Electronic Warfare and AI: The Battle for the Spectrum A Legal Strategic Report for Foreign Investors in the Czech Republic

13.12.2025

The electromagnetic spectrum is now a contested arena in global business and defense, with AI as a decisive force. For foreign investors, tech developers, and defense contractors in the Czech Republic, this brings major opportunities in a key European hub, while posing regulatory risks. This report provides a focused legal analysis of electronic warfare, AI rules, and dual-use compliance, showing how international actors can innovate and trade without facing severe penalties or losing their license.

Need advice on this topic? Contact the ARROWS law firm by email office@arws.cz or phone +420 245 007 740. Your question will be answered by "JUDr. Jakub Dohnal, Ph.D., LL.M.", an expert on the subject.

The Invisible Battlefield – AI-Driven Spectrum Management and Commercial Risk

The electromagnetic spectrum has emerged as a critical domain where artificial intelligence now directs both commercial and defense operations, creating unprecedented opportunities and regulatory challenges for global actors.

The Technological Context of Spectrum Warfare

The electromagnetic spectrum (EMS) is no longer a static resource managed by manual allocation; it has become a dynamic, living environment where commercial 5G networks, military radar systems, and autonomous drone swarms compete aggressively for bandwidth. In the Czech Republic, a central hub for technology within the European Union, the legal framework governing this invisible territory remains rigid, whereas the technology deploying onto it is fluid, autonomous, and increasingly unpredictable.

Foreign companies entering the Czech market often underestimate the complexity of local spectrum regulation, assuming that standard European conformity marks (CE) are sufficient for operation. However, modern Electronic Warfare (EW) and commercial communication systems utilize Artificial Intelligence to optimize frequency selection and power levels dynamically.

This "Dynamic Spectrum Allocation" allows machines to sense interference and "hop" to clear frequencies in milliseconds. While this capability ensures resilience against jamming and maximizes data throughput for next-generation 6G networks and autonomous assets, it creates a unique and often overlooked legal liability under Czech law.

The conflict arises because AI systems are designed to be fluid and opportunistic, while the regulatory environment is designed to be static and controlled. A "smart" radio that autonomously decides to transmit on a frequency to avoid congestion does not verify if that frequency is legally allocated to the user. This "smart" decision can lead to immediate and severe legal consequences.

The Legal Framework: Act No. 127/2005 Coll.

In the Czech Republic, the ultimate authority over the spectrum is the Czech Telecommunication Office (Český telekomunikační úřad - CTU). The primary legislation governing this area is Act No. 127/2005 Coll., on Electronic Communications. This Act implements the European Electronic Communications Code but retains specific national nuances regarding enforcement and penalties that foreign entities must navigate carefully.

The Conflict Between Innovation and Regulation

The Electronic Communications Act operates on the principle of explicit authorization. Under Section 17 of the Act, the use of radio frequencies generally requires an Individual Authorization, which specifies exact frequencies, power levels, transmission locations, and timeframes.

Static vs. Dynamic: The law envisions a world where a frequency is assigned to a specific entity for a specific purpose. AI-driven Cognitive Radio (CR) systems envisage a world where spectrum is a shared pool accessed based on real-time availability.
The 5 MHz Trap: A pertinent example is the 60-meter band (approx. 5 MHz), which is often used for military applications and experimental communications in the Czech Republic. An AI system designed to find "quiet" spectrum might identify this band as underutilized during peacetime and hop onto it.
Strict Liability: If an AI-driven device autonomously "hops" into a frequency band reserved for the military or critical infrastructure (like weather radar) to avoid civilian congestion, it commits an administrative offense. The law does not recognize "algorithmic decision-making" or "software autonomy" as a defense. The holder of the license—or the operator of the unlicensed device—is strictly liable for the violation.

Professional Insight: Foreign manufacturers often operate under the misconception that compliance with ETSI standards (European Telecommunications Standards Institute) is sufficient for legal operation. This is a dangerous assumption. ETSI standards govern the technical parameters of the equipment, but the use of the spectrum is governed by the National Frequency Allocation Plan (Decree No. 105/2010 Coll.).

An ETSI-compliant radio can still operate illegally if it transmits on a frequency not authorized for that specific user in that specific territory. Even simple-looking steps, such as deploying a standard commercial drone fleet with automated frequency switching, often contain legal traps and hidden risks for laypeople.

