taking over the document, on the official notice board of the Office and marking the date of posting on the document. On the fifteenth day following the date of posting, the document shall be deemed to have been served if the obligation to publish pursuant to paragraph 9 has also been fulfilled within that period.
(9) The Office shall establish an official notice board, which shall be continuously publicly accessible. The content of the official notice board shall also be published on the website of the Office.
Decision
§ 121
(1) If the Office complies with the request of a natural person, the request of an entrepreneur or the request for a document, it shall not issue a written decision. In such cases, the Office shall issue a certificate of a natural person, a certificate of an entrepreneur or a document and deliver it to a party to the proceedings; copies shall be placed in a security file (Section 124).
(2) If the Office does not comply with the request of a natural person, the request of an entrepreneur or the request for a document, it shall issue a decision on the non-issuance of a certificate of a natural person, a certificate of an entrepreneur or a document, which it shall establish in a security file and a copy thereof shall be delivered to the party to the proceedings.
(3) If the Office revokes the validity of a certificate of a natural person, a certificate of an entrepreneur or a document, it shall issue a decision to that effect, which shall be placed in a security file and a copy thereof shall be delivered to the party to the proceedings.
(4) In the case of proceedings carried out on the basis of a request from a competent authority of the European Union or an international organisation of which the Czech Republic is a member pursuant to Section 93(1)(c), the Office shall send a notification of the outcome of the proceedings to that authority.
Section 122
Elements of the decision
(1) The decision shall be issued in writing and shall contain the operative part, the reasoning and the information of the party to the proceedings. The Office shall immediately notify the party responsible of the enforceability of a decision served on a party to proceedings who is a natural person.
(2) The operative part shall specify the solution of the question which is the subject of the decision and the provisions of this Act according to which it was decided. Part of the operative part is also the designation of the party to the proceedings, which allows its identification. Where a natural person is a party to proceedings, that person shall be identified by his or her first name, surname and birth number. If the party to the proceedings is an entrepreneur, it is marked with a company name or name, or name and surname, and an identification number. The operative part may also include the determination of the deadline for compliance with the obligation imposed.
(3) The statement of reasons shall state the reasons for the decision, the documents for its issuance, the considerations followed by the Office in its evaluation and in the application of legislation. Where one of the reasons for the decision is classified information, the statement of reasons shall contain only a reference to the documents for the decision and their classification level. The considerations followed by the Office in its assessment and the reasons for its decision shall be given only to the extent that they are not classified information.
(4) The information shall state whether it is possible to file an appeal against the decision, within what period, from which date this period is calculated, who decides on the appeal, to whom it is filed, and the fact that the appeal does not have suspensory effect.
(5) The decision must also contain the designation of the Office, the date of issue, the imprint of the official stamp, the name, surname, function and signature of the employee of the Office who issued the decision.
(6) Correction of obvious inaccuracies in a written copy of the decision shall be made by the Office at any time of its own motion and shall inform the party to the proceedings thereof. If the correction concerns the operative part of the decision, the Office shall issue a corrective decision to that effect. An appeal may be lodged against the appeal decision.
§ 123
Legal force and enforceability of the decision
(1) A decision shall have the force of res judicata if it has been served and if it cannot be appealed against.
(2) At the request of a party to the proceedings, the Office shall indicate on a copy of the decision when the decision became final.
(3) A judgment shall be enforceable if it has the force of res judicata or if it has been served and the dissolution has no suspensive effect against it.
Section 123a
Resolution
The Office shall decide by order in the cases provided for in this Act. A resolution which is merely annotated in a security file shall become final upon such annotation and may be amended by the Office in the course of the proceedings by means of a new resolution; the new resolution shall only be noted in the security file. The party shall be informed in an appropriate manner of the order which shall be noted in the security file; in other cases, the order shall be notified by service. An appeal may be lodged against an order notified to a party, unless this Act provides otherwise. Submission of decomposition does not have a suspensive effect.
§ 124
Security volume
(1) The safety volume shall contain materials relating to the control and reporting of changes and shall bear a file mark; It is classified and unclassified. The security file shall consist of documents for the initiation of proceedings, minutes, records, copies of decisions and other documents relating to the case, including video and audio recordings and recordings on electronic media. The security volume shall contain an inventory of all its components, specifying the date on which they were introduced into the security volume.
(2) The Security Union shall be established, maintained, supplemented, registered and dissolved by the Office; shall be eliminated 11 years after the date of the last final decision in the proceedings. Intelligence agencies shall decommission their security files at the earliest 11 years after the date of the last final decision in the proceedings.
(3) The data contained in the security file may be used only for the purposes of performing tasks under this Act and shall not be provided under the Act governing free access to information.
(4) The employees of the Office who carry out the proceedings are obliged to maintain the confidentiality of the data specified in the security file, which they became acquainted with during the conduct of these proceedings or in connection with it, even after the termination of the employment relationship.
(5) At the request of the law enforcement authorities, the Director of the Office may, to the extent necessary, waive the confidentiality of the person referred to in paragraph 4.
Title III
Decay and judicial review
Basic provisions, deadlines for filing the decomposition and its particulars
§ 125
A party to proceedings shall have the right to file an appeal against a decision of the Office issued in proceedings if he has not waived this right in writing after service of the decision or if this Act does not provide otherwise.
§ 126
(1) The appeal shall be filed with the Office within 15 days of the date of delivery of the decision.
(2) In the event of missing, incomplete or incorrect information, dissolution may be filed within 3 months from the date of delivery of the decision.
(3) The Office shall remit for serious reasons the failure to comply with the time limit for filing the appeal if the party to the proceedings so requests within 15 days from the date on which the cause of the default ceased to exist, and at the same time file the appeal.
(4) The filing of an appeal against a decision revoking the validity of a certificate of a natural person, a certificate of an entrepreneur or a document does not have suspensive effect.
Section 127
(1) The decomposition submitted by a natural person must include his name, surname, social security number and address of permanent residence or address for the purpose of service, must be dated and signed.
(2) the decomposition submitted by the entrepreneur must contain its designation by the company or name and identification number and address of the registered office, or another address for service; if the entrepreneur is a natural person, the decomposition must include his/her first name and surname, or company name, social security number, if assigned, identification number and registered office address or address for the purpose of service. The decomposition must be dated and signed by the person or persons authorised to act on behalf of the entrepreneur.
(3) The appeal must also state against which decision it is directed, what the party is claiming and what is considered to be the inconsistency with the law or the inaccuracy of the contested decision. An appeal may not be brought solely against the statement of reasons for a decision.
(4) If the decomposition does not have the prescribed requirements, the Office shall invite in writing the person who submitted the decomposition to remedy the deficiencies. The letter of formal notice shall set a deadline for remedying the deficiencies, which shall not exceed 15 days, and shall draw the attention of the applicant to the legal consequences of not remedying the deficiencies.
Procedure of the Office prior to the decision of the Director of the Office
§ 128
(1) the Office shall reject the dissolution by decision, without its decision being signed by the Director of the Office, if
a) it cannot be filed under this Act, or
b) was filed after the expiry of the time limit pursuant to Section 126(1) or (2), unless the missed time limit pursuant to Section 126(3) was waived.
(2) The decision referred to in paragraph 1 may be appealed against.
§ 129
(1) The Office may decide on the decomposition itself, without its decision being signed by the Director of the Office, if the decomposition is fully complied with; if the Office accepts the appeal, it shall annul the contested decision.
(2) The decision referred to in paragraph 1 may be appealed against.
(3) If the Office does not decide on the decomposition pursuant to paragraph 1 or pursuant to Section 128(1), it shall submit it with its opinion and with all file material within 15 days of delivery of the decomposition to the Director of the Office.
Decision of the Director of the Office in decomposition proceedings
§ 130
(1) The decision on decomposition shall be taken by the Director of the Office on the basis of a proposal of the decomposition committee, unless it is a procedure pursuant to Section 128(1) or Section 129(1).
(2) The members of the appeal committee shall be appointed and dismissed by the Director of the Office. The appeal committee shall have at least five members. More than half of the members of the Commission must have completed a law university degree in a master's degree program in law and legal science. A member of the appeal committee must be a holder of a valid certificate of a natural person and a citizen of the Czech Republic. The appeal committee shall be established for a period of five years; the chairman of the appeal committee shall always be one of the members of that committee for one calendar year. The Appeals Board may act if an absolute majority of its members are present; the resolution shall be adopted by an absolute majority of its members present.
(3) The majority of the members of the appeal committee are employees of the State placed in bodies of the State other than the Office; this does not apply to the composition of the appeal committee in proceedings under Section 140(1)(a).
