AI laws and regulation in Czech Republic

High.

The Regulation (EU) 2024/1689, Artificial Intelligence Act (“EU AI ACT”), is directly applicable in the Czech Republic. The EU AI ACT establishes harmonised rules for AI, sets specific requirements for AI systems based on their risk levels to safety, health, and fundamental rights, came into force on August 1, 2024. The rules set down in the EU AI ACT take effect gradually.

The Czech government is preparing a national Act on Artificial Intelligence to complement the EU AI Act which is expected to be adopted in 2026 (“Draft Act”).

AI-related activities and using AI systems in the Czech Republic are subject to other relevant laws covering data privacy, consumer safety, cybersecurity, IP rights, sectoral compliance and civil liability that apply alongside the EU AI ACT:

• Charter of Fundamental Rights is relevant for the AI Act implementation;
• General Data Protection Regulation (GDPR)  and the Czech Act on Personal Data Processing (No. 110/2019 Coll.) impose strict rules on automated processing of personal data. These laws cover automated decision-making and profiling. The Article 22 of GDPR gives individuals rights when significant decisions are made by algorithms;
• E-privacy Directive  governs how data used by AI systems may be accessed, stored, and tracked on users’ devices, ensuring that AI operates in compliance with privacy and confidentiality rules.

• General Product Safety Regulation is relevant where AI is a product or safety component;
• Czech Act No. 387/2024 Coll., on General Product Safety,  manufacturers have a duty to place only safe products on the market;
• Regulation (EU) 2019/1020 and the Czech Market Surveillance Act (Act No. 87/2023 Coll.)  require that products (including those with AI components) meet essential safety requirements. If an AI malfunction could pose a safety risk, it falls under these product regulations.

• Czech Act No. 634/1992 Coll. on Consumer Protection, applies to AI-based products and services offered to consumers. If AI is used, for instance, in e-commerce (like recommendation algorithms), it must not engage in unfair commercial practices under consumer law.

• NIS2 Directive sets down rules for AI risk management, especially for critical services and infrastructures using AI;
• Financial sector operational resilience (DORA) overlaps with AI obligations where financial institutions deploy AI in critical functions;
• the Czech Act No. 265/2025 Coll., the Cybersecurity Act  imposes security obligations on operators of critical information systems and digital service providers.

• The AI Act imposes copyright-related transparency and compliance obligations on GPAI providers (GPAI providers in the Czech Republic must ensure transparency regarding training data and respect copyright laws), in line with Czech copyright legislation (Act No. 121/2000 Coll.).

• The Czech Civil Code (Act No. 89/2012 Coll.) is relevant if an AI system’s operation causes damage or injury, the user or producer of that system can by held liable under general tort law.
• Directive (EU) 2024/2853 expands “product” to include software and AI systems. It shall be implemented in 2026.

Under the EU AI Act, in particular Annex III, AI systems used across sectors such as biometrics, critical infrastructure, healthcare, education, employment, essential public and private services (including financial services), law enforcement, justice, democratic processes, online platforms, and general‑purpose AI are classified as high‑risk where they significantly affect individuals’ rights, safety, or access to essential services. These systems are subject to strict requirements on risk management, data governance, transparency, human oversight, and accountability, supplemented by applicable EU and national sector‑specific laws.

Additional legislation scheduled for 2026:

• A new amendment to the Czech Road Traffic Act (Act No. 361/2000 Coll.) will enable and regulate use of autonomous vehicles with SAE Level 3 automated driving systems on Czech roads. It will come into force on 1 January 2026.
• Moreover, works on regulations concerning SAE Level 4 and 5 automated driving systems have already begun.

Regulatory oversight is handled by the EU AI Office, at the European level, and, currently, by the MIT (“only” as a gestor) at the national level.

If the Draft Act is adopted (expected in 2026),  the Czech Telecommunications Office (“CTO”) will become the primary market surveillance authority. Several other existing Czech public authorities are also expected to participate in the supervisory framework. A detailed description of their respective competencies is provided below.

The EU AI Office  is the centre of AI expertise across the European Union,  plays a central role in implementing research and innovation policies, including the EU AI ACT. The EU AI Office is part of the administrative structure of the Directorate-General for Communication Networks, Content and Technology DG CONNECT of the European Commission.

It carries out competencies described in the EU section of this AI Regulatory Tracker.

Although the Czech Republic has not yet formally designated the competent authorities,  regulatory oversight of AI in the Czech Republic is currently handled by the MIT.

• MIT leads national AI policy and coordinates implementation of the EU AI ACT.  It oversees the National AI strategy and has been appointed as the main government body (a gestor) for AI governance;
• MIT drives policy development, drafts legislation, e.g. the Draft Act;
• It has been established as a gestor of National Artificial Intelligence Strategy of the Czech Republic to support public sector to use AI in compliance with guidelines;
• MIT has also established the National AI Competence Centre for e-Government. The Czech Republic became one of the first countries within the European Union to adopt a National AI Strategy;
• The  National AI Strategy has been introduced by the MIT. The strategy addressed various aspects of AI within seven key areas including the support and concentration of science, research, and development, the promotion of investment, funding, and the development of an AI ecosystem in the Czech Republic; 
• The MIT has updated the National AI Strategy and introduced the National AI Strategy of the Czech Republic 2030 including a follow up Action Plan.

The Draft Act proposes the following supervisory authorities:

• Czech Telecommunications Office (“CTO”) to serve as the main market surveillance authority. CTO is proposed to act as the single contact point under the EU AI Act. The CTO is proposed to be coordinating cross-border issues and enforcement actions. It is supposed to have authority to monitor and enforce obligations on providers of AI systems in general (except where another sector regulator is competent). It is proposed to be responsible for imposing penalties for non-compliance with the EU AI ACT (except where delegated to the Office for Personal Data Protection or the Czech National Bank). The CTO is poised to become de facto AI regulator in Czechia.
• Czech Office for Standards, Metrology and Testing (“COSMT”) to serve as the notifying authority for AI systems conformity assessment (certifications) by notified bodies. COSMT will accredit and supervise these conformity assessment bodies in the Czech Republic;
• Czech Agency for Standardization (“CAS”) to secure the functioning of the AI Regulatory Sandbox programme. The sandbox, mandated by the Draft Act, will allow companies and researchers to test innovative AI systems in a controlled environment with regulatory guidance (aligned tests with technical standards ISO/IEC, CEN);
• Czech Metrology Institute (“CMI”) is mentioned as a possible candidate as a notified body;
• Czech National Bank (“CNB”) to supervise compliance of AI in banking/finance with relevant laws;
• National Cyber and Information Security Agency (“NCISA”)  to address AI from the angle of cybersecurity risk.  For instance, if AI is used in critical systems (energy, healthcare), the NCISA ensures the operators manage the cyber risks (through audits and guidelines issued under the Cybersecurity Act);
• Ministry of Interior (“MI”) to oversee public security and some digital governance aspects; 
• Ministry of Labour and Social Affairs (“MLSA”) to monitor AI´s impact on employment and social affairs (AI in HR processes, potential algorithmic discrimination at workplace, improper AI use in hiring/firing).

Further, according to the Digital Czech Republic government website, the national public authorities supervising the fundamental rights (in relation to the use of high-risk AI systems referred to in Annex III) are:

• Office for Personal Data Protection (“OPDP”); and
• Public Defender of Rights (“Ombudsman”  or “PDR”) is designated to play a role in AI oversight concerning fundamental rights (individuals who believe an AI system violated their rights (discrimination or oppressive surveillance by a public authority) may seek recourse via the Ombudsman. The Ombudsman can investigate and issue recommendations.

Currently, these bodies coordinate their tasks and work to prepare for the implementation of the EU AI ACT. Since the dedicated national AI Act (Draft Act) is not in force yet, enforcement or guidance is mostly done thought existing mandates and with respect to those EU AI ACT’s parts that are already effective and directly enforceable in the Czech Republic.

