Draft Law on Cyber Security to Be Presented
Cyber security became the headline of the last year after the summer attacks on the E-Albania platform that paralyzed work and services.
In this context, the government has prepared a new law on cyber security, aligning it with the directives of the European Union and making the necessary additions to the missing links in the structural chain. Referring to the report of the draft law that has been issued for consultation, there are some new aspects that are added to cyber security.
First, the report cites that there are clear legal provisions regarding the responsