FDI Screening and M&A in the Czech Republic (2026): What Buyers and Sellers Must Know Now

The Czech Republic’s foreign direct investment screening regime has undergone its most significant expansion since the original framework entered into force, and FDI screening Czech Republic M&A 2026 transactions must now be planned around a broader set of mandatory filing triggers, longer potential review periods, and a reinforced cybersecurity overlay tied to the national transposition of the EU NIS2 Directive. The amendments that took effect in 2025–2026 broadened the range of transactions subject to prior approval under the national security screening framework administered by the Ministry of Industry and Trade (MPO).

Critically, the Ministry retains power to open retrospective reviews of completed transactions for up to five years after closing, meaning that deals signed, or even settled, before the latest changes may still be caught. For deal teams working on cross-border M&A in Czechia, early regulatory mapping is no longer optional; it is a condition of competent deal execution.

Executive Summary: 2026 FDI Screening Snapshot for M&A

Between 2025 and 2026, Czech legislators widened the scope of the national security screening mechanism in two connected ways. First, the list of economic activities considered sensitive was expanded, drawing in sectors and services newly classified as critical under the Cybersecurity Act 2025, which transposes the EU’s NIS2 Directive into Czech law. Second, the MPO’s procedural toolkit was sharpened, giving the Ministry greater latitude to impose conditions, prohibit transactions, or require divestment, even after completion.

These changes affect any foreign investor (and, in practice, any non-Czech EU investor in certain sensitive sectors) seeking to acquire control or significant influence over a Czech target operating in critical infrastructure, energy, cybersecurity services, defence, telecommunications, or designated real estate. Domestic acquirers purchasing targets with foreign-controlled upstream shareholders may also be drawn in.

The practical takeaway is straightforward: every M&A process involving a Czech target should now include an FDI screening assessment at the earliest stage of due diligence. Industry observers expect the Ministry to apply the expanded framework actively, particularly where ICT and managed-service providers underpin critical infrastructure.

The recommended first step is to map every target entity’s activities against the current MPO sector list and the NÚKIB register of regulated services before engaging in any binding negotiations.

Which Transactions Are Subject to Czech FDI Screening?

The Czech foreign direct investment screening Czechia framework applies an economic-activity test rather than a simple investor-nationality test. The central question is whether the target undertaking carries out any activity designated as relevant to the security of the Czech Republic, and whether the proposed transaction would result in foreign “effective participation” in the governance, operations, or strategic direction of that undertaking.

Mandatory Filing Triggers

A mandatory filing obligation arises when a foreign investor proposes to acquire:

• A controlling stake (direct or indirect) in a target whose economic activities fall within the statutory list of sensitive sectors.
• Significant influence short of control, where the investor obtains the ability to appoint or remove management, veto strategic decisions, or access classified information, typically at shareholding thresholds that confer blocking or co-decision rights.
• Assets or business divisions that, viewed independently, carry out a listed activity (asset deals are not exempt simply because no share transfer occurs).

The framework is not limited to non-EU investors. While the screening regime was originally oriented toward third-country investment, the 2025–2026 amendments and their implementing guidance apply the sectoral trigger regardless of investor nationality where the activity concerns critical infrastructure or cybersecurity-regulated services. In practice, EU-based private equity sponsors and strategic buyers must assess filing obligations on every Czech target in the expanded sector list.

Sector Table: Activities, Examples and Filing Triggers

Sellers should note that a failure to notify, or completing a transaction without clearance where filing was mandatory, exposes both parties to sanctions and, in the worst case, forced unwinding. It is therefore in the seller’s commercial interest to confirm the target’s FDI status before launching any sale process.

Cybersecurity Act (2025) and NIS2: Why Cybersecurity Links Change the Scope of FDI Screening

The Cybersecurity Act Czech 2025, which transposes the EU NIS2 Directive (Directive (EU) 2022/2555) into national law, is the single most important driver of the expanded FDI screening perimeter. Before its enactment, only a narrow group of “essential service” operators and digital infrastructure providers fell within the cybersecurity overlay for FDI purposes. The 2025 Act significantly broadened the categories of regulated entities administered by NÚKIB (the National Cyber and Information Security Agency).