(4) membership in the appeal committee ends
the expiration of the term of office of this Commission;
b) removal from office,
c) renunciation of office,
the death or declaration of death of a person.
(5) For the activities in the appeal committee is not entitled to its member's remuneration. The Office may provide the members of the appeal committee with reimbursement of travel expenses under the law governing travel allowances40).
(6) The bias of a member of the appeal committee on the grounds referred to in Section 90(1) shall be decided by the Director of the Office by means of a resolution; dissolution is not permitted against this order. In the event that the Director of the Office finds that there are facts in a member of the appeal committee for which his or her impartiality can be doubted, he or she shall exclude that member of the appeal committee from the examination of that appeal.
§ 131
(1) In proceedings for appeal against a decision of the Office not to issue a certificate of a natural person, a certificate of an entrepreneur or a document, or a decision of the Office to discontinue proceedings, the Director of the Office shall terminate the proceedings and revoke the contested decision if:
a) the party to the proceedings has withdrawn the application under section 94, 96 or 99,
the party to the proceedings does not meet the conditions laid down in Section 12(1)(b) and (d) or Section 81(1)(b), (c) or (d); or
a party to the proceedings has died, has been declared dead, has been dissolved or has ceased to exist; the dissolution proceedings shall be discontinued on the date on which the discontinuance order, which shall only be noted in the security file, has become final.
(2) In proceedings for dissolution against a decision of the Office not to issue a certificate of a natural person, a certificate of an entrepreneur or a document, or a decision of the Office to discontinue proceedings, the Director of the Office shall terminate the proceedings for dissolution by means of a resolution, if:
a) the party to the proceedings has withdrawn the decomposition, or
the party has not remedied the deficiencies in the decomposition within the prescribed period.
(3) In decomposition proceedings against a decision of the Office to revoke the validity of a certificate of a natural person, a certificate of an entrepreneur or a document, the Director of the Office shall terminate the decomposition proceedings by means of a resolution, if:
a) the party to the proceedings has withdrawn the decomposition,
the party to the proceedings has not remedied the defects of the decomposition within the prescribed period; or
a party to the proceedings has died, has been declared dead, has been dissolved or has ceased to exist; the dissolution proceedings shall be discontinued on the date on which the discontinuance order, which shall only be noted in the security file, has become final.
(4) No appeal may be lodged against the Director's decision under paragraphs 1 to 3. On the date on which the decision of the Director of the Office terminating the appeal proceedings pursuant to paragraphs 2 and 3 becomes final, the contested decision shall also become final.
(5) The contested decision shall be revoked by the Director of the Office if he fully complies with the appeal filed against the decision revoking the validity of the certificate of a natural person, the certificate of an entrepreneur or the document.
(6) the contested decision the Director of the Office shall cancel and return the case for reconsideration and decision, if
has been issued in breach of the law or is incorrect; or
after the decision has been taken, facts have occurred which have an impact on the decision.
(7) The Director of the Office shall reject the appeal and confirm the decision, unless he finds a reason for the procedure under paragraphs 1 to 6.
(8) The Director of the Office shall also express a legal opinion in the grounds of the decision on dissolution pursuant to paragraph 6, which is binding on the Office when reconsidering the case, unless this legal opinion becomes devoid of purpose due to a change in the legal situation or factual circumstances. When reconsidering the case, the Office may use the documents of the original decision, including the documents of the decision on dissolution, unless this is precluded by the reason for the proceedings.
(9) The Director of the Office shall decide on the decomposition within 3 months from the date of delivery of the decomposition.
Section 132
On the date on which the decision to dissolve pursuant to Section 129(1) or Section 131(5) or (6) becomes final, the validity of the revoked natural person’s certificate, entrepreneur’s certificate or document shall be renewed. At the same time as the decision on dissolution is taken, the party’s certificate of natural person, certificate of entrepreneur or document submitted pursuant to Section 66(1)(b), Section 68(a) or Section 87(1)(a) shall be returned to the party to the proceedings; the period of validity of the certificate or document shall be maintained.
Title IV
Judicial review and final provisions
§ 133
(1) an action under other legislation42) may be filed against a decision of the Director of the Office pursuant to Section 131(2)(b), Section 131(3)(b) and Section 131(5) to (7).
(2) The taking of evidence in judicial proceedings shall be carried out in such a way as to investigate the obligation of confidentiality of classified information contained in the results of investigations or in data from the records of intelligence services or the police. Such circumstances may be proved by examination only if the person subject to the obligation of confidentiality has been released from that obligation by the competent authority; confidentiality shall not be waived only where there is a risk of jeopardising or seriously disrupting the activities of the intelligence services or the police; reasonable progress shall also be made in cases where evidence is taken other than by examination.
(3) The Office shall identify the circumstances referred to in paragraph 2 which it claims cannot be exempted from confidentiality, and the President of the Chamber shall decide that the parts of the file to which these circumstances relate shall be separated if the activities of the intelligence services or the police may be jeopardized or seriously disrupted; the parties, their representatives and the persons involved in the proceedings may not consult the separate parts of the file. In the rest there are no provisions of special legislation42) the taking of evidence, marking and consultation of parts of the file.
§ 134
Unless otherwise provided for in Sections 125 to 132, the provisions of Sections 89 to 124 shall apply mutatis mutandis to decomposition proceedings.
Title V
Enabling provisions
§ 135
The implementing legislation shall provide for:
a) model instructions pursuant to Section 58(5),
b) models and methods of submitting applications pursuant to Section 93(1)(a) and (b),
c) the scope and form of documents pursuant to Section 94(2)(b),
d) the scope of the data of the entrepreneur's questionnaire in the case of a request pursuant to Section 96(4),
e) the template of the questionnaire of a natural person pursuant to Section 95 and the scope of the data required for the items of the questionnaire,
f) the scope and form of documents pursuant to Section 96(2)(c) and their particulars, the scope of data pursuant to Section 97(j) and the model of the entrepreneur's questionnaire pursuant to Section 97,
g) the scope and form of documents pursuant to Section 99(2)(b) and the template of the questionnaire pursuant to Section 100 and the scope of the data required for the items of the questionnaire;
h) the scope of the written justification pursuant to Section 94(1), Section 94(2)(f), Section 96(1), Section 99(1) and Section 99(2)(f),
j) limitation of the scope of reporting changes to data, as well as the manner and form of their substantiation, pursuant to Section 66(1)(d), Section 68(c) and (d), Section 87(1)(c) and Section 103(3),
k) a model for the waiver of confidentiality pursuant to Section 94(2)(e), Section 96(2)(d) and Section 99(2)(c).
PART FIVE
PERFORMANCE OF THE STATE ADMINISTRATION
§ 136
(1) State administration in the field of the protection of classified information and security capability shall be carried out by the Office, which is a central administrative authority, unless this Act provides otherwise.
(2) The Office shall be headed by a Director, who shall be appointed by the Government after discussion in the Committee of the Chamber of Deputies competent in matters of security, which shall also dismiss him.
(3) The Director of the Office shall be accountable to the Prime Minister or an authorized member of the Government.
(4) The provision of salary and remuneration from agreements on work performed outside the employment relationship of the employees of the Office shall be governed by the Labour Code and the Salary Code of the Office. The salary regulations of the Office shall be issued by the Director of the Office after its approval by the Budget Committee of the Chamber of Deputies.
Section 137
Office
Office
a) decides on the application of a natural person, the application of an entrepreneur and the application for a document, and on the revocation of the validity of the certificate of a natural person, the certificate of an entrepreneur and the document, and issues certificates for foreign power, except in the cases provided for in this Act [Section 140(1)(a) and Section 141(1)], and issues certificates of a natural person pursuant to Section 56a;
b) performs control in the field of protection of classified information and security capacity (Section 143) and methodological activities, except in the cases provided for by this Act (Section 143(4));
c) performs tasks in the field of the protection of classified information in accordance with the obligations arising from the membership of the Czech Republic in the European Union, the North Atlantic Treaty Organization and from international treaties by which the Czech Republic is bound, and carries out, at the request of the security authority of a member state of the North Atlantic Treaty Organization, the European Union or another state with which the Czech Republic has concluded an international treaty that has the protection of classified information, the acts of proceedings against a person who is inspected in that state for access to classified information;
d) maintains a central register and approves the establishment of registers in the authorities of the State, in the case of legal persons pursuant to Section 60b and in the case of entrepreneurs,
authorise, in specified cases, the release of classified information in international relations;
f) issue, at the written request of the responsible person or the security director, courier sheets and, in justified cases, arrange for the transport of classified information, with the exception of classified information provided pursuant to Section 78(1);
g) performs certification of the technical device,
h) issue safety standards,
i) imposes administrative penalties for failure to comply with the obligations laid down in this Act,
j) decides on other matters and performs other tasks in the field of protection of classified information and security capabilities provided for by this Act,
k) publishes the Bulletin of the Office, which publishes on its website and
l) maintains and publishes on its website a list of certificates of natural persons, certificates of entrepreneurs and documents whose holders are entitled to have access to classified information pursuant to Section 60a or to carry out sensitive activities or to have access to classified information classified at the level reserved pursuant to Section 80a; and
(m)provide research and development in the field of the protection of classified information.