ARROWS International operates daily in this rigorous regulatory environment. The firm helps foreign clients navigate the authorization process with the CTU, ensuring that "smart" devices operate within "legal" boundaries. ARROWS lawyers negotiate experimental licenses and represent clients in administrative proceedings to prevent the revocation of spectrum rights, significantly reducing the client's risk and saving time.

Risks and Penalties under Section 118

The penalties for spectral violations in the Czech Republic are severe, reflecting the critical nature of the resource for national security and public infrastructure. Section 118 of Act No. 127/2005 Coll. defines administrative offenses for legal entities and entrepreneurs.

Financial Consequences

The Czech Telecommunication Office has the authority to impose substantial fines. For serious offenses, such as utilizing radio frequencies without the necessary authorization (Section 118(1)(d)) or causing harmful interference to other networks, the fine can reach up to CZK 50,000,000 (approximately EUR 2 million) or, in certain cases involving repeated breaches, a percentage of the company's net turnover.

Harmful Interference: This is defined broadly. If a foreign entity's high-power AI transmitter disrupts a mobile operator's network or, worse, air traffic control radar, the authorities act swiftly. The CTU can order the immediate shutdown of the operation.
Confiscation of Technology: Beyond fines, the authorities have the power to seize and forfeit the equipment used in the commission of the offense. For a defense contractor testing a prototype EW system worth millions of euros, the forfeiture of the prototype can be far more financially damaging than the administrative fine itself.
Operational Paralysis: A finding of "harmful interference" can lead to the revocation of existing licenses and a ban on future authorizations, effectively paralyzing the company's ability to operate in the Czech market.

ARROWS Law Firm, a leading Czech law firm based in Prague, European Union, emphasizes that these are not theoretical risks. The CTU actively monitors the spectrum. ARROWS is insured for damages up to CZK 500 million, providing clients with a secure partner when handling high-stakes regulatory defense.

Strategic Solutions for Foreign Investors

For foreign entities looking to test AI-driven radio systems or EW capabilities, the standard commercial licenses are often insufficient. The solution lies in Experimental Licenses. Under Czech law, the CTU can grant short-term authorizations for technical trials and research.

The ARROWS Advantage: Securing an experimental license requires a detailed technical justification and often coordination with the Ministry of Defence if the frequencies overlap with military bands. ARROWS lawyers specialize in drafting these applications, framing the technical parameters to align with regulatory requirements while preserving the client's operational flexibility.

Dispute Resolution and Representation

In the event of an interference claim, speed is critical. The CTU's monitoring stations can triangulate a signal source quickly. ARROWS provides immediate legal representation in administrative proceedings, aiming to mitigate penalties and negotiate technical settlements (e.g., power reduction or frequency shifts) rather than accepting a complete shutdown order.

Key Takeaway: Automated frequency hopping by AI systems without a corresponding flexible legal authorization is a direct path to multimillion-crown fines and equipment confiscation.

Spectrum Management

Risks and penalties	How ARROWS helps (office@arws.cz)
Unauthorized Frequency Use: Your AI system autonomously selects a restricted frequency (e.g., military band) to avoid congestion. Penalty: Fine up to CZK 50,000,000; forfeiture of technology.	Licensing Strategy: We analyze your device's operating parameters against the National Frequency Allocation Plan and secure the necessary Individual Authorizations from the CTU.
Harmful Interference: Your high-power transmitter disrupts third-party networks (e.g., mobile operators or airport radar). Penalty: Immediate shutdown order; damages liability; regulatory fines.	Dispute Resolution: We represent you in interference disputes before the CTU, aiming to mitigate penalties and negotiate technical settlements rather than shutdowns.
Experimental Operation: Testing new EW or AI-radio tech without a specific "experimental license." Penalty: Administrative delict; ban on future testing.	Experimental Licenses: We draft and file applications for experimental frequency use, ensuring your R&D remains legal.

