CZECH REPUBLIC Law and Practice Contributed by: Stanislav Šimek, Vojtěch Mlynář and Jakub Dostál, BADOKH
Artificial Intelligence – AI Act Fintech providers using AI for purposes such as credit scoring or other high-risk applications must ensure the accuracy, reliability and transparency of their sys - tems and maintain human oversight. Digital Services – Digital Services Act and Digital Markets Act Fintech platforms with marketplace or intermediary characteristics fall under the EU Digital Services Act, which imposes tiered transparency and content mod - eration obligations. The EU Digital Markets Act is relevant only for the largest platforms and in practice does not affect Czech fintechs. Entities subject to this regulation must comply with obligations around interoperability, data access and fair dealing. Cyber-Resilience Fintechs that develop or distribute software prod - ucts must ensure that their devices and software are designed, updated and maintained to protect users. Main obligations will apply from 2027. Consumer Protection Entities dealing with consumers must comply with consumer protection law, including disclosure obliga - tions and the right of withdrawal within 14 days from online contracts. This applies broadly, including, for example, during an initial coin offering. 2.12 Review of Industry Participants by Parties Other Than Regulators Companies face statutory external audits when legal size-thresholds are met (number of employees, annual turnover or value of assets). All companies are required to publish their financial statements in the Commercial Register, making their accounts publicly accessible and subject to informal scrutiny by anyone. Technology providers to financial institutions must be monitored by those institutions as part of their third- party risk management obligations.
dealing. In practice, only large tech companies such as Amazon, Alphabet or Meta qualify. 2.10 Significant Enforcement Actions When the CNB identifies breaches of regulatory duties, it may impose a range of enforcement meas - ures, from ordering remediation of identified deficien - cies to revoking a licence. Notable recent enforcement actions include the fol - lowing: AML The CNB imposed a CZK9.5 million fine on a bank for multiple AML breaches, including failure to prop - erly assess client risk, inadequate employee training, and failure to prevent the establishment of business relationships with clients listed on international sanc - tions lists. In a separate case, the CNB fined a Czech bank CZK5 million for deficiencies in AML obligations, including insufficient client identification procedures and inadequate risk management processes related The CNB imposed significant fines on several entities for unlawfully accepting deposits and collecting funds from the public without holding a banking licence or other required authorisation. 2.11 Implications of Additional, Non- Financial Services Regulations Privacy – GDPR Fintech providers processing personal data are sub - ject to the GDPR. Key obligations include data minimi - sation, lawful basis for processing, data subject rights and breach notification. Cybersecurity – DORA and Cybersecurity Act Financial entities must maintain risk management frameworks, report incidents, conduct resilience test - ing and monitor third-party technology providers. Larger entities across key sectors such as energy, healthcare, banking and digital infrastructure are addi - tionally required to implement measures to address cyber-threats and minimise their impact. to international transactions. Unauthorised Deposit-Taking
201 CHAMBERS.COM
Powered by FlippingBook