A Czech city is overhauling authentication, device control and data protection as part of a wider regional push to meet stricter EU cybersecurity rules.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
A Czech statutory city has launched a cybersecurity enhancement project centred on two‑factor authentication, network access controls, mobile device management and data loss prevention, underscoring how EU cybersecurity rules are reshaping local government IT across Central Europe.
Statutární město Mladá Boleslav’s contract notice, published on 27th November 2025, sets out a focused package of measures to strengthen cybersecurity measures and protect sensitive information. The city plans to introduce two‑factor authentication for users, verify devices and connections before they reach the network, manage mobile devices centrally and deploy data loss prevention tools.
Together, these components aim to tighten control over who and what can access municipal systems, and what happens to information once it is inside. Two‑factor authentication reduces reliance on passwords alone, network access verification screens devices before they connect, mobile device management helps secure phones and tablets used for official work, and data loss prevention tools can flag or block attempts to move sensitive data outside approved channels.
The timing reflects growing pressure on public bodies to comply with stricter EU cybersecurity rules, including the NIS 2 Directive and corresponding national legislation. These frameworks place greater emphasis on continuous monitoring of systems and clear incident‑response capabilities, and they expect authorities to demonstrate that access to critical systems and data is tightly controlled.
While the Mladá Boleslav notice focuses on front‑line controls rather than monitoring infrastructure, the choice of technologies is telling. By prioritising two‑factor authentication, network access checks, mobile device management and data loss prevention, the city is moving towards the identity‑ and data‑centric security model that underpins many of the new cybersecurity obligations now facing municipalities and other public‑sector organisations.
The city’s move sits within a clear municipal trend. In June 2025, Město Svitavy launched a Cybersecurity Tools Procurement that bundles network security, a next generation firewall, backup and archiving, endpoint protection and log management “as per relevant cybersecurity regulations”. In July 2025, Liberecká IS, a.s. sought to implement a two‑factor authentication Access Management System for more than 1,000 users. That same month, the Prague 4 district advertised a Cybersecurity Enhancement for Prague 4 covering a control security system, revitalisation of a backup data centre, greater resilience for its primary data centre and introduction of an information security management system in line with the Cybersecurity Act.
Health and emergency services are making similar investments. In July 2025, Oblastní nemocnice Mladá Boleslav, a.s., nemocnice Středočeského kraje, issued a Cybersecurity Software Tools for Hospital tender that mirrors many of the city’s priorities: two‑factor authentication, asset management, privileged account management, endpoint control, network documentation, data loss prevention and firewall log analysis. In June 2025, Uherskohradišťská nemocnice a.s. advertised an MFA/SSO Tool Procurement for a high‑security multi‑factor and single sign‑on solution, including licences, training, technical equipment and five years of maintenance support. By August 2025, the Emergency Medical Services of the Moravian‑Silesian Region were procuring multifactor authentication for key systems, including passwordless login and remote electronic signing.
Central government and infrastructure operators are also reshaping their security stacks. In July 2025, the Małopolski Urząd Wojewódzki w Krakowie launched a Cybersecurity System for Małopolska Office covering firewalls, malware analysis, multi‑factor authentication and secure data storage. In November 2025, the Ministry of Education, Research, Development and Youth of the Slovak Republic published a Cybersecurity Enhancement project with a strong focus on privileged account management and network security. Rail operator Správa železnic followed in October 2025 with an MFA Implementation and Certificate Acquisition procurement for secure access to ICT, operational technology and IoT assets. And in November 2025, Samodzielny Publiczny Wojewódzki Szpital Zespolony w Szczecinie sought Cybersecurity Software for email protection and network access control, with potential European Union co‑financing.
Across these procurements, the pattern is shifting from one‑off hardware purchases to projects that combine technology, integration and long‑term support. Contracts such as Metropolnet, a.s.’s July 2025 Security Monitoring Infrastructure Upgrade – covering identity management, privileged access tools, endpoint detection and supporting services – or Statutární město Kladno’s October 2025 Cybersecurity Tools Supply and Implementation, which includes training, documentation updates and ongoing support, are designed to underpin continuous monitoring and incident‑response capabilities.
Against that backdrop, Mladá Boleslav’s focus on two‑factor authentication, network access verification, mobile device management and data loss prevention looks like a deliberate effort to address the access and data‑protection elements of those wider requirements. The notice does not yet spell out how these tools will link into security monitoring or incident‑response processes, but recent procurements elsewhere in the region show that log management, vulnerability assessment and formal security management systems are becoming standard parts of public‑sector responses to the NIS 2 Directive. For public‑sector technology teams and suppliers, the Mladá Boleslav project becomes another reference point in a fast‑growing body of tenders that emphasise strong authentication, controlled access to networks and devices, and tighter safeguards on sensitive information. The clustering of such notices in 2025 underscores how firmly these themes have taken hold as EU cybersecurity rules continue to take effect.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.