FAQ – Legal Tips about Spectrum Authorization

Can we rely on our home country's frequency license to operate in the Czech Republic?
No. Frequency authorizations are strictly territorial. A license granted in the US or Germany has no validity in the Czech Republic. You must obtain a local authorization from the CTU. Contact ARROWS at office@arws.cz for a license assessment.
What is the timeline for obtaining an Individual Authorization for frequency use?
The statutory deadline is generally 6 weeks, but complex cases involving international coordination or military bands can take significantly longer. ARROWS can accelerate this by ensuring the application is technically and legally flawless from day one. Avoid delays by contacting office@arws.cz.

The Dual-Use Dilemma – When Software Becomes a Weapon

For foreign commercial enterprises, startups, and software developers, the definition of "weapon" has shifted dramatically. One no longer needs to manufacture missiles or tanks to be subject to strict arms control laws. If a company develops facial recognition AI, autonomous navigation software, advanced signal processing algorithms, or high-performance chips, it is likely dealing with Dual-Use Items.

Dual-use items are goods, software, and technology that can be used for both civil and military purposes. The export of these items is heavily regulated to prevent sensitive technology from reaching hostile actors or being used for internal repression. In the Czech Republic, a safe European harbour, compliance with these regulations is mandatory and strictly enforced.

The Regulatory Framework: EU Regulation 2021/821

The export of dual-use goods is governed by Regulation (EU) 2021/821, which established a Union regime for the control of exports, brokering, technical assistance, transit, and transfer of dual-use items. This Regulation is directly applicable in the Czech Republic, but its implementation and enforcement are handled by national authorities—specifically the Ministry of Industry and Trade (MPO) and the Customs Administration, under Act No. 594/2004 Coll..

The Trap of Intangible Technology Transfer (ITT)

Many foreign investors understand the physical constraints: one cannot ship a high-tech sensor to a sanctioned country. However, a massive and frequent compliance failure occurs in the realm of Intangible Technology Transfer (ITT).

The Scenario: A Prague-based development team uploads a software update for an AI navigation system to a cloud server. This server is accessible by the company's branch or engineers located in a non-EU country (e.g., a subsidiary in Asia or the Americas).
The Violation: Under EU and Czech law, making controlled "technology" (software, blueprints, technical data) available to a person outside the EU constitutes an export. If this "upload" occurs without a valid export license, the company has committed an illegal export of dual-use goods.
The Consequence: This is not treated as a minor administrative oversight. It is treated as a breach of international security protocols.

Professional Insight: Foreign clients often assume that internal transfers within a multinational corporation are exempt. They are not. Unless the transfer is within the EU or to a specific list of friendly countries covered by a General Export Authorization (e.g., EU001 for USA, Canada, UK, etc.), a license is required. ARROWS Law Firm handles these export control compliance matters daily, helping clients identify these invisible export events before they trigger an audit.

The "Catch-All" Clause and End-User Risk

Article 4 of Regulation 2021/821 contains a "catch-all" provision that is a critical risk area for foreign investors. This clause allows Czech authorities to impose licensing requirements on non-listed items—goods that do not appear on the official dual-use control list (Annex I)—if there is a risk they may be used for:

Connection with weapons of mass destruction.
Military end-use in a country subject to an arms embargo.
Use as components in military items exported without authorization.

The "Know Your Customer" Imperative

This shifts the burden of due diligence onto the exporter. A foreign entity cannot simply check the control list, see their product is missing, and proceed. If a company sells "innocent" AI image processing software to a foreign entity known to supply a military in an embargoed region, the MPO can retroactively classify that transaction as subject to authorization.

Human Rights Considerations: The new Regulation 2021/821 also increases focus on cyber-surveillance items that could be used for internal repression or serious violations of human rights. Exports of such tech to authoritarian regimes are under extreme scrutiny in the Czech Republic.

ARROWS International advises clients on implementing robust Internal Compliance Programs (ICP). An ICP is a set of internal policies and procedures that ensure a company checks every transaction for dual-use risks. It is often a mandatory prerequisite for obtaining "Global Export Authorizations," which facilitate smoother trade.

Penalties and Criminal Liability

Violating dual-use regulations carries severe consequences.