Section 137a
National Cyber and Information Security Authority
National Cyber and Information Security Authority in the area of competence conferred on it by this Act
(a)provides examinations of special professional competence and issues certificates of special professional competence;
b) performs tasks in accordance with the obligations arising from the membership of the Czech Republic in the European Union, the North Atlantic Treaty Organization and international treaties by which the Czech Republic is bound, in selected areas of protection of classified information,
c) performs methodological activities,
d) ensures the activities of the National Centre for Communication Security, the National Centre for the Distribution of Cryptographic Material, the National Centre for Measuring Compromising Radiation and the National Centre for the Security of Information Systems that are part of it;
e) performs the certification and accreditation of the information system, the certification of the cryptographic product, the cryptographic workplace and the shielding chamber and approves the project of the security of the communication system;
f) provides research, development and production of national cryptographic products,
develops and approves national cryptographic algorithms and develops a national cryptographic protection policy;
detect compromising radiation where classified information is or will be present;
(i)determine, in cooperation with the intelligence services and the police, whether, in the area of negotiation, the unauthorised use of technical means intended to obtain information endangers or leaks classified information;
j) issues safety standards,
k) imposes administrative penalties for failure to comply with the obligations laid down in this Act,
l) decides on other matters and performs other tasks in the field of protection of classified information provided for by this Act,
m) maintains and publishes on its website a list of information system certificates, cryptographic products, cryptographic workplaces and shielding chambers whose validity has expired pursuant to Section 48(4)(b) and (d), Section 49(5)(b), Section 50(4)(b) and (d) or Section 51(4)(b) and (d);
analyse and monitor threats that may jeopardise the ability of an information or communication system to handle classified information and increase the risk of exploiting such threats; and
ensure research and development in the field of the protection of classified information.
Section 138
(1) the Office is in the performance of tasks under this Act entitled to
a) to process personal data to the extent necessary for the performance of tasks under this Act,
b) keep records of breaches of the protection of classified information, records of security directors, records of natural persons and entrepreneurs who have access to classified information, with the exception of members and employees assigned to intelligence services and selected police officers, records of natural persons who hold a document;
c) request the provision of information free of charge to an authority of the State, a legal person or a natural person doing business, and use and record such information;
d) for the purposes of the proceedings to request from the police and intelligence services information obtained by means of procedures pursuant to a special legal regulation43),
e) require a copy from the Criminal Register11) and from the Register of Offences kept by the Criminal Register; a request for a copy from the Criminal Register and the Offences Register and a copy from the Criminal Register and the Offences Register shall be transmitted in electronic form in a manner allowing remote access;
f) to inspect criminal and judicial files and files kept by another public authority in the exercise of its powers and to make extracts and copies of them,
g) to provide, to the extent necessary, an authority of the State, a legal person or a natural person doing business with the necessary personal data relating to the requested information,
h) to conclude a contract with a state authority or entrepreneur to perform partial tasks in the certification of technical means,
i) store in its information systems data obtained in the performance of tasks under this Act,
j) to cooperate in the conduct of proceedings with an office of a foreign power competent for the protection of classified information, in particular to request information on a party to the proceedings;
k) comment on the notification pursuant to Section 69(1)(r) within 30 days from the date of its delivery and provide an overview of these notifications and comments on them to the Office for the Protection of Competition; and
l) for the decision-making of an intelligence service pursuant to Section 140(1), on the basis of its written request, to carry out acts pursuant to Section 107(1).
(2) The intelligence service may refuse to consult its files in accordance with paragraph 1(f). In addition, access to the files referred to in paragraph 1(f) may be refused if their disclosure would jeopardise an important interest pursued by the public authority keeping the file and, after the ground for refusal has ceased to exist, the public authority shall make the file available to the Office for inspection. A security volume kept in accordance with Section 124 is excluded from inspection.
(3) the Office provides
a) the intelligence services and the Ministry of the Interior once a month list
1. certificates of natural persons, certificates of entrepreneurs and documents indicating the date of validity and the date of expiry of their validity,
2. persons in respect of whom it has decided not to issue the authentic instrument referred to in paragraph 1 or whose validity of that instrument has been revoked; and
3. entrepreneurs for which he has received a declaration of the entrepreneur pursuant to Section 15a(2) or (3); and
the police, the General Inspectorate of Security Forces, the General Directorate of Customs and the Military Police once a month the list referred to in subparagraphs (a)(1) and (3).
(4) The manner of protection of information provided under paragraph 3 (b), its provision and the conditions for further handling shall be determined by agreement between the Office and the authorities referred to in paragraph 3 (b).
(5) the Office shall issue a service card to the employee, which certifies that its holder is an employee of the Office; the model service card shall be laid down in implementing legislation.
(6) the National Office for Cyber and Information Security in the performance of tasks under this Act is entitled to activities under paragraph 1 (a), (c), (g) and (i), and is also entitled to
keep records of natural persons holding certificates of specific professional competence, records of breaches of protection of classified information and records of cryptographic protection personnel and couriers of cryptographic material;
b) to conclude a contract with a state authority or entrepreneur to perform partial tasks in the certification of information systems, cryptographic products, cryptographic workplace, shielding chambers, to conduct training of special professional competence of cryptographic protection personnel and to detect the possibility of the occurrence of compromising radiation where classified information will be present, and to carry out the production of cryptographic products; and
c) keep a certification file of the information system, cryptographic device, cryptographic workplace and shielding chamber, keep a list of controlled cryptographic items and keep documentation for carrying out activities pursuant to Section 45.
Section 138a
cancelled
Section 138b
Cooperation between the Office and the National Cyber and Information Security Authority
The National Cyber and Information Security Office shall transmit to the Office without undue delay the notification received pursuant to Section 34(6), Section 43(2) or Section 69(1)(f) and (h).
Section 138c
The Ministry of the Interior, the Police, the General Inspectorate of Security Forces, the General Directorate of Customs and the Military Police shall immediately notify the Office of circumstances indicating that the holder of a certificate of a natural person, the holder of a certificate of an entrepreneur or the holder of a document no longer fulfils the conditions for its issue.
§ 139
The Government shall establish by regulation a catalogue of areas of classified information. The Classified Information Areas Catalogue shall specify one or more classification levels by which classified information may be classified.
§ 140
Intelligence services
(1) Intelligence Services
decide on the application of a natural person in the case of its members, employees and applicants for admission to the service or basic employment relationship, with the exception of applicants for admission to the service or basic employment relationship who hold a certificate of a natural person at least for the required classification level, and on the revocation of the validity of the certificate of that natural person and issue the certificate of a natural person under Section 56a and the certificate of a natural person for foreign power under Section 57; a natural person is also a person who applies for inclusion in an active reserve, a former professional soldier who is to be included in an active reserve, and a soldier in an active reserve, if they are to perform service in the service of the Military Intelligence and do not also hold a certificate of a natural person issued by the Office,
b) at the written request of the Office, within the scope of its competence, conducts investigations pursuant to this Act.
(2) The intelligence services shall have the position of the Office in the decision-making referred to in paragraph 1(a) and the responsible person of the intelligence service shall have the position of the Director of the Office. Jurisdiction to perform acts is governed by Section 5 of Act No. 153/1994 Coll., on Intelligence Services of the Czech Republic, as amended.
(3) Intelligence services shall, when performing tasks under this Act, immediately notify the Office if they find circumstances suggesting that the holder of a certificate of a natural person, the holder of a certificate of an entrepreneur or a document no longer meets the conditions for their issue, unless this would jeopardize the interest pursued by the intelligence service.