What NIS2-Style Obligations Mean for Target Companies

Entities classified as “essential” or “important” under the Cybersecurity Act 2025 must satisfy ongoing compliance obligations, incident reporting, supply-chain risk management, governance requirements, that directly affect their operational profile and valuation. For M&A purposes, this classification matters because:

• Regulatory consent layer. Acquisition of a regulated entity may trigger both the MPO’s FDI screening and separate NÚKIB notification or approval requirements.
• Ongoing compliance cost. Buyers inheriting NIS2-regulated operations must budget for sustained cybersecurity compliance expenditure, which affects deal pricing and earn-out assumptions.
• Due diligence complexity. The buyer’s diligence team must verify the target’s current compliance status, pending NÚKIB proceedings, and any corrective measures already imposed.

Regulated Services NIS2 Czech Republic: FDI Overlap Table

The practical effect is that any acquisition involving an ICT or digital-services target in Czechia must now begin with a check against the NÚKIB register of regulated services. Early indications suggest that the Ministry and NÚKIB coordinate screening assessments, so parallel regulatory engagement is advisable.

The Czech FDI Approval Process: Timelines, Evidence and Decision Points

Understanding the Czech FDI approval process is essential for setting realistic transaction timetables. A filing that is expected to take sixty days can, in complex cases, extend well beyond one hundred and twenty days, making conditionality drafting and longstop-date negotiation critical.

Filing Requirements and Documents

The filing is submitted to the MPO and must include:

• Identification of the investor, full corporate chain (ultimate beneficial owner disclosure), nationality, and any state-ownership links.
• Description of the target, activities, licences, regulated-service classifications, real-estate holdings near sensitive sites.
• Transaction details, structure (share deal vs asset deal), percentage of equity and voting rights acquired, governance changes, financing sources.
• National security self-assessment, a reasoned explanation of why the transaction does (or does not) raise security concerns, including any proposed mitigation measures.
• Supporting documents, certified constitutional documents, financial statements, organisational charts, and, where cybersecurity is relevant, the target’s NÚKIB compliance records.

Typical Timeline Scenarios: Normal vs Extended vs Expedited

Deal teams should note that the clock stops if the MPO issues an information request, which is common. Every day between the request and the investor’s full response is added to the statutory timeline. Pre-filing engagement, including voluntary consultations before formal submission, can materially shorten the overall process and reduce the risk of clock-stopping requests.

Industry observers expect the average duration for non-controversial transactions to settle around sixty to ninety days under normal procedure, with cybersecurity-linked transactions trending toward the longer end of the range.

Retrospective FDI Reviews, Prohibitions and Unwinds: Practical Risk for Closed Deals

The retrospective FDI review Czech mechanism is among the most consequential features of the regime for deal teams. The Ministry may open a review of a completed transaction for up to five years after closing, even if no filing was made at the time. This power applies where the transaction should have been notified but was not, or where material facts were withheld or misrepresented in the original filing.

Early Warning Signs That a Deal May Be Reviewed

Practitioners should watch for the following indicators that a closed deal could attract retrospective scrutiny:

• Post-closing sector reclassification. If a target’s activities are reclassified as critical under the expanded Cybersecurity Act after closing, the Ministry may revisit the original transaction.
• Change in investor profile. A subsequent change of control at the investor level, for example, a fund’s LP base shifting to include sovereign wealth funds from non-EU jurisdictions, may prompt a fresh review.
• Intelligence-led referral. Security services or allied governments may flag concerns, prompting the MPO to open ex officio proceedings.
• Whistleblower or competitor complaint. Third-party notifications to the Ministry remain a realistic trigger.

Post-Closing Risk Allocation: Indemnities, Escrow and Specific Remedies

The available remedies in a retrospective review include conditional clearance (requiring behavioural or structural commitments), outright prohibition (requiring the investor to unwind or divest), and financial penalties. The likely practical effect of the five-year lookback is that both buyers and sellers must build retrospective review risk into their deal documentation:

• Buyer perspective: Seek specific indemnities from the seller covering losses arising from a retrospective review triggered by pre-closing facts (undisclosed regulated activities, incomplete filings).
• Seller perspective: Limit indemnity exposure by making full disclosure of all regulated activities and FDI-relevant facts in the SPA disclosure schedule; negotiate caps and time limits aligned to the five-year retrospective window.
• Escrow mechanism: A portion of the purchase price (industry observers suggest five to fifteen per cent in sensitive sectors) held in escrow for an agreed period to cover potential regulatory costs or forced divestment losses.

