Seven major legislative changes that might shake up business in 2025

Prague, 3 January 2025 – 2025 will bring major legislative changes that will significantly affect the operation of Czech companies. Experts from Deloitte Legal present an overview of the most important developments, including new requirements for cybersecurity, digitisation, environmental protection and labour relations. Companies will need to invest in IT security, risk management and supply chain monitoring to comply with the new rules and avoid penalties.

New Act on Cybersecurity

The new Cyber Security Act, which implements the European NIS2 Directive, significantly expands the range of companies subject to strict IT security requirements. The obligations will now affect more than 6,000 entities, including hospitals, IT service providers or manufacturers operating key infrastructure. Companies will have to invest in employee training, implementing multi-factor authentication, data encryption and regular IT systems resilience testing. However, management responsibility for ensuring corporate resilience to cyber risks is also tightening. “Underestimating these requirements can lead to fines of up to 2% of annual worldwide turnover. However, penalties may not be the primary motivation for obliged entities. A far greater impact on a company's operations, and thus on management's liability, is the failure to put in place the necessary security that would become apparent in a cyber incident,” emphasises Jaroslava Kračúnová from Deloitte Legal. The key issue for companies now is to assess the extent to which they will be subject to regulation and, if so, the regime of obligations applicable to them.

Flexible Amendment to the Labour Code

If approved, the flexible amendment to the Labour Code will bring changes for both employers and employees. A longer probationary period – up to four months for regular employees and up to eight months for managerial positions – gives companies more time to check the suitability of workers. The possibility to pay wages in foreign currency or to extend electronic delivery of documents will make administration easier. The amendment also changes the rules for giving notice – now the notice period will start from the day the notice is given, not from the first day of the following month. “The flexible amendment modernises employment relations, but companies will have to adapt their processes and documents to the new rules. There will definitely be room for improvement in the Labour Code, but it is certainly a step in the right direction,” says Jan Procházka from Deloitte Legal. 

Financial Market Digitisation

The new law introduces obligations under the European regulations DORA (Digital Operational Resilience Act) and MiCA (Markets in Crypto-Assets), which strengthen the digital resilience of financial institutions and regulate the crypto-asset market. DORA requires the implementation of robust IT risk management mechanisms, regular infrastructure testing and crisis plans to manage cyber incidents. MiCA introduces strict regulation of cryptoasset service providers, including licensing and protection of client assets. “DORA applies not only to financial institutions but also to their external IT service providers. They will all need to be prepared for the new regulation of their operational resilience,” explains Jan Procházka from Deloitte Legal. 

CBAM Carbon Duty

The Border Carbon Offset Mechanism (CBAM) targets companies importing carbon-intensive products such as steel, aluminium, cement and fertilisers. From 2026, companies will have to buy so-called CBAM certificates, the price of which will be derived from European emission allowances. The price of the certificates will correspond to the current price of emission allowances on the EU ETS (Emissions Trading System) market, which may significantly affect the cost of importing these products. The CBAM aims to avoid 'carbon leakage' and to ensure that imported products face similar emissions costs to EU production. 2025 is a key year to prepare for these changes and to secure the status of an approved CBAM declarant. “Companies should analyse their supply chains, evaluate the impact on their products and assess the effectiveness of cooperation with existing business partners,” recommends Colette Sladká from Deloitte Legal.  

Renewable Energy Support: Lex OZE III

Lex OZE III, an amendment to the Energy Act, was approved by the Chamber of Deputies and is heading to the Senate. The amendment brings significant changes for companies that want to engage in the development of renewable energy sources. The amendment focuses on promoting the construction of solar and wind power plants, energy storage and sharing of generated electricity between municipalities and businesses. Through simplified permitting processes, businesses and municipalities will be able to implement community energy projects that will reduce their operating costs and increase local energy self-sufficiency. The amendment also introduces elements of flexibility to manage fluctuations in electricity supply and demand. “On the other hand, the amendment introduces stricter mechanisms for checking the appropriateness of operating aid for solar power plants, which all aid recipients will have to pass. Although the details are not yet known, beneficiaries are likely to have to provide data on their costs and revenues, their beneficial owners and related parties. This will provide the government with detailed information on the economic operation of entire groups,” says Martin Černý from Deloitte Legal. 

Deforestation Regulation

The European Union Deforestation Regulation (EUDR) imposes new requirements on companies importing, marketing or exporting products related to deforestation and forest degradation. This regulation covers not only primary commodities such as timber, coffee, soya, cocoa, rubber, oil palm and cattle but also products made from them, such as furniture, paper, wooden pallets, tyres or chocolate. Companies will have to prove that their products do not cause deforestation, comply with the laws of the country of production and meet due diligence conditions. This includes, for example, setting up a system to trace supply chains and keeping documentation to prove the origin of products. The regulation was originally planned for an earlier date, but its entry into force has been postponed by one year. 

“For large and medium-sized enterprises, the obligation will apply from December 2025, and for small and micro enterprises from June 2026. Nevertheless, we recommend starting preparations now, as compliance with these requirements requires time and careful planning. Setting up the new processes will be similarly complex as it was for the GDPR,” notes Colette Sladká from Deloitte Legal. In case of non-compliance, companies can face sanctions including fines of up to 4% of annual turnover, confiscation of products or exclusion from public tenders. 

However, a major impact on businesses will be the detention of goods by customs if they are not accompanied by the documents. 

Lobbying Regulation Act

The Lobbying Regulation Act is intended to bring new rules for transparency in relations between companies and politicians. These rules will particularly affect large corporations and highly regulated industries such as pharmaceuticals and energy. If the law is passed, lobbyists and companies will be required to register their activities, disclose information about meetings with politicians and state what interests they represent. “The new rules are intended to increase public confidence in decision-making processes and improve the transparency of political decision-making; failure to adopt the law could have a negative financial impact on the Czech Republic's commitments to the EU under the National Recovery Plan,” explains Jaroslava Kračúnová  from Deloitte Legal.