Administrative Fines: The Ministry of Industry and Trade can impose fines of up to CZK 50,000,000 (approx. EUR 2 million) or, in some cases, a percentage of turnover for legal entities violating the Act on Control of Exports of Dual-Use Goods.
Criminal Liability: Under the Czech Criminal Code (Act No. 40/2009 Coll.), individuals—specifically company directors and export control officers—can face imprisonment for violation of regulations on the control of commodity exports (Section 261). The intent to bypass regulations is not always required; gross negligence can be sufficient for prosecution.
License Denial: Perhaps most damaging for a commercial enterprise, a history of non-compliance can lead to the denial of future licenses. For a technology company whose business model depends on international sales, this is effectively a death sentence.

Key Takeaway: Sending an email with technical data to a non-EU subsidiary can be a criminal offense under Dual-Use regulations if proper licenses are not in place.

Dual-Use & Export Control

Risks and penalties	How ARROWS helps (office@arws.cz)
Intangible Transfer Violation: Uploading AI source code to a shared server accessible from outside the EU without a license. Penalty: Fine up to CZK 50,000,000; criminal liability for directors.	Compliance Audit: We review your data flows and IT structures to identify hidden export risks and secure necessary Global Export Authorizations.
Catch-All Classification: Exporting non-listed "harmless" tech that authorities later deem useful for military end-use. Penalty: Retroactive blockage of trade; seizure of goods; reputational damage.	End-User Verification: We conduct due diligence on your foreign partners and draft robust end-user certificates to satisfy MPO requirements.
Sanctions Breach: Unknowingly exporting components to a sanctioned entity via a third party. Penalty: Severe fines; blacklisting from public contracts.	Sanctions Screening: We integrate sanctions checks into your sales contracts.

FAQ – Legal Tips about Export Controls

Does our AI software require a license if we only sell it to other EU countries?
Generally, transfers of dual-use items within the EU are free of license requirements (with some exceptions for extremely sensitive items listed in Annex IV). However, you must still state on commercial documents that the goods are subject to control if exported outside the EU. Ensure your documentation is correct with ARROWS at office@arws.cz.
How do we know if our product is "Dual-Use"?
Classification is a technical-legal process comparing your product's specifications against Annex I of Regulation 2021/821. It is not always obvious. ARROWS works with technical experts to provide a definitive legal classification. Don't guess—contact office@arws.cz.

Drones and Jammers – The Legal Reality of Active Defense

As drone incursions become a growing threat to industrial espionage, physical security, and VIP privacy, many foreign facility managers in the Czech Republic ask a logical question: "Can I install a jammer to protect my factory or residence?" The market offers various "drone guns" and jamming devices that promise security.

The short answer is No. The long answer is complex, legally perilous, and requires a nuanced strategy.

The Illegality of Private Jamming

Under Czech law, the operation of signal jammers (devices designed to disrupt radio communications) by private entities is fundamentally illegal.

Act No. 127/2005 Coll.: Jammers, by definition, cause "harmful interference." Section 100 explicitly prohibits the use of equipment that causes such interference. There is no license available for a private company to operate a jammer for "protection" purposes.
No Self-Defense Exception: The Electronic Communications Act does not contain a "self-defense" exception for spectrum interference. Even if a drone is trespassing, jamming its signal involves broadcasting noise on public frequencies (GPS, Wi-Fi, GSM), which affects legitimate users in the vicinity.

Criminal Liability

Beyond administrative fines from the CTU, operating a powerful jammer can lead to criminal charges.

General Endangerment: If a jammer disrupts GPS signals used by an ambulance, police, or air traffic control, the operator can be charged with General Endangerment (Obecné ohrožení) under the Criminal Code.
Damaging Public Utility: Section 276 of the Criminal Code criminalizes damaging or endangering the operation of a public utility, which includes telecommunication networks.

Professional Insight: Foreign clients are often shocked to learn that protecting their property with a jammer puts them at greater legal risk than the drone pilot trespassing on their land. This is a hidden legal trap. The authorities view the integrity of the public spectrum as paramount.

Police Powers and "Soft" Defense

If private jamming is illegal, how can a foreign investor protect their assets? The answer lies in leveraging the statutory powers of the state.

Police Authority: Only the Police of the Czech Republic and the Military Police have the explicit statutory authority to "limit or interrupt the operation of electronic communications" (i.e., jam) or to seize/destroy a drone. This power is granted under recent amendments to the Act on Police (No. 273/2008 Coll.) and the Act on Military Police.
Criteria for Intervention: The police can intervene if the drone poses a threat to life, health, property of significant value, or critical infrastructure.