M&A Due Diligence and Pre-Filing Checklist for Czech Republic Transactions

Thorough M&A due diligence Czech Republic processes must now incorporate an FDI screening assessment as a standard workstream. The following checklist should be completed before any binding offer is made.

Core FDI Due Diligence Items

• Ownership mapping: Full chain from target to ultimate beneficial owner; identify any foreign state or state-controlled entity in the chain.
• Activity classification: Map all target activities against the MPO’s current sector list and the NÚKIB register of regulated services.
• Licence and permit audit: Catalogue all regulatory licences, concessions and permits, especially energy, telecoms and cybersecurity licences.
• Real-estate sensitivity check: Identify any land or buildings owned or leased by the target near military installations, critical infrastructure sites or restricted zones.
• Prior FDI filings: Confirm whether any previous transaction involving the target was subject to FDI screening, and obtain copies of clearance decisions.
• Ongoing NÚKIB proceedings: Check for pending inspections, corrective measures, or compliance orders.
• Supply-chain dependencies: Identify whether the target is a critical supplier to government entities or operators of essential services.

Cybersecurity Due Diligence Addenda

Where the target operates in any NIS2-regulated service category, the due diligence scope should be expanded to include:

• Current NÚKIB classification (essential or important entity) and date of last compliance audit.
• Incident history, reported cybersecurity incidents and NÚKIB response.
• Supply-chain risk-management policies and third-party vendor assessments.
• Board-level cybersecurity governance arrangements (a NIS2 requirement).

Third-Party Supplier and Outsourcing Checks

Targets that outsource critical ICT functions to foreign-controlled subcontractors may trigger additional FDI scrutiny even if the target itself is domestically owned. The diligence team should verify whether any critical outsourcing arrangement could be characterised as indirect foreign participation in a regulated service.

Deal Structuring, Conditions Precedent and Drafting Language to Mitigate FDI Risk in Cross-Border M&A Czechia

Transaction documentation for any acquisition subject to, or potentially subject to, FDI screening Czech Republic M&A 2026 rules must address regulatory clearance risk explicitly. The following model clauses and negotiation priorities are drawn from current market practice.

Buyer Protective Clauses

• Condition precedent, FDI clearance: “Completion is conditional upon the Buyer receiving unconditional clearance (or clearance subject only to conditions reasonably acceptable to the Buyer) from the Ministry of Industry and Trade under the Czech FDI screening framework, or the expiry of all applicable review periods without the Ministry having issued a prohibition or conditional decision.”
• Interim operating covenant: “Between signing and completion, the Seller shall procure that the Target does not enter into, amend or terminate any contract with a governmental or critical-infrastructure client, or apply for or relinquish any licence, permit or NÚKIB registration, without the prior written consent of the Buyer.”
• Termination right: “If FDI clearance has not been obtained by the Longstop Date, the Buyer may terminate this Agreement by written notice, and neither party shall have any further obligation except under surviving provisions.”

Seller Protective Clauses

• Reverse break fee: “If this Agreement is terminated because FDI clearance is not obtained by the Longstop Date and such failure is not attributable to any act or omission of the Seller, the Buyer shall pay the Seller a reverse break fee of [●] per cent of the Purchase Price within [●] Business Days of termination.”
• Cooperation obligation: “The Buyer shall use all reasonable endeavours to obtain FDI clearance, including preparing and submitting a complete filing within [●] Business Days of signing, responding promptly to all information requests, and proposing remedies to the Ministry where reasonably required.”
• Disclosure schedule protection: “The Seller warrants that the Disclosure Schedule contains a complete and accurate description of all regulated activities, FDI-relevant licences, and NÚKIB registrations of the Target as at the date of this Agreement. To the extent that a retrospective FDI review is attributable to matters fairly disclosed in the Disclosure Schedule, the Buyer shall have no indemnity claim against the Seller.”

Negotiation Priorities by Sector

• Energy: Expect heightened Ministry scrutiny and longer review timelines. Build in a longstop date of at least six months. Consider structural remedies (partial divestment or ring-fencing of grid assets) as part of the filing strategy.
• Real estate (security-sensitive): Clearance timelines tend to be shorter, but the Ministry may impose use restrictions or pre-emption rights. Ensure the SPA addresses post-clearance land-use covenants.
• Automotive and manufacturing: Where the target supplies defence or dual-use components, parallel export-control and FDI filings may be required. Coordinate both workstreams from the outset.

If the Ministry Opens a Review or Imposes Measures: Response Playbook

Even with thorough pre-filing diligence, the Ministry may open a review, either at the filing stage or retrospectively. A structured response dramatically improves outcomes.

Engaging Regulators and Parallel Remedies

• Immediate response (days 1–5): Assemble the regulatory response team (local counsel, investor’s compliance team, target management). Acknowledge the Ministry’s communication promptly and request a meeting to understand the scope of the review.
• Prepare a remedies proposal (days 5–15): Draft behavioural and, if necessary, structural commitments. Proactively offering remedies, such as board-composition safeguards, information-security ring-fencing, or audit rights for the Ministry, signals cooperation and accelerates resolution.
• Engage NÚKIB in parallel: Where the review has a cybersecurity dimension, engage NÚKIB directly to demonstrate the target’s compliance posture and any planned enhancements.
• Document everything: Maintain a full paper trail of communications, submissions and Ministry requests. This record is essential if the matter escalates to judicial review.

When to Seek Injunctive Relief or EU Legal Remedies

If the Ministry issues a prohibition or an order to divest, the investor has the right to challenge the decision before Czech administrative courts. In exceptional cases, particularly where the screening decision arguably conflicts with EU free-movement-of-capital principles or the EU FDI Screening Regulation (Regulation (EU) 2019/452), parallel proceedings before the European Commission or a preliminary reference to the Court of Justice of the EU may be considered. Provisional measures (interim injunctions) can be sought from Czech courts to suspend the effect of a divestment order while the challenge is pending.

Conclusion: Quick Checklist for FDI Screening Czech Republic M&A 2026

Every acquisition involving a Czech target must now account for the expanded FDI screening framework. The following checklist distils the essential actions:

• Map early: Check the target’s activities against the MPO sector list and NÚKIB regulated-services register before signing any exclusivity agreement.
• File promptly: Where a mandatory filing is required, submit within the first days after signing. Voluntary pre-notification can accelerate the process significantly.
• Draft for delay: Include FDI clearance as a condition precedent, negotiate realistic longstop dates (six months minimum for sensitive sectors), and agree reverse break fees.
• Disclose fully: Sellers should populate the disclosure schedule with every regulated activity, licence, and NÚKIB classification to limit retrospective indemnity exposure.
• Budget for compliance: Buyers acquiring NIS2-regulated targets must price in ongoing cybersecurity compliance costs and potential NÚKIB remediation requirements.
• Plan for retrospective risk: For deals already closed, audit the target’s current sector classification against the expanded 2025–2026 list and consider a voluntary retrospective notification if a filing gap is identified.
• Engage specialist counsel: FDI screening intersects M&A, cybersecurity law, public procurement and administrative law. Multi-disciplinary advice is essential.

For transaction-specific guidance on FDI screening Czech Republic M&A 2026 requirements, find a Czech M&A lawyer through the Global Law Experts directory.

Sources

1. ICLG, Foreign Direct Investment Regimes: Czech Republic
2. UNCTAD Investment Policy Monitor, Czechia FDI Screening Measure
3. Czech Ministry of Industry and Trade (MPO), Foreign Investment Screening Guidance
4. NÚKIB, National Cyber and Information Security Agency (Cybersecurity Act 2025 Materials)
5. EUR-Lex, EU NIS2 Directive (Directive (EU) 2022/2555)
6. White & Case, Foreign Direct Investment Reviews 2026: Czech Republic
7. CzechBusinessGuide, Foreign Investment Screening in the Czech Republic