The level of their activity varies from providing guidance, participating at the European level discussions on AI governance, internal preparations, developing policies, strategies to handing AI within general cases. Once the Draft Act is adopted in 2026, the CTO will start formally overseeing AI providers and users, conducting inspections and issuing fines for non-compliance. 

Yes. Beyond the European Commission’s documents, listed in the EU Section of this AI Regulatory Tracker, that are relevant also for the Czech Republic, the Czech Republic has developed several soft-law instruments articulating the Czech government’s vision, priorities and/or ethical principles for AI. 

The most significant documents are:

• National AI Strategy of the Czech Republic (2019). This is the foundational policy document, released as a part of the Czech Government’s Digital Programme. The document has been recently updated:
• National AI Strategy of the Czech Republic 2030. The document serves as a strategy outline for public policy on the Czech AI ecosystem, evaluates implementation of the 2019 strategy and adjusts targets for next decade (such as supporting AI startups, expanding data sharing for AI, stressing interlinkages with other national strategies).

There are also other documents that provide supportive guidance on AI in the Czech Republic:

• the Czech Government adopted an Internal Implementation Policy, proposes the necessary personnel and financial measures for implementation of the EU AI Act;
• the National Research and Innovation Strategy for Smart Specialisation of the Czech Republic is a strategic document ensuring that resources from European, national and local budgets and related private resources are effectively targeted at supporting oriented and applied research and innovation (in AI context, ensuring AI efforts are coordinated across government domains);
• the Digital Czech Republic Programme covering  overs areas ranging from the interaction of the Czech Republic in the European Union in the digital agenda, through digital public administration to the preparation and interaction of the Czech Republic’s society and economy for digitization. It ensures synergy between AI initiatives and general digital transformation efforts.
• the (new) National Cyber Security Strategy, effective from January 2026, sets out the state’s long-term priorities and objectives in area of cybersecurity, such as to secure strategic infrastructure, whole-of-society preparedness and development, international cooperation of Czechia within the EU, NATO and other international organisations.

Yes. The Czech AI regulation is heavily influenced by international standards, principles and initiatives.

The Czech Republic closely follows EU policy on AI so all international documents referred to at the EU section of this AI Regulatory Tracker are highly relevant also for the Czech Republic.

Beyond documents listed in the EU section of this AI Regulatory Tracker:

• UNESCO issued the Recommendation on the Ethics of Artificial Intelligence, which focuses primarily on protecting human rights and dignity. The recommendation emphasizes principles such as transparency, fairness, and human oversight of AI systems, which should be implemented with consideration for data governance, environmental and ecosystem impacts, gender equality, education, research, health, and social welfare;
• the Czech Republic recognises the crucial role of technical standards (ISO/IEC) and European standards (CEN/CENELEC) in AI regulation. Many AI-related standards already exist or are being developed, for instance ISO/IEC 23894 series on AI risk management. Czech regulators intend to use such standards as the technical reference for compliance. Even though it´s not law, these technical standards form an integral part of the AI regulatory framework through incorporation by reference.

As already mentioned above, the Czech Republic is about to adopt the Draft Act in 2026 – implementing EU AI ACT as the centrepiece.

The Draft Act designates competent authorities, sets a legal basis for an AI sandbox, establishes administrative offenses, and implements other necessary provisions of the EU AI ACT into the Czech legal system. The Draft Act intends to be only a minimum implementation

The Draft Act is now being commented on at Government level, before submission to Parliament. The adoption is expected in 2026.

• The MIT supports the submission of the „AI Gigafactory CZ“ project, applied for by electronic communications provider České Radiokomunikace at the European Commission, aiming to construct large-scale computing infrastructure for AI in the Czech Republic;
• One of the first publicly known enforcement action relating to AI Decision of Prague Municipal Court of 11 October 2023, case no. 10 C 13/2023
  The court ruled on the copyright protectability of AI generated output, concluding that it cannot be protected, as copyright can only extend to works created by a human author;
• Czechia as a technological leader. Government approved the National Strategy for Artificial Intelligence of the Czech Republic 2030 | MPO
• https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence
• EU AI Act - Questions and Answers