Technology companies with users or operations in the Czech Republic are facing a significant shift in their compliance obligations. The Czech Republic has completed the national transposition of the EU's Digital Services Act (Zákon o digitálních službách, the Czech DSA implementation), and domestic enforcement machinery is now fully operational. For international businesses that assumed EU-level rules were someone else's problem, that assumption has become costly.
Czech digital services regulation now imposes direct obligations on online platforms, intermediary service providers, and technology companies offering services to Czech users – regardless of where the company is incorporated. Businesses meeting defined user-volume thresholds must appoint a legal representative in the Czech Republic, maintain transparent algorithmic accountability records, and comply with enforceable content moderation and software liability standards. The primary enforcement deadline for mid-size platform operators has passed; non-compliant businesses now face active supervisory scrutiny from the Czech national authority, Český telekomunikační úřad (Czech Telecommunication Office).
This alert identifies which business categories are affected, explains the threshold criteria that trigger obligations, and sets out immediate actions international companies should take now.
What changed – the regulatory development and its effective date
The EU Digital Services Act entered into force at the EU level in late 2022 and became directly applicable to very large online platforms from early 2024. For the broader category of intermediary services and smaller platforms, obligations applied from February 2024 across all EU member states – including the Czech Republic.
The Czech Republic's domestic implementation adds a national layer. The Zákon o digitálních službách designates the Czech Telecommunication Office as the competent Digital Services Coordinator (koordinátor digitálních služeb) with powers to investigate, issue binding orders, and impose administrative sanctions. This authority is now exercising those powers actively.
Two developments are particularly significant for international companies. First, Czech enforcement is no longer a future risk – it is a present one. The supervisory authority has issued guidance and begun accepting complaints from Czech users against non-compliant platforms. Second, the Czech implementation clarifies obligations that the EU text left partially open: the requirements around algorithmic accountability. Technology licensing conditions for certain intermediary services. Additionally, the standards for software liability in consumer-facing applications have each been addressed in implementing measures.
International companies that relied solely on their home-state regulator for DSA compliance cannot assume that coverage extends to Czech enforcement proceedings. A separate point of compliance contact and a documented Czech compliance posture are now expected.
Who is affected – threshold criteria and business categories
The regulation applies in layers. The category of obligation depends on service type and user volume.
Intermediary service providers – this category covers hosting services, online marketplaces, app stores, and cloud infrastructure providers that transmit, cache, or store content for Czech users. Any such provider, regardless of establishment, must observe basic due diligence obligations and cooperate with Czech authorities on lawful orders.
Online platforms – platforms that allow users to disseminate content publicly face additional obligations. These include transparent terms of service, accessible complaint mechanisms, and cooperation with trusted flaggers designated by Czech authorities. AI Act compliance intersects here: platforms deploying recommendation systems or algorithmic content ranking must document how those systems operate and make summary disclosures available to users in Czech.
Mid-size and large platforms – platforms reaching a defined monthly active user threshold in the Czech Republic (in proportion to the EU-wide threshold of 45 million users) face the most intensive obligations. These include annual risk assessments, independent audits, and enhanced algorithmic accountability reporting. Software liability exposure increases significantly at this tier: a failure to mitigate systemic risks identified in an audit can result in direct regulatory liability.
Technology licensing businesses are also affected where their licensed software is incorporated into services that meet the above definitions. If a Czech-market digital service relies on third-party technology, both the platform operator and – in some configurations – the technology licensor may carry obligations.
The threshold question is not always straightforward. Practitioners advising international clients in the Czech Republic note that the user-count methodology is contested in edge cases: companies with moderate Czech user bases but high engagement metrics have been drawn into the mid-size platform category by regulators applying a broader functional interpretation.
To receive a preliminary assessment of whether your digital services business meets the Czech DSA threshold criteria, contact us at info@ferrazwhitmore.com.
What to do now – immediate actions for international companies
Companies that have not yet mapped their Czech exposure should treat this as urgent. The supervisory authority is operational and actively receiving complaints. Inaction now creates enforcement risk that compounds over time.
The following actions should be prioritised:
- Appoint a legal representative in the Czech Republic. Non-EU companies offering digital services to Czech users must designate a legal representative established in the Czech Republic. This representative is the formal contact for the Czech Telecommunication Office. Operating without one is itself a compliance breach.
- Conduct a service classification review. Establish whether your services qualify as hosting, platform, or intermediary services under Czech implementing measures. This classification determines which obligations apply and at what level of intensity.
- Audit algorithmic accountability documentation. If your platform uses recommendation systems, automated content moderation, or AI-driven ranking, prepare internal documentation of how those systems function. This is a prerequisite for any regulatory engagement and supports AI Act compliance where the two regimes overlap.
- Review technology licensing agreements for compliance allocation. Where your services incorporate third-party software, examine whether existing technology licensing contracts allocate DSA compliance responsibilities clearly. Gaps in this allocation create shared liability exposure.
- Establish a Czech-language complaints mechanism. Platforms must make an accessible, user-facing complaint channel available. Enforcement guidance from the Czech authority specifies that a generic English-only mechanism is insufficient for Czech users.
Companies operating across multiple EU jurisdictions should also review our analysis of digital services regulation developments in Portugal, where comparable national enforcement measures have been implemented. Cross-border operators face cumulative obligations that require a coordinated response across jurisdictions.
For questions on software liability exposure, technology licensing conditions, or intellectual property considerations arising from DSA compliance, our intellectual property and technology practice in Czech Republic covers the intersection of these regimes in detail.
For a tailored strategy on DSA compliance and digital services regulation in Czech Republic, reach out to info@ferrazwhitmore.com.
About Ferraz & Whitmore
Ferraz & Whitmore is an international law firm based in Lisbon, advising technology companies, investors, and institutions on digital services regulation, AI Act compliance, and cross-border technology law across 46 jurisdictions. Our AI and technology law practice covers the Czech Republic and the broader Central European market, combining EU regulatory expertise with on-the-ground knowledge of national implementing measures. Engaging a lawyer in Czech Republic with cross-border technology experience is particularly valuable where EU frameworks interact with domestic enforcement regimes – as they now do in the digital services context. As a law firm advising international clients in Czech Republic, we help businesses map their regulatory exposure, appoint the required local representatives, and build defensible compliance documentation. To discuss your digital services situation in the Czech Republic, contact us at info@ferrazwhitmore.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.