CZECH REPUBLIC: An Introduction to Compliance

In the modern Czech business environment, compliance has emerged as a crucial element for organisations striving for sustainable success and resilience, and strong ethical values. The regulatory landscape is now increasingly subject to heightened governmental scrutiny, employee input, and customers who demand a values-driven business culture. The general public is increasingly sensitive to businesses becoming embroiled in corruption, data breaches and discrimination, which often leads to negative media coverage or enforcement from government bodies. This article summarises key compliance areas in the Czech Republic, focusing on: (i) whistle-blowing legislation; (ii) criminal liability of legal entities, including investigation; (iii) the gender pay gap, equality and anti-discrimination measures; and (iv) General Data Protection Regulation (GDPR) enforcement.

Ethical Compliance

Organisations in the Czech Republic face challenges in the compliance landscape, including integrating compliance functions into overall corporate strategy and fostering a culture that prioritises ethical conduct. While the cost of non-compliance – both financial and reputational – is rising, so, too, are the costs related to operating compliance teams. To address challenges effectively, companies are adopting training initiatives covering all employees to ensure that overall compliance is improving, and that compliance teams are not overburdened. This includes implementation of AI and digital solutions for compliance-management systems, from compliance-AI-assistants to automated AI-powered monitoring tools, which are extremely effective thanks to a very high level of digitalisation introduced to companies in recent years.

Such systems usually incorporate robust monitoring and reporting capabilities, complemented by ongoing training and education of all levels of employees. While adopting advanced technologies, including detailed analytics and AI, it is equally important to communicate value-driven business concepts and promote a trust and enterprise mindset among the workforce.

Whistle-Blowing Legislation and Enforcement

Like many other EU countries, the Czech Republic did not implement the EU Directive on Whistleblowing in time, as its Whistleblower Protection Act was not effective before 1 August 2023. This legislation mandates that entities with 50 or more employees must establish internal reporting systems and designate impartial individuals to handle reports. The primary objective is to protect individuals who report unlawful conduct from those who might retaliate, thereby fostering a culture of integrity within organisations.

The legislation provides very strong protection to whistle-blowers from retaliation in the broadest sense – from harsher treatment at work to termination – and this protection could even extend to people associated with the whistle-blowers.

For confidentiality and continuity purposes, legal entities have often outsourced whistle-blowing officer functions to specialised persons to maintain confidentiality across the internal organisation. They now also often appoint external cover, with the government recommending the nomination of at least two individuals to take up whistle-blowing officer functions to ensure 24/7 operational capacity.

Criminal Liability of Legal Entities

With an increasing number of legal entities being prosecuted in the Czech Republic, criminal liability is proving to be in important legal step to increase corporate accountability. Under Act No 418/2011 Coll., on the Criminal Liability of Legal Entities, companies can be held criminally liable for offences committed by their representatives, employees, or even third parties acting on their behalf if the conduct benefits or is intended to benefit the entity. The spectrum of criminal offenses includes corruption, tax evasion, money laundering, fraud, environmental crimes, and cybercrimes.

Investigations typically involve specialised units of the Czech Police, including the National Centre against Organized Crime (NCOZ), cooperating closely with public prosecutors who specialise in corporate criminal liability. Recent high-profile cases underline the severity of potential consequences. For example, in early 2024, a prominent Czech industrial company faced substantial financial penalties and reputational damage due to involvement in systematic tax evasion and corruption, resulting in penalties exceeding CZK200 million.

Under the Act on Criminal Liability of Legal Entities, entities can be exempted from criminal liability if they are able to prove that they have established robust compliance programmes with clear internal policies, regular risk assessments, internal audits, and training programmes tailored to specific risks. The main challenge in criminal proceedings is demonstrating that the compliance programme was not only established “on paper”, but that it was implemented to reflect the operating practicalities of the company’s business environment.

GDPR Compliance

Data protection remains a critical compliance area in the Czech Republic, governed by the GDPR and the national Personal Data Processing Act with the Office for Personal Data Protection (UOOU) as the authority responsible for enforcing data-protection regulations.

The UOOU has demonstrated its commitment to enforcing GDPR compliance through significant measures. In May 2024, it imposed a substantial fine of approximately EUR13.9 million (CZK351 million) on a prominent cybersecurity company. The infringement was considered particularly severe given the company’s expertise in data and privacy protection.

In the upcoming term, the UOOU promised to primarily focus on: (i) conditioning provision of discounts by consent; (ii) CCTV systems; and (iii) compliance with anti-spam regulations.

Gender Pay Gap, Equality, and Anti-Discrimination Measures

Gender equality and addressing the gender pay gap are pressing issues in the Czech Republic. Despite legislative efforts, disparities persist. The Czech government has acknowledged these challenges and, at the end of 2022, published a Gender Pay Gap Action Plan for 2023–2026. This comprehensive plan aims to address existing gender pay gaps and signifies a commitment to tackling the issue.

In alignment with the European Union’s directive on pay transparency, the Czech Ministry of Labor and Social Affairs is drafting legislation to enhance transparency in remuneration. The country has until 2025 to implement these measures, which will require companies to provide average earnings broken down by gender for the same or comparable job roles. This initiative aims to reduce pay disparities and promote equality in the workplace.

The legal risks remain high, particularly in business undertakings ignoring disparities and unable to prove that discrimination did not take place – the obligation to prove that the discrimination did not exist is the responsibility of the companies/employers. Based on currently available data of the Czech Labour Inspection, in 2023, the Czech authorities imposed 46 dines for discriminatory treatment and discriminatory remunerations. Additionally, some of these cases resulted in court disputes where the individual discriminated against claimed compensation.