ARROWS' Strategic Advice: Instead of purchasing illegal hardware, foreign clients must implement "passive" defense strategies and legal protocols.

Detection Systems: Installing drone detection systems (Aeroscope, radar, RF sensors) is generally legal, provided they comply with GDPR (as they capture data).
Legal Protocol: ARROWS drafts security directives that define exactly when and how security personnel should contact the police to trigger their jamming authority. This creates a "Legal Iron Dome"—a system where detection is private, but neutralization is public and lawful.

The "Self-Help" (Svépomoc) Exception

The Czech Civil Code (Section 14) allows for "self-help" to avert an imminent unlawful attack. However, legal jurisprudence is extremely conservative. Shooting down a drone (kinetic destruction) is only justifiable if the drone poses an immediate threat to life or health (e.g., a drone carrying a grenade or flying dangerously close to people).

Mere trespass or photography does not justify destruction. Destroying a drone for taking photos could lead to liability for property damage and criminal charges for damaging another's property.

Key Takeaway: Buying a jammer to protect your warehouse is a crime; building a legal protocol for police intervention is a strategy.

Drone Defense & Jammers

Risks and penalties	How ARROWS helps (office@arws.cz)
Illegal Jammer Use: Installing a jammer to stop drones over your facility. Penalty: Criminal prosecution; fine up to CZK 50M; confiscation of devices.	Security Policy Drafting: We create legal security protocols that utilize detection systems and police cooperation, keeping you on the right side of the law.
Shooting Down a Drone: Physically destroying a drone trespassing on your property. Penalty: Liability for property damage; potential criminal charge for property destruction.	Liability Defense: We represent clients in damages claims and define the legal boundaries of "self-defense" for property protection.
GDPR Violation (Surveillance): Using drone detection cameras that record public spaces. Penalty: Fines up to EUR 20M or 4% of turnover under GDPR.	GDPR Compliance: We draft privacy notices and Data Protection Impact Assessments (DPIA) for security systems.

FAQ – Legal Tips about Anti-Drone Security

Can we designate our factory as a "No-Fly Zone"?
Generally, no. Airspace is public. Only the Civil Aviation Authority (ÚCL) can establish prohibited zones (e.g., around nuclear plants or airports). Private entities cannot arbitrarily ban flight over their land, though they can prohibit takeoff/landing on their land. ARROWS can help you apply for restricted status if you qualify. Contact office@arws.cz.
Is it legal to use a "spoofing" device to redirect a drone?
No. Spoofing involves transmitting a fake GPS signal, which is a form of active interference and is illegal under the Electronic Communications Act, similar to jamming. Stay legal—ask ARROWS at office@arws.cz.

Public Procurement in Defense – Accessing the NATO Market via Prague

The Czech Republic, as a committed NATO member, is undertaking a massive modernization of its armed forces. With a commitment to spend 2% of GDP on defense, the Ministry of Defence (MoD) is actively procuring advanced Electronic Warfare systems, autonomous vehicles, and AI-driven command and control software.

For foreign defense contractors, this represents a significant market opportunity. However, the Public Procurement Act (No. 134/2016 Coll.) and the Act on Foreign Trade in Military Material (No. 38/1994 Coll.) create a fortress of bureaucracy that is difficult to breach without local guidance.

Security Clearances: The Golden Ticket

To bid for sensitive EW or AI contracts, a foreign entity often faces a critical barrier: the need for a Facility Security Clearance (FSC) issued by the National Security Authority (Národní bezpečnostní úřad - NBÚ). Access to classified information—often necessary just to view the technical specifications of a tender—is impossible without it.

The Ownership Transparency Trap

The NBÚ conducts a rigorous investigation into the applicant's background. A major stumbling block for foreign companies is the requirement for ownership transparency.

The Issue: If a company has a complex offshore holding structure (e.g., trusts, shell companies in tax havens), the NBÚ may conclude that the ownership is "unverifiable."
The Consequence: The NBÚ will deny the clearance on the grounds of "security risk" or "influenceability," effectively locking the company out of the market.
The Solution: Foreign entities must be prepared to disclose their Ultimate Beneficial Owners (UBOs) and prove the origin of their capital.

ARROWS International specializes in restructuring corporate holdings to meet NBÚ transparency requirements. We act as the bridge between foreign bidders and the Czech security apparatus. We assist in preparing the "Responsible Person" (usually a director) for their Personnel Security Clearance and ensure that the company's structure is transparent to the satisfaction of Czech authorities.

Intellectual Property (IP) in Defense Contracts

For AI and software companies, the algorithm is the crown jewel. However, standard Czech MoD contracts often demand extensive rights to the IP created under the contract.

Standard Terms: The state often pushes for "unlimited rights" to use, modify, and distribute the software, potentially allowing them to share it with other NATO partners or even competitors for maintenance purposes.
The Risk: Giving up the source code or unlimited rights can destroy the commercial value of the technology for other markets.
Differentiation is Key: Successful negotiation involves distinguishing between Background IP (technology the contractor brings to the project, which they retain) and Foreground IP (technology created specifically for the state, which the state may own or have broad licenses to).

Professional Insight: The MoD's initial draft contract is rarely their final offer. ARROWS lawyers have extensive experience negotiating these specific IP clauses. We ensure that our clients retain the commercial rights to their core technology while satisfying the MoD's need for operational independence and NATO interoperability. We draft contracts that protect your proprietary algorithms from becoming public property.

Foreign Trade in Military Material

Engaging in the trade of military material in the Czech Republic requires a specific license under Act No. 38/1994 Coll.

Requirement: Only a legal entity established in the Czech Republic (or an EU branch) can hold this license.
Procedure: The license is granted by the Ministry of Industry and Trade but requires binding opinions from the Ministry of Defence, Ministry of Interior, and Ministry of Foreign Affairs.
ARROWS Service: We assist foreign clients in establishing the necessary Czech entity and managing the complex application process for the "License for Foreign Trade in Military Material," ensuring all four ministries are satisfied with the applicant's reliability.

Key Takeaway: A non-transparent ownership structure is the fastest way to lose a defense tender. Pre-tender corporate housekeeping is essential.

Public Procurement & Defense

Risks and penalties	How ARROWS helps (office@arws.cz)
Security Clearance Denial: NBÚ rejects application due to opaque offshore ownership structure. Consequence: Disqualification from sensitive tenders; loss of market access.	Corporate Restructuring: We analyze and simplify your holding structure to meet NBÚ transparency standards.
IP Rights Loss: Signing a standard MoD contract that grants the state ownership of your AI source code. Consequence: Loss of commercial exclusivity; inability to license to others.	Contract Negotiation: We distinguish Background vs. Foreground IP in contracts, protecting your core technology.
Trading Without License: Brokering military material without a valid Act 38/1994 license. Penalty: Criminal prosecution; heavy fines; business closure.	Licensing Assistance: We guide you through the process of obtaining the License for Foreign Trade in Military Material.

FAQ – Legal Tips about Defense Contracts

Can a foreign company hold a Facility Security Clearance in the Czech Republic?
Yes, the NBÚ can recognize a clearance issued by a foreign NSA if there is a bilateral agreement. However, for practical reasons and specific Czech tenders, establishing a local branch and obtaining a Czech FSC is often smoother. ARROWS facilitates this process – office@arws.cz.
Are tenders always open to all bidders?
No. In defense, the government often uses the "negotiated procedure without publication" or "restricted procedure" exemptions to limit competition to trusted partners for security reasons. Getting on the "shortlist" often requires proactive legal and business development. ARROWS supports your market entry strategy – office@arws.cz.

AI Liability – Who Pays When the Machine Kills?

As we move toward "Human-on-the-loop" AI systems in Electronic Warfare, the question of liability shifts from the soldier to the software developer. Who is responsible if an autonomous drone swarms the wrong target? Or if an AI-driven jammer fails to stop an attack?

The legal landscape in the Czech Republic and the EU is evolving rapidly to answer this. The Revised Product Liability Directive and the Czech Civil Code are shifting to treat software explicitly as a "product," imposing strict liability for defects.

Strict Liability for Code

Under this regime, if your AI software causes damage (death, personal injury, or destruction of property), you—the developer or manufacturer—are liable.

No Negligence Required: The victim does not need to prove you were negligent or that your code was "bad." They only need to prove that the product was "defective" and that the defect caused the harm.
The "Defect": A product is defective if it does not provide the safety that a person is entitled to expect. If an AI system behaves unpredictably—a feature inherent in machine learning—this unpredictability can be legally classified as a defect.

Legal Trap: Marketing materials that claim "fail-safe" operation, "perfect autonomy," or "zero-error" performance can be used against you in court. These claims set a high bar for "legitimate expectations." If the product fails to meet this self-imposed standard, it is defective.

"Human-in-the-Loop" vs. "Human-on-the-Loop"

Compliance in the Czech Republic often hinges on the level of human control integrated into the system.

International Humanitarian Law (IHL): While not purely a commercial issue, IHL principles apply to the development of weapon systems. The concept of Meaningful Human Control (MHC) is central.
EU AI Act: Although the AI Act contains exemptions for systems used exclusively for military purposes, dual-use systems or systems that might be deployed in a law enforcement context (e.g., border control drones) fall under high-risk categories requiring strict conformity assessments and human oversight.

ARROWS Strategy: We assist clients in drafting "defense-grade" End User License Agreements (EULAs) and supply chain contracts. These documents are critical for:

Defining Intended Use: Clearly stating what the AI is not designed to do limits liability for misuse.
Limiting Liability: While you cannot contract out of strict liability for personal injury, you can limit liability for business losses and indirect damages in B2B contracts.
Human Oversight Clauses: Mandating that the operator maintains a "human in the loop" shifts some operational liability to the user.

Professional Insight: ARROWS is insured for damages up to CZK 500 million. This makes us a secure partner for handling high-stakes liability strategy and contract drafting for major defense contractors. We understand that a single line in a contract can save millions in a lawsuit.

Key Takeaways

Software is now a "product," and "bugs" are now "product defects" carrying strict liability.
Marketing claims of "autonomy" can backfire in liability lawsuits; manage expectations legally.
ARROWS drafts contracts that limit liability exposure and define "intended use" strictly.

AI Liability

Risks and penalties	How ARROWS helps (office@arws.cz)
Strict Product Liability: Your AI software malfunctions, causing physical injury. Penalty: Unlimited liability for damages; reputational ruin.	Liability Shielding: We draft robust EULAs and contracts that define "intended use" and mandate human oversight, mitigating your exposure.
Marketing Missteps: Claims of "perfection" used as evidence of a defect. Penalty: Higher standard of care applied by courts; loss of defense.	Marketing Review: We review your sales materials to ensuring they align with legal safety standards and don't overpromise.
Open Source Risk: Integrating open-source code with hidden liabilities. Penalty: Intellectual property disputes; security vulnerabilities.	Code Audit Legal Support: We advise on the legal implications of using open-source libraries in commercial defense products.

FAQ – Legal Tips about AI Liability

Can we exclude liability for software defects in our contract?
Under the Czech Civil Code, you cannot exclude liability for harm caused to natural rights (life, health) or for harm caused intentionally or through gross negligence. However, in B2B relations, you can cap liability for other types of damages. ARROWS drafts enforceable liability caps – office@arws.cz.
Is our AI system "High-Risk" under the EU AI Act?
If it is a safety component of a product or used in critical infrastructure/law enforcement, it likely is. This triggers massive compliance obligations. Note that the "military exemption" is narrow. We provide AI Act compliance assessments at office@arws.cz.

Cybersecurity and NIS2 – The New Regulatory Iron Curtain

The digital battlefield requires digital fortifications. The NIS2 Directive, implemented in the Czech Republic via the new Act on Cybersecurity, drastically expands the number of "regulated entities". This is no longer just about power plants; it covers the entire supply chain.

Supply Chain Obligations

It is no longer enough for your company to be secure. If you supply AI software, EW components, or cloud services to a "critical entity" (e.g., a bank, hospital, energy distributor, or defense contractor), you become a critical part of their supply chain.

The Impact: Your clients will legally be required to audit your security. You must be able to demonstrate compliance with rigorous standards (ISO 27001, NÚKIB regulations). If you cannot, you will be dropped as a supplier.

Obligations and Draconian Penalties

The new Act introduces strict obligations:

Incident Reporting: Significant cyber incidents must be reported to the National Cyber and Information Security Agency (NÚKIB) within 24 hours.
Management Liability: Top management (CEOs, boards) can be held personally liable for failing to implement cybersecurity measures. They cannot delegate this responsibility to the IT department.
Fines: The penalties are massive—up to CZK 250,000,000 (approx. EUR 10 million) or 2% of global turnover, whichever is higher.

ARROWS International conducts "NIS2 Gap Analyses" for foreign clients. We prepare the mandatory security documentation, assist in appointing a Cyber Security Manager, and represent clients during NÚKIB audits. We ensure that your contracts with sub-suppliers reflect these new security obligations, passing the liability down the chain where appropriate.

Key Takeaway: Cybersecurity is no longer an IT issue; it is a Board of Directors issue with personal liability attached.

Cybersecurity & NIS2

Risks and penalties	How ARROWS helps (office@arws.cz)
Non-Reporting of Incidents: Failing to report a breach within 24 hours. Penalty: Fine up to CZK 250,000,000; sanctions against management.	Incident Response Plan: We draft legal response protocols ensuring you meet the 24-hour deadline without admitting undue liability.
Supply Chain Audit Failure: Losing a key client because you failed their security audit. Consequence: Loss of revenue; breach of contract.	Compliance Readiness: We prepare you for audits, reviewing your policies and documentation to meet NIS2 standards.
Management Liability: Directors held personally responsible for a hack. Penalty: Suspension of managerial function; personal fines.	Director Training: We provide legal training for boards on their cybersecurity duties.

The convergence of Electronic Warfare and AI offers unprecedented business opportunities in the Czech Republic, a safe European harbour. However, the regulatory environment is a minefield of spectrum laws, export controls, and strict liability rules. What looks like a simple software update or a standard sales contract can hide existential legal risks.

Do not navigate this battlefield alone. ARROWS Law Firm, a leading Czech law firm based in Prague, European Union, handles these agendas daily. We combine local expertise with the reach of the ARROWS International network. We are insured for CZK 500 million, and we are ready to protect your interests. Contact us today at office@arws.cz.

FAQ – Most Common Legal Questions about Electronic Warfare and AI

1. Can I use a signal jammer to protect my company's intellectual property from drones?
No. Operating a jammer is illegal for private entities in the Czech Republic and constitutes a breach of the Electronic Communications Act (Section 100). It can also be a criminal offense (General Endangerment). You must rely on passive detection and police cooperation. Contact us for a legal security assessment at office@arws.cz.

2. Does my company need a license to export AI software via the cloud to a non-EU client?
Yes, likely. If the software is classified as dual-use (e.g., encryption, image recognition), making it available to a person outside the EU is considered an export (Intangible Technology Transfer). Failure to obtain a license is a serious offense. We can audit your software classification at office@arws.cz.

3. We are a foreign company. Can we bid for a Czech Ministry of Defence contract directly?
Yes, but you will likely need a Facility Security Clearance (FSC) from the Czech National Security Authority (NBÚ) or your home country's equivalent recognized by the Czech Republic. You may also need a local branch for practical purposes and to hold a License for Foreign Trade in Military Material. We assist with NBÚ clearances – contact office@arws.cz.

4. Who is liable if our AI autonomous system makes an error and causes damage?
Under the new legal framework (Product Liability Directive), the manufacturer is strictly liable for defects in software. You may be liable for damages regardless of negligence if the product failed to meet safety expectations. Limit your risk with robust contracts – office@arws.cz.

5. What are the penalties for interfering with military radio frequencies?
The Czech Telecommunication Office can impose fines of up to CZK 50,000,000. Additionally, if the interference endangers operations (e.g., air traffic), criminal charges for general endangerment may apply. If you are facing an investigation, contact us immediately at office@arws.cz.

6. Does the "Military Exemption" in the EU AI Act apply to dual-use goods?
Not automatically. The exemption applies to systems exclusively for military purposes. Dual-use systems (civil/military) often fall under the high-risk categories of the AI Act, requiring full compliance. We can analyze your regulatory status at office@arws.cz.

Don't want to deal with this problem yourself? More than 2,000 clients trust ARROWS Law Firm, and we have been awarded Law Firm of the Year 2024. Take a look HERE at our references, and we will be honored to help you solve your problem. The inquiry is free of charge.