(4) the intelligence services are in the performance of tasks under this Act entitled to
a) use the means to obtain information under special legislation44),
b) use data from its records and data from records provided by the Office,
c) request and use data from records and materials arising from the activities of security
and the military authorities of the Czechoslovak State,
d) to process personal data,
e) keep records,
f) request and use information free of charge from an authority of the State, a legal person or a natural person doing business;
g) require a copy and an extract from the Criminal Register11) and a copy from the register of offences; a request for a copy or extract from the Criminal Register or a copy from the Criminal Register and a copy or extract from the Criminal Register or a copy from the Criminal Register shall be transmitted in paper form or in electronic form, in a manner allowing remote access;
h) store in information systems data obtained in the performance of tasks under this Act,
i) implement measures for the record-keeping protection of personal data of a natural person; and
j) use data from the register of persons who have been granted access to classified information pursuant to Section 58(4);
in connection with the procedure referred to in paragraph 1(a), request further information in addition to the items of the questionnaire referred to in Section 95(1) to the extent necessary to verify the conditions for issuing the certificate of a natural person; and
l) to inspect criminal and judicial files and files kept by another public authority in the exercise of its powers and to make extracts and copies of them.
(5) The intelligence service may refuse to consult its files in accordance with paragraph 4 (b). Consultation of the files referred to in point (l) of paragraph 4 may also be refused where their disclosure would jeopardise an important interest pursued by the public authority keeping the file and, after the ground for refusal has ceased to exist, the public authority shall make the file available to the intelligence service for inspection. A security volume kept in accordance with Section 124 is excluded from inspection.
(6) The public authority, which is the administrator of the information system in which the relevant personal data are processed, is obliged to provide the intelligence services with the assistance necessary to implement the measures referred to in paragraph 4 (i).
(7) The Director of Intelligence shall issue consent pursuant to Section 59(3).
(8) In the proceedings referred to in paragraph 1(a), the provisions of the fourth sentence of Section 105(6), Section 105(7), Sections 112, 114 and 120 shall apply mutatis mutandis.
(9) the intelligence service may by resolution of the proceedings
a) suspend if it is refused access to the file in accordance with paragraph 5, or
to terminate if the reason for the proceedings referred to in paragraph 1(a) has ceased to exist due to lack of competence and the application of the natural person has not been withdrawn.
(10) If it is necessary because of a threat to the activities in the performance of the tasks in the scope of the intelligence service under another law56), the intelligence service may use specific procedures in the areas of administrative security, physical security, security of information or communication systems and cryptographic protection for the protection of classified information. Special procedures shall be established by the Government; the draft special procedures shall be submitted to the Government by the Intelligence Service through the relevant member of the Government, with the opinion of the Office, and in the case of special procedures in the field of security of information or communication systems and cryptographic protection of the National Cyber and Information Security Authority. The use of special procedures shall not jeopardise the protection of classified information. Special procedures shall not be used for handling European Union and North Atlantic Treaty Organisation classified information and classified information requiring a special handling regime.
Section 141
Ministry of Interior and Police
(1) the Ministry of the Interior decides on the application of a natural person in the case of police officers selected for the performance of serious police tasks by the Minister of the Interior, with the exception of police officers who hold a certificate of a natural person for at least the required level of classification, and on the revocation of the validity of the certificate of a natural person for such police officers and issues the certificate of a natural person under section 56a and the certificate of a natural person for foreign power under section 57; Similarly, the Ministry of the Interior decides on the application of a natural person who may be selected in order to perform serious tasks of the police by the Minister of the Interior.
(2) The Ministry of the Interior shall have the status of the Office when making decisions pursuant to paragraph 1, and the Minister of the Interior shall have the status of the Director of the Office.
(3) the Ministry of the Interior, when performing tasks under this Act, is further obliged to implement, at the request of the Office, measures for the registration protection of personal data of the holder of the certificate of a natural person or his spouse, partner52), the child or parents or persons cohabiting with him and the vehicle data operated or owned by those persons.
(4) in the performance of the tasks referred to in paragraphs 1 to 3, the Ministry of the Interior is entitled to
a) use data from its records and data provided by the Office from its records,
b) to process personal data,
c) keep records,
d) request and use information free of charge from an authority of the State, a legal person or a natural person doing business;
e) to request the opinion of the police on the security reliability of the selected police officer,
f) require a copy and an extract from the Criminal Register11) and a copy from the register of offences; a request for a copy or extract from the Criminal Register or a copy from the Criminal Register and a copy or extract from the Criminal Register or a copy from the Criminal Register shall be transmitted in paper form or in electronic form, in a manner allowing remote access;
g) to inspect criminal and judicial files and files kept by another public authority in the exercise of its powers and to make extracts and copies of them.
(5) The intelligence service may refuse to consult its files pursuant to paragraph 4(g). In addition, access to the files referred to in paragraph 4(g) may be refused if their disclosure would jeopardise an important interest pursued by the public authority keeping the file, and after the ground for refusal has ceased to exist, the public authority shall make the file available to the Ministry of the Interior for inspection. A security volume kept in accordance with Section 124 is excluded from inspection.
(6) the Ministry of the Interior may by resolution of the proceedings
a) interrupt if he is refused access to the file in accordance with paragraph 5, or
to terminate if the reason for the proceedings referred to in paragraph 1 has ceased to exist due to lack of competence and the application of the natural person has not been withdrawn.
(7) the police participates in the scope of its competence under a special legal regulation30) for the performance of the tasks of the Ministry of the Interior pursuant to paragraph 1; at the written request of the Office, within the scope of its competence, it also performs acts in proceedings.
(8) When performing tasks under this Act, the Police shall be entitled to use data from the records of persons who have been granted access to classified information pursuant to Section 58(4).
(9) The public authority, which is the administrator of the information system in which the relevant personal data are processed, is obliged to provide the Ministry of the Interior with the cooperation necessary to implement the measures referred to in paragraph 3.
(10) The Minister of the Interior issues consent pursuant to Section 59(3).
Section 142
(1) If a found document pursuant to Section 65(1) or a document pursuant to Section 87(2) has been handed over to the Office, the Police or the Embassy of the Czech Republic, that authority shall draw up a record of handover in which it shall mark the found document or document and indicate the name, surname, birth number and place of permanent residence of the person who handed over the found document or document and detail the circumstances under which that person obtained it. The police or the embassy of the Czech Republic, together with the record, shall hand over the document or document found to the Office. The Office shall deliver the classified information to its originator and deliver the certificate of the natural person, the certificate of the entrepreneur, the document, the certificate of the natural person for foreign power or the certificate of the entrepreneur for foreign power to the person to whom it is issued.
(2) For the purposes of the transmission of classified information pursuant to paragraph 1, a police officer or an employee working at the embassy of the Czech Republic shall be deemed authorised to access classified information to the extent strictly necessary for the preparation of the record and its delivery to the Office.
PART SIX
CONTROL
Section 143
(1) The Office in the field of the protection of classified information and security capacity checks how the authorities of the state, legal entities pursuant to Section 60b, entrepreneurs and natural persons (hereinafter referred to as "controlled persons") comply with the legislation in this area.
(2) In the exercise of control (hereinafter referred to as "control officers"), the staff of the Office shall have access to classified information within the scope of the control carried out, provided that it is demonstrated by a valid certificate of a natural person for the relevant classification level.
(3) The Office of a Foreign Power, which has the competence to protect classified information, is entitled to participate in the control in the field of the protection of classified information provided by it to the Czech Republic, if it follows from the obligation of the Czech Republic's membership in the European Union, or if provided for by an international treaty by which the Czech Republic is bound.
(4) The activities of intelligence services and the activities of the Ministry of the Interior in cases under Section 141 shall not be subject to control under this Act.
(5) In the event of an inspection that interferes with the scope of protection of classified information, the state administration of which under this Act is carried out by the National Cyber and Information Security Office, its representative will be invited to the inspection.
§ 144
Remedial measures
(1) Control officers shall be entitled to take urgent measures to ensure the protection of classified information, including the withdrawal of classified information, the revocation or reclassification of classified information or the marking of classified information, when they become aware of an infringement of legislation on the protection of classified information and security clearance of an inspected person. They shall issue a certificate of withdrawal to the inspected person. They shall also be entitled to request that the deficiencies identified be remedied within a specified period.
(2) The costs associated with the implementation of the measures referred to in paragraph 1 shall be borne by the inspected person.
(3) Everyone is obliged to comply with the instructions of the control officer when taking urgent measures pursuant to paragraph 1.
SEVENTH PART
CONTROL OF AUTHORITY ACTIVITIES
§ 145
(1) Control of the activities of the Office shall be exercised by the Chamber of Deputies, which shall set up a special supervisory authority for this purpose (hereinafter referred to as the "control authority").
(2) The supervisory body shall consist of at least seven members. The Chamber of Deputies shall determine the number of members in such a way that each parliamentary group constituted according to its membership of a political party or political movement for which Members have stood as candidates in elections is represented; The number of members is always odd. Only a member of the Chamber of Deputies may be a member of the supervisory body.
(3) Unless otherwise provided for in this Act, special legislation shall apply to the conduct of the supervisory body and to the rights and obligations of its members mutatis mutandis.46). The rules of control shall not apply to the conduct of the inspection body and to the rights and obligations of its members.
(4) Members of the supervisory body may enter the premises of the Office accompanied by the Director of the Office or an employee authorized by him.
(5) the Director of the Office submits to the supervisory body
a) a report on the activities of the Office,
b) a report on individual proceedings on an application by a natural person, an application by an entrepreneur and a request for a document and on the revocation of the validity of a certificate of a natural person, a certificate of an entrepreneur or a document [Section 137(a)],
the Office's draft budget;
d) documents necessary for the control of the implementation of the budget of the Office,
the internal rules of the Office.
(6) The supervisory authority is not entitled to interfere with the personnel powers of the Office's managers and to replace their management activities.
§ 146
(1) If the supervisory authority considers that the activities of the Office unlawfully restrict or impair the rights and freedoms of citizens or that the decision-making activities of the Office within the proceedings are vitiated by defects, it is entitled to request from the Director of the Office the necessary explanation.
(2) Any violation of the law by an employee of the Office in the performance of duties under this Act, which the supervisory body finds during its activities, is obliged to notify the Director of the Office and the Prime Minister.
Paragraph 147
The obligation of confidentiality imposed on the members of the inspection body by law shall not apply in cases where the inspection body submits a notification pursuant to Section 146(2).
PART EIGHT
TRANSFERS
Section 148
(1) a natural person commits an offence by
a) fails to notify, as a party to the proceedings pursuant to Section 103(3), a change to the information given in the application of a natural person or in the application for a document;
b) fails to hand over the document found pursuant to Section 65(1) or the document found pursuant to Section 87(2);
c) violates the obligation to maintain confidentiality of classified information,
d) allow access to classified information to an unauthorized person,
e) performs the function of security director in violation of Section 71(4) or (5),
f) performs cryptographic protection without being a cryptographic protection worker meeting the requirements laid down in Section 38(2);
g) performs the operational operation of a cryptographic product without meeting the requirements laid down in Section 40(2);
h) transports cryptographic material without being a courier of cryptographic material meeting the requirements laid down in Section 42(1);
i) ensure access to classified information without fulfilling the conditions under Section 6(1), Section 11(1) or Section 57(1);
j) removes a certified cryptographic product from the territory of the Czech Republic without the permission of the National Cyber and Information Security Authority;
k) handles cryptographic material in a manner other than that specified in Section 38(1), Section 40, Section 41(3) or Section 42 without fulfilling the conditions under Section 42a; or
l) does not discuss classified information in the negotiation area in accordance with Section 24(4) or discusses it in the negotiation area that does not meet the specified requirements.
(2) An attempt to commit an offence under paragraph 1(d), (i) and (j) shall be punishable.
(3) The offense referred to in paragraph 1(b) and (c) shall also be committed by the instructor or helper.
(4) for an offence can be imposed a fine to
a) CZK 50 000 in the case of an offence referred to in paragraph 1(a) and (l),
CZK 100 000 in the case of an offence referred to in paragraph 1(b) or (e);
c) CZK 500 000 in the case of an offence under paragraph 1(f), (g), (h) or (k),
d) CZK 1 000 000 in the case of the offence referred to in paragraph 1(i);
CZK 5 000 000 in the case of an offence referred to in paragraph 1(c), (d) or (j).
Section 149
(1) a natural person who has access to classified information, commits an offence by
a) does not register or record classified information in administrative aids pursuant to Section 21(5);
make a copy, copy or translation of classified information without the consent referred to in Section 21(6);
c) transmits classified information in violation of Section 21(8),
d) lends, transports or transmits classified information in violation of Section 21(7) or (9);
e) cancel or change the classification level without the consent of the originator or providing foreign power;
fails to comply with the requirements for processing or storing classified information pursuant to Section 24(5) or (6);
g) handles classified information in an information system that is not certified or accredited by the National Cyber and Information Security Authority or is not certified for the relevant classification level or is not approved in writing by the person responsible or a person authorised by that person;
h) handles classified information in a communication system whose security project is not approved by the National Cyber and Information Security Authority or is not approved for the classification level of the classified information sent;
i) processes classified information in violation of the Security Operational Directive issued pursuant to Section 36(2)(a);
j) does not register cryptographic material in the administrative aids of cryptographic protection,
k) manipulates cryptographic material in violation of Section 41(2) or (4); or
(l)notify the loss or unauthorised destruction of a medium containing classified information.
(2) The offense referred to in paragraph 1(a), (b), (e), (g) and (h) shall also be committed by the organizer, guide or helper.
(3) for the offense can be imposed a fine to
CZK 500 000 in the case of an offence referred to in paragraph 1(a), (b), (c), (d), (e), (f), (g), (h) or (l);
CZK 1 000 000 in the case of an offence referred to in paragraph 1(i), (j) or (k).
§ 150
(1) a natural person who holds a certificate of a natural person, commits an offence by
a) does not surrender an invalid certificate of a natural person pursuant to Section 66(1)(b);
b) fails to report the loss, theft or damage of a natural person's certificate pursuant to Section 66(1)(c);
(c)) does not immediately notify the change of the data specified in the application of a natural person pursuant to Section 66 (1) (d),
d) as the holder of a certificate of a natural person for a foreign power does not surrender an invalid certificate of a natural person for a foreign power pursuant to Section 57(11); or
e) as the holder of a natural person’s certificate for foreign power, fails to notify the loss, theft or damage of a natural person’s certificate for foreign power pursuant to Section 66(1)(c).
(2) A fine of up to CZK 50 000 may be imposed for the offence referred to in paragraph 1.
Section 151
(1) a natural person who is the holder of the notification, commits an offence by
a) fails to communicate a change in the conditions for issuing notifications referred to in Section 6(2)(a) or (c) or a change in the particulars contained in the notification; or
b) fails to submit an invalid notification pursuant to Section 9(6).
(2) A fine of up to CZK 30 000 may be imposed for the offence referred to in paragraph 1.
Section 152
(1) a natural person who is the holder of the document, commits an offence by
a) fails to submit an invalid document pursuant to Section 87(1)(a);
fails to report loss, theft or damage to a document pursuant to Section 87(1)(b); or
fails to notify a change to the information given in the application for a document pursuant to Section 87(1)(c).
(2) A fine of up to CZK 50 000 may be imposed for the offence referred to in paragraph 1.
Section 153
(1) an entrepreneur who has access to classified information, a legal person under section 60b or a state authority commits an offence by
a) fails to ensure, pursuant to Section 28(2) or (4), the security of an object in which a secure area of the reserved category is located;
in breach of Section 36(2)(a), fails to issue a security operating directive or fails to send the National Cyber and Information Security Authority information pursuant to Section 36(2)(b) about the operated equipment referred to in Section 36(1);
fails to ensure the written authorisation of a natural person to access classified information with a special handling regime marked "ATOMAL";
d) fails to establish and occupy the position of Security Director pursuant to Section 71(1) or to occupy the position of Security Director in violation of Section 71(4);
e) fails to notify the appointment of a security director in accordance with Section 71(2);
f) does not mark on classified information the particulars referred to in Section 21(2) to (4),
g) as the originator classifies and labels the classification level on the information, without it being possible to classify it under the item listed in the catalogue of areas of classified information or without its disclosure or misuse may cause harm to the interest of the Czech Republic or may be disadvantageous for this interest,
h) as the originator fails to notify the cancellation or change of the classification level pursuant to Section 22(6),
i) as the addressee of classified information does not notify the change or cancellation of the classification level pursuant to Section 22(6);
j) fails to ensure, pursuant to Section 28(1), (3) or (4), continuous surveillance of the premises in which the secure area or meeting area is located;
k) does not report a breach of duty in the protection of classified information,
l) does not process a physical security project pursuant to § 32,
m) does not keep any of the records provided for in Section 69(1)(j),
(n) does not submit classified information pursuant to Section 69(1)(n) for registration;
o) fails to ensure that the physical security measures applied correspond to the physical security project and the requirements established pursuant to Section 31;
p) does not mark as the originator the particulars referred to in Section 21(1) and (4), although the information can be classified under an item listed in the catalogue of areas of classified information and its disclosure or misuse may cause harm to the interest of the Czech Republic or may be disadvantageous for that interest,
q) as the originator does not cancel or change the classification level without delay in cases where the reason for the classification of the information has ceased to exist, the reasons for the classification do not correspond to the specified classification level or if the classification level has been determined unduly, or after receiving a notice pursuant to Section 22(9);
r) fails to ensure that the conditions laid down on the basis of Section 33 for storage and Section 23(2) for the recording, lending or transport of classified information or classified information with a special handling regime are created or otherwise handled;
s) operates an information system that is not certified by the National Cyber and Information Security Authority or is not approved in writing by the responsible person or a person authorised by it, or operates an information system of a foreign power that is not accredited by the National Cyber and Information Security Authority, or, contrary to Section 34(4), fails to implement other necessary security functions or measures or fails to notify the National Cyber and Information Security Authority of their implementation;
t) operates a communication system, the security project of which is not approved by the National Cyber and Information Security Authority,
does not stop the operation of an information system that does not comply with the conditions set out in the certification report or does not stop the operation of a communication system that does not comply with the conditions set out in the communication system security project;
v) uses for cryptographic protection a device that is not certified by the National Cyber and Information Security Authority or is not part of a foreign power information system accredited by the National Cyber and Information Security Authority, or uses a cryptographic workplace for a purpose other than that for which it was certified and approved for operation;
w) fails to ensure the exercise of cryptographic protection by a person who meets the requirements laid down in Section 38(2);
x) fails to ensure the operation of the cryptographic product by a person who meets the requirements laid down in Section 40(2);
(y) fails to ensure the transport of cryptographic material by a person who meets the requirements laid down in Section 42(1); or
z) fails to notify the compromise of cryptographic material pursuant to Section 43(2).
(2) an entrepreneur who has access to classified information, a legal person under section 60b or a state authority commits an offence by
a) does not establish a register or does not report changes to the register to the Office pursuant to Section 79(8)(f);
b) does not check classified information pursuant to Section 69(1)(m) kept in the register or does not notify its outcome to the Office;
c) send classified information classified as Top Secret, Secret or Confidential in violation of section 77,
d) enable the performance of a sensitive activity by a natural person who does not hold a valid document or certificate of a natural person or has not been recognised by a security authorisation issued by an authority of a foreign power;
e) fails to notify the destruction of classified information pursuant to Section 21(11) or Section 69(1)(u);
does not keep any of the records provided for in Section 69(1)(t).
g) does not process and maintain an overview of places or functions pursuant to Section 69(1)(b),
h) fails to ensure the sending of a copy of the instructions to the Office pursuant to Section 11(2),
i) does not immediately send the Office a copy of the entrepreneur's declaration pursuant to Section 15a(2),
j) allow access to classified information to an unauthorized person,
k) fails to ensure the handling of cryptographic material in a manner other than that specified in Section 38(1), Section 40, Section 41(3) or Section 42 by a person who meets the requirements laid down in Section 42a; or
l) does not discuss classified information in the negotiation area in accordance with Section 24(4) or discusses it in the negotiation area that does not meet the specified requirements.
(3) for the offense can be imposed a fine to
CZK 300 000 in the case of an offence referred to in paragraph 1(a), (b), (c), (d), (e), (f) or (g), or paragraph 2(g), (h) or (i);
CZK 500 000 in the case of an offence under paragraph 1(h), (i), (j), (k), (l), (m), (n) or (o) or paragraph 2(e) or (f);
CZK 1 000 000 for the offences referred to in paragraph 1(p), (q), (r), (s), (t), (u), (v), (w), (x), (y) or (z) or paragraph 2(a), (b), (c), (d), (j), (k) or (l).
Section 153a
(1) A contracting authority pursuant to Section 69(1)(r) and Section 69(3) shall be guilty of an offence by failing to notify the Office of the fact pursuant to Section 69(1)(r).
(2) A fine of up to CZK 2 000 000 may be imposed for the offence referred to in paragraph 1.
Section 154
(1) an entrepreneur who has access to classified information, commits an offence by
a) fails to hand over or pass on classified information pursuant to Section 56(2);
b) does not update the security documentation of the entrepreneur under section 98,
c) provide classified information classified as reserved to a foreign partner in violation of Section 73(b),
d) provide classified information classified as Top Secret, Secret or Confidential to a foreign partner in violation of Section 73 (a),
e) removes a certified cryptographic product from the territory of the Czech Republic without the permission of the National Cyber and Information Security Authority;
f) does not immediately send the Office a copy of the entrepreneur's declaration pursuant to Section 15a(2) or the entrepreneur's declaration pursuant to Section 15a(3), or
g) fails to notify the Office or the provider of the reserved information in writing of the termination of the entrepreneur's declaration pursuant to Section 15a(6).
(2) for an offence may be imposed a fine to
a) CZK 300 000 in the case of an offence under paragraph 1(f) or (g).
CZK 1 000 000 in the case of an offence referred to in paragraph 1(a), (b) or (c);
c) CZK 5 000 000 in the case of an offence under paragraph 1(d) or (e).
Section 155
(1) an entrepreneur who is the holder of the certificate of the entrepreneur, commits an offence by
a) fails to hand over, in accordance with Section 68(a), the certificate of the entrepreneur whose validity has expired,
b) fails to notify pursuant to Section 68(b) the loss, theft or damage of the entrepreneur's certificate,
c) fails to notify, pursuant to Section 68(c), a change to the information referred to in Section 97(a), (b), (c) or (q) or in Section 98(c);
d) fails to notify, in accordance with Section 68(d), a change to the particulars of the entrepreneur's application,
e) as a holder of a certificate for foreign power does not surrender an invalid certificate of entrepreneur for foreign power pursuant to Section 57(11);
f) as the holder of a certificate for foreign power does not notify under section 68(b) the loss, theft or damage of the certificate of the entrepreneur for foreign power,
g) fails to ensure the protection of classified information upon termination of the validity of the entrepreneur's certificate in accordance with the procedure referred to in Section 56(2), or
h) fails to send, pursuant to Section 68(f), a decision approving the draft terms of conversion pursuant to the Act on Transformations of Commercial Companies and Cooperatives.
(2) for an offence may be imposed a fine to
a) CZK 50 000 in the case of an offence referred to in paragraph 1(a), (b), (c), (d), (e), (f) or (h);
CZK 100 000 in the case of an offence referred to in paragraph 1(g).
(3) A fine from CZK 10,000 to CZK 70,000 shall be imposed if the entrepreneur commits an offence under paragraph 1(c), (d) or (f) repeatedly. The offence referred to in paragraph 1(c), (d) or (f) shall be committed repeatedly if 12 months have not elapsed between the date on which the decision on the same offence for which the accused was found guilty became final and the date on which it was committed.
Section 155a
(1) a legal person or a natural person doing business commits an offence by
a) enable the performance of a sensitive activity by a natural person who does not hold a valid document or certificate of the natural person or has not been recognised by a security authorisation issued by an authority of a foreign power;
ensure access to classified information classified as Reserved without fulfilling the conditions under Section 15(a) or Section 57(1), or on the basis of a declaration by an entrepreneur for which the conditions under Section 15a(1) have not been met; or
ensure access to classified information classified Confidential or above without fulfilling the conditions under Section 15(b) or Section 57(1).
(2) for an offence may be imposed a fine to
a) CZK 500 000 in the case of an offence referred to in paragraph 1(b);
CZK 1 000 000 in the case of an offence referred to in paragraph 1(a) or (c).
Section 155b
(1) The inspected person commits an offence by failing to comply with the instructions of the inspecting officer when carrying out urgent measures pursuant to Section 144(1).
(2) A fine of up to CZK 500 000 may be imposed for the offence referred to in paragraph 1.
Section 156
Common provisions on offences
Offences under this Act shall be dealt with and fines shall be collected by the Office, with the exception of offences under Section 148(1)(f) to (h), (j) and (k), Section 149(1)(g) to (k), Section 153(1)(b) and (s) to (z), Section 153(2)(f) and (j) and Section 154(1)(e), which shall be dealt with and for which fines shall be collected by the National Cyber and Information Security Authority.
PART NINE
TRANSITIONAL AND FINAL PROVISIONS
Section 157
Transitional provisions
(1) A classified information under the existing legislation shall be considered as classified information under this Act. Where existing legislation refers to classified information or to state and professional secrecy, this means classified information under this Act.
(2) The classification level determined in accordance with the existing legislation shall be deemed to be the classification level determined in accordance with this Act.
(3) On 1 January 2008, the classification levels of classified documents originating before 31 December 1992 shall be abolished, unless the responsible person provides otherwise in a specific case before 31 December 2007.
(4) A written record of a designation under the existing legislation shall be considered as an instruction under this Act.
(5) A certificate that the proposed person meets the conditions laid down for its issue, which has been issued under the existing legislation, shall be considered as a certificate of a natural person under this Act for the period of validity specified therein.
(6) Proof of the security capacity of a natural person, issued in accordance with the existing legislation, shall be considered as proof of the security capacity of a natural person under this Act, including its period of validity.
(7) For a period of 6 months from the date of entry into force of this Act, the notification of the fulfilment of the conditions for the designation of the proposed person for the level of classification Reserved, issued in accordance with the existing legislation, shall be considered as a verification of the fulfilment of the condition of legal capacity, age and integrity for allowing access by a natural person to classified information of the level of classification Reserved under this Act, if the responsible person or the person who provides the classified information to the natural person carries out its instruction within 1 month from the date of entry into force of this Act.
(8) For a period of 6 months from the date of entry into force of this Act, consent to the designation of a proposed person without prior security clearance issued under the existing legislation shall be deemed to be consent to one-off access to classified information for the classification level for which the proposed person is to be issued a certificate.
(9) A natural person who, prior to the date of entry into force of this Act under the existing legislation, acquainted himself with classified information only on the basis of information and did not hold a valid certificate may, from the date of entry into force of this Act, have access to classified information only if he holds a valid certificate of a natural person. This does not apply to a person who, under this Act, has access to classified information without a valid certificate of a natural person and without instruction.
(10) A certificate confirming a foreign power that a certificate has been issued to the proposed person or an organisation of a certificate that has been issued under the existing legislation shall, for the period of validity specified therein, be considered as a certificate of a natural person for a foreign power or a certificate of an entrepreneur for a foreign power, which confirms a foreign power that a security procedure has been carried out in the case of a natural person or entrepreneur and holds a valid certificate of a natural person or a certificate of an entrepreneur of a given classification level and, in the case of a certificate of an entrepreneur, the form of the appearance of classified information.
(11) Confirmation that the entrepreneur meets the conditions laid down for its issuance, which was issued under the existing legislation, shall be considered as a certificate of the entrepreneur under this Act for the period of validity specified therein.
(12) Consent to the provision of classified information between an organization and a foreign partner, which has been issued under the existing legislation, is considered to be an authorisation to provide classified information between the organization and a foreign partner outside the territory of the Czech Republic under this Act.
(13) A certificate of professional competence of a cryptographic protection worker issued under existing legislation shall be considered as a certificate of special professional competence of a cryptographic protection worker under this Act for the period of validity specified therein.
(14) A certificate of a technical device used to protect classified information, which has been issued in accordance with the existing legislation, shall be considered as a certificate of a technical device under this Act for the period of validity specified therein.
(15) A certificate of an information system used for handling classified information, which has been issued in accordance with the existing legislation, shall be considered as a certificate of an information system under this Act for the period of validity specified therein.
(16) A certificate of a cryptographic product used to protect classified information, which has been issued in accordance with the existing legislation, shall be considered as a certificate of a cryptographic product under this Act for the period of validity specified therein.
(17) A classified security standard that has been issued under existing legislation shall be considered a security standard under this Act.
(18) Security clearance commenced before the date of entry into force of this Act shall be completed in accordance with the existing legislation. Its completion shall be subject to the time-limit for carrying out a comparable procedure for the issue of a certificate under this Act, with the time-limit starting to run from the date on which this Act enters into force.
(19) Verification of safety capability commenced before the date of entry into force of this Act shall be completed in accordance with the existing legislation. Its completion shall be subject to the time-limit for carrying out the procedure for issuing a document under this Act, with the time-limit starting to run from the date on which this Act enters into force.
(20) Certification of a technical device, information system or cryptographic device initiated before the date of entry into force of this Act shall be completed in accordance with this Act.
(21) A complaint against the failure to issue a certificate, certificate or document submitted within the period prior to the date of entry into force of this Act shall be dealt with in accordance with the existing legislation.
(22) An appeal filed under the current legislation of the College in the area of protection of classified information, which was not decided before the date of entry into force of this Act, the College no longer deals with. In such cases, the College shall return all file material to the authority which submitted it within 5 working days of the date of entry into force of this Act. That authority shall inform the party in writing that he may bring an action against the decision of the Director of the Office; in such cases, the time limit for bringing an action shall run again from the date of receipt of the written notice.
(23) An action may be brought under this Act against a decision rejecting a complaint issued under existing legislation after the date of entry into force of this Act.
(24) Proceedings for the imposition of a fine initiated before the date of entry into force of this Act shall be completed in accordance with the existing legislation.
(25) A communication system that was operated before the date of entry into force of this Act may be operated until the approval of its security project, but for no longer than 12 months from the date of entry into force of this Act, if the responsible person of the authority within 3 months from the date of entry into force of this Act applies in writing for approval of its security project.
(26) A workplace in which cryptographic protection activities were carried out before the date of entry into force of this Act may be used for the exercise of cryptographic protection until its approval by the statutory body, but no longer than 12 months from the date of entry into force of this Act, and if the workplace is subject to certification, if a state authority or an entrepreneur within 3 months from the date of entry into force of this Act requests in writing to carry out its certification.
(27) The Shadowing Chamber, which was used by the Ministry of Foreign Affairs at the embassy of the Czech Republic to protect classified information before the date of entry into force of this Act, may be used by this Ministry to protect classified information until its certification, but no longer than 24 months from the date of entry into force of this Act, if the Ministry of Foreign Affairs within 3 months from the date of entry into force of this Act requests in writing to carry out its certification.
(28) The performance of security clearance of a natural person, security clearance of an organisation, certification of a technical means, certification of an information system, certification of a cryptographic device, verification of the security capacity of a natural person, issuance of a certificate confirming a foreign power that a certificate or organisation of confirmation has been issued to a proposed person, and the issuance of consent to the provision of classified information between an organisation and a foreign partner are governed by existing legislation only if the application has been handed over for postal transport or otherwise delivered or submitted no later than 45 days before the date of entry into force of this Act.
Section 158
Enabling provisions
The Office shall issue a decree implementing Section 7(3), Section 9(8), Section 15a(7), Section 23(2), Section 33, Section 53(a) and (f), Section 64, Section 75a(4), Section 79(8), Section 85(5) and Section 135. The National Cyber and Information Security Authority shall issue a decree implementing Section 34(6), Section 35(6), Section 36(4), Section 44 and Section 53(b) to (f).
Paragraph 159
The Code of Administrative Procedure shall apply only to proceedings under Title IX of Part Two, unless otherwise provided, to proceedings under Section 116 and to proceedings under Part Eight.
Section 160
Repeal provisions
The following is deleted:
- Act No 164/1999 amending Act No 148/1998 on the protection of classified information and amending certain acts.
- Act No 363/2000 amending Act No 148/1998 on the protection of classified information and amending certain acts, as amended.
- Act No 386/2004 amending Act No 148/1998 on the protection of classified information and amending certain acts, as amended.
- Government Regulation No 340/2002 establishing a list of certain sensitive activities.
- Government Regulation No 385/2003 laying down sensitive activities for the Castle Guard.
- Government Regulation No 31/2005 establishing a list of sensitive activities for civil aviation, as amended by Government Regulation No 212/2005.
- Government Regulation No 246/1998 establishing lists of classified information.
- Government Regulation No 89/1999 amending Government Regulation No 246/1998 establishing lists of classified information.
- Government Regulation No 152/1999 amending Government Regulation No 246/1998 establishing lists of classified information, as amended by Government Regulation No 89/1999.
- Government Regulation No 17/2001 amending Government Regulation No 246/1998 establishing lists of classified information, as amended.
- Government Regulation No 275/2001 amending Government Regulation No 246/1998 establishing lists of classified information, as amended.
- Government Regulation No 403/2001 amending Government Regulation No 246/1998 establishing lists of classified information, as amended.
- Government Regulation No 549/2002 amending Government Regulation No 246/1998 establishing lists of classified information, as amended.
- Government Regulation No 631/2004 amending Government Regulation No 246/1998 establishing lists of classified information, as amended.
- Decree No 137/2003 on the details of the determination and marking of the level of classification and on ensuring administrative security.
- Decree No. 245/1998 Coll., on Personality and Model Forms Used in the Field of Personnel Security.
- Decree No 397/2000 amending Decree No 245/1998 on personality capacity and specimen forms used in the field of personnel security.
- Decree No 263/1998 laying down the method and procedure for verifying the safety reliability of an organisation.
- Decree No. 12/1999 Coll., on ensuring the technical security of classified information and certification of technical means.
- Decree No 337/1999 amending Decree No 12/1999 on ensuring the technical security of classified information and the certification of technical means.
- Decree No. 56/1999 Coll., on ensuring the security of information systems handling classified information, the implementation of their certification and the requirements of the certificate.
- Decree No. 339/1999 Coll., on object safety.
- Decree No. 136/2001 Coll., on ensuring cryptographic protection of classified information, the implementation of certification of cryptographic products and the requirements of the certificate.
- Decree No 348/2002 on the safety capacity of natural persons.
Section 161
Effectiveness
This Act shall enter into force on 1 January 2006.
Zaorálek v. r.
Klaus v. r.
Paroubek v. r.
For example, Section 3 of Act No 219/2000 on the property of the Czech Republic and its performance in legal relations, amending certain acts in connection with the adoption of the Criminal Code
1) Section 2(7) of Act No 238/2000 on the Fire Rescue Service of the Czech Republic and amending certain acts, Section 55b(3) of Act No 49/1997 on civil aviation and amending and supplementing Act No 455/1991 on trade licensing (the Trade Licensing Act), as amended, as amended by Act No 258/2002.
2) Act No. 129/2000 Coll., on Regions (Regional Establishment), as amended.
3) Act No 131/2000 on the capital city of Prague, as amended.
4) Act No 128/2000 on municipalities (municipal administration), as amended.
5) Act No 154/1994 on the Security Information Service, as amended.
6) Act No. 289/2005 Coll., on Military Intelligence.
7) Act No. 6/1993 Coll., on the Czech National Bank, as amended.
8) The Commercial Code.
9) Section 2(2) of the Commercial Code.
10) Section 14(3) of the Criminal Code.
11) Act No 269/1994 on the Criminal Register, as amended by Act No 126/2003.
12) Section 68(1) of Act No 499/2004 on archiving and filing services and amending certain acts.
13) Section 3 of Act No. 153/1994 Coll., on Intelligence Services of the Czech Republic.
14) Section 68 of the Commercial Code.
15) Act No. 182/2006 Coll., on Bankruptcy and Methods of its Resolution (Insolvency Act), as amended.
17) Act No 29/2000 on postal services and amending certain acts (the Postal Services Act), as amended.
18) Section 7 et seq. of Act No 499/2004.
19) Section 10 of Act No. 153/1994 Coll.
20) Act No 240/2000 on crisis management and amending certain acts (the Crisis Act), as amended.
21) For example, Section 14(3) of Act No 219/1999 on the Armed Forces of the Czech Republic, Section 50a(1) of Act No 283/1991 on the Police of the Czech Republic, as amended by Act No 26/1993.
22) Act No 227/2000 on electronic signatures and amending certain other acts (the Electronic Signature Act), as amended.
24) Section 18(1) of Act No 153/1994 Section 15(2) of Act No 154/1994
25) Section 33f of Act No 13/1993, the Customs Act, as amended by Act No 1/2002. Section 23f of Act No 283/1991, as amended by Act No 265/2001.
26) Act No 137/2001 on special protection for witnesses and other persons in connection with criminal proceedings and amending Act No 99/1963, the Code of Civil Procedure, as amended.
27) Act No 361/2003 on the service relationship of members of the security forces, as amended.
28) Code of Criminal Procedure. Code of Civil Procedure. Code of Administrative Procedure.
28a) Act No 125/2008 on transformations of commercial companies and cooperatives.
29) For example, Act No 218/2002 on the service of civil servants in administrative offices and the remuneration of such employees and other employees in administrative offices (the Service Act), as amended, Act No 312/2002 on officials of territorial self-governing units and amending certain acts, as amended by Act No 46/2004, Decree No 50/1978 on professional competence in electrical engineering, as amended by Decree No 98/1982.
30) For example, Act No 283/1991, as amended, Act No 137/2001.
31) For example, Section 47a(6) of Act No 283/1991, as amended, Section 21(1) of Act No 137/2001.
32) For example, Act No 38/1994 on foreign trade in military material and supplementing Act No 455/1991 on trade licensing (the Trade Licensing Act), as amended, and Act No 140/1961, the Criminal Code, as amended, as amended, Act No 18/1997 on the peaceful use of nuclear energy and ionising radiation (the Atomic Act), and amending and supplementing certain acts, as amended.
33) Act No 273/2001 on the rights of persons belonging to national minorities and amending certain acts, as amended by Act No 320/2002.
34) Act No 41/1993 on the verification of the conformity of copies or copies with the document and on the verification of the authenticity of signatures by district and municipal authorities and on the issuance of certificates by municipal authorities and district authorities, as amended.
35) Act No 167/1998 on addictive substances and amending certain other acts, as amended.
36) Section 115 of the Civil Code.
37) Sections 18 and 19(1) of Act No 563/1991 on accounting, as amended.
38) Act No 586/1992 on income tax, as amended.
39) Section 116 of the Civil Code.
40) Act No 119/1992 on travel allowances, as amended.
41) Act No 36/1967 on experts and interpreters.
Act No. 153/1994 Coll., as amended. Code of Administrative Procedure.
42)
43) Act No 283/1991, as amended.
43a) Act No 133/2000 on population registers and birth numbers and amending certain acts (the Population Register Act), as amended.
43b) Section 1 of Act No 133/2000, as amended.
43c) Section 13b of Act No 133/2000, as amended by Act No 53/2004 and Act No 342/2006.
43d) Act No. 40/1993 Coll., on the Acquisition and Loss of Nationality of the Czech Republic, as amended.
43e) Section 4(h) of Act No 101/2000 on the protection of personal data and amending certain acts, as amended.
Act No. 153/1994 Coll., as amended. Section 57 of Act No 140/1961, the Criminal Code, as amended.
43f)
44) Act No 154/1994, as amended.
46) Act No 90/1995 on the Rules of Procedure of the Chamber of Deputies, as amended.
47) Act No. 200/1990 Coll., on Offences, as amended.
48) Act No 634/2004 on administrative fees, as amended.
49) Article 18(1)(a) of Act No 137/2006 on public procurement, as amended.
Sections 21 to 85 of Act No 137/2006, as amended. Section 3 of Act No 139/2006 on concession contracts and concession procedures (the Concession Act).
50)
51) Sections 4 to 15 of Act No 139/2006, as amended by Act No 30/2008.
52) Act No 115/2006 on registered partnerships and amending certain related acts, as amended.
53) Section 20 of Act No 563/1991, as amended.
54) Act No 300/2008 on electronic acts and authorised conversion of documents, as amended.
LAW
of 8 January 2009
Section 63(3) and (4) of Act No 499/2004.
55)
Article XXXI
Act No 412/2005 on the protection of classified information and security clearance, as amended by Act No 119/2007, Act No 177/2007, Act No 296/2007, Act No 32/2008, Act No 124/2008, Act No 126/2008 and Act No 250/2008, is amended as follows:
1. In Section 3(4)(f), ‘offences’ is replaced by ‘crimes’.
2. Footnote 10 reads as follows:
‘10) Section 14(3) of the Criminal Code.’.
Selected provisions of the amendment
Article II of Act No 255/2011
Transitional provisions
1. Proceedings for the issue of a certificate of a natural person, a certificate of an entrepreneur or a document that has not been definitively concluded before the date of entry into force of this Act shall be subject to the time limits for the termination of proceedings under the existing legislation, unless this is the case under point 2; otherwise, the proceedings shall be completed in accordance with Act No 412/2005 on the protection of classified information and on security capacity, in the version in force from the date of entry into force of this Act.
2. Proceedings for issuing an Entrepreneur's Certificate for access to restricted classified information and proceedings for revoking the validity of an Entrepreneur's Certificate for access to restricted classified information that has not been finalised before the date of entry into force of this Act shall be discontinued on the date of entry into force of this Act.
3. The validity of the notification issued by the Office under the existing legislation expires on the first day of the third calendar month following the date of entry into force of this Act.
4. Proceedings for the imposition of a fine for an administrative offence or offence that has not been finally concluded before the date of entry into force of this Act shall be completed in accordance with the existing legislation.
5. Entrepreneur's certificate for the classification level Reserved, issued according to the existing legal regulations, shall be considered for a period of 3 months from the date of entry into force of this Act as a declaration of the entrepreneur pursuant to Act No. 412/2005 Coll., on the protection of classified information and on security eligibility, in the version effective from the date of entry into force of this Act.
Article III of Act No 255/2011
