top of page
ctibor legal.png

We are experts in unique legal services in the field of cyber security, ICT and ESG.



Preventive measures


In the field of Security Incident and Events Prevention, we draft and update Information Security Management System (ISMS) in accordance with legal regulations, standards (Best Practices, Best Effort) and outputs from SIEM and SOAR. We design Response incident and event plans and related documentation.

Notification and communication with supervisory authorities


We cooperate to report Security incidents that have or may have an impact on the security of the data or information systems of the compromised entity to the supervisory authorities (CSITR) and selected third parties. We legally support compromised entities in relevant investigations, until final completion and appropriate evaluation.

Supply chain management


We support obliged entities under the existing and upcoming new Cyber Security Act (following the transposition of the NIS 2 Directive) in implementing supply chain risk management (technical and organizational measures, assessing the credibility of suppliers, distinguishing between common and major suppliers, etc.). We also provide legal services to entities that are already or plan to be suppliers of obliged entities (e.g. updating contractual documentation, testing, questionnaires).

Registration of a cloud computing provider pursuant to Section 6q of Act No. 365/2000 Coll. 


We verify compliance with the legal requirements for registration in the catalogue of cloud computing service providers in public administration, as maintained by the Ministry of the Interior of the Czech Republic.

We set up the processes necessary for such registration and provide already registered providers with continuous consultancy, including checks on the fulfilment of existing and new obligations.

Security incidents and events response


Our consultancy includes the identification of a Security Incident or Event, including the evaluation of its severity. This is followed by appropriate defence and remedies, always in cooperation with ICT specialists and, if necessary, with the relevant supervisory authorities.

NIS 2 Directive


In the context of the new Directive (EU) 2022/2555 of the European Parliament and of the Council on measures to ensure a high common level of cyber security across the Union (NIS 2) and the preparation of the new Cybersecurity Act (including implementing decrees), we provide comprehensive services, including identification of future obliged entities (so called providers of a regulated service), assessment of managerial responsibility or proposal/revision of ISMS. Based on a comprehensive GAP analysis, we propose effective solutions and assist in the preparation of organizational, operational and technical measures (internal or external SOC, etc.), including their implementation.

Cyber Risk Insurance


We identify the existing scope of insurance coverage (liability insurance, D&O insurance for statutory bodies).

We assist in the preparation of documents for arranging cyber-risk insurance (Cyber-insurance, Cyber-risk), as stand-alone or add-on insurance. We also provide consultations on the content of the insurance policy for cyber risk (policy exclusions, limits), focusing on the scope of compensation for damage caused to the insured (e.g. costs associated with disruption or interruption of operations, hacker attack, blackmail, regulatory proceedings or GDPR sanctions) and third parties (e.g. privacy, lost profits or renewal costs).


Apps Terms and Conditions


We design and revise the existing terms of use of mobile or web applications (Apps). We place particular emphasis on payment arrangements depending on the type of application, limitations of liability and copyright protection. We support the process of publishing apps on both Google Play and App Store.

License Agreements, EULA


Our proposals of License Agreements for authorization to use ready-made software (SW) products consider primarily time, territorial, numerical and other license restrictions, license fees, rights of third parties, technical requirements, problem solving, etc. We also assess existing License Agreements according to the client's requirements.

We adapt the End User License Agreements (EULA) to the Czech legal environment and draft our own for new products.



We review and propose Software Maintenance and Support Agreement (SMA) concerning the provision of technical support and updates for an existing software product by the SW supplier. For example, we concentrate on the effective date of features such as new versions or upgrades and pricing policy in general.



We deal with specific Cloud Services Agreements (CSA), whether separately or in combination with other services. In particular, we ensure the security of entrusted data, their availability and other legal aspects.

Software Development Agreements 


We provide support not only for the revision of existing Software Development (SW) Agreements. Our drafts Software Development Agreement addresses not only the functionality of the software, the client's requirements (e.g. for software customization), software takeover including source codes, software testing, but also liabilities, warranties or licenses, use of open source, etc.



For Service Level Agreements (SLAs), we focus primarily on operating speed, performance requirements, availability in terms of time and other technical parameters.

We also pay attention to defining the scope, level and quality of the services provided, such as guaranteed time availability (e.g., 24/7) or speed of service troubleshooting.

We distinguish what the supplier provides and what the customer procures, according to the nature of the service: IaaS (Infrastructure as a Service), PaaS (Platform as a Service) or SaaS (Software as a Service). And not only for cloud solutions (Cloud Computing).



Within the framework of the Operational Level Agreement (OLA), we focus, among other things, on the definition of mutual relationships between SW creators and administrators. We determine exactly which of them bears what responsibility and what services they provide, so that the customer is not harmed by this plurality of suppliers.



We carry out a complete review of existing ICT legal solutions or Due Diligence (DD) of ICT assets, systems, processes, policies and procedures, both in the case of sale or acquisition. We present a clear picture of the ICT capabilities of the subject of the transaction, including the identification of key risks in technologies or processes and their impact on the transaction itself.




We carry out a comprehensive audit or revision of existing documents, policies and procedures with regard to the Corporate Sustainability Reporting Directive (CSRD), propose amendments to these documents, identify further necessary steps and support the implementation of a comprehensive solution to ESG issues, including support for the circular economy strategy. We support clients in understanding CSRD compliance, we explain the meaning and legal consequences of the terms used in CSRD.

ESG supply chain management


We legally support supply chain management of obligated parties from an ESG perspective. We address ESG with existing suppliers of obligated persons so that by voluntarily fulfilling ESG standards, they increase their competitiveness against other suppliers and at the same time ensure the continuation of existing cooperation.

ESRS 1 and 2


Within the European Sustainability Reporting Standards (ESRS) and in accordance with the principle of double significance, we provide opinions regarding expected obligations (reports on impacts, risks, opportunities, etc.). We communicate the difference between ESRS 1 and ESRS 2. We work together to design and implement policies and procedures that are consistent with the requirements of the ESRS 2 proposal. We clarify the meaning of disclose, consider for disclosure or may disclose and help clients understand the legal implications involved.

ESG other services


We provide training in ESG related areas. We help with financing issues, focusing on sustainable financing and meeting the expectations of financing institutions in the field of ESG (LEED - Leadership in Energy and Environmental Design, BREEAM - Building Research Establishment Environmental Assessment Method, etc.) We process ESG documents for financial audits or M&A transaction.

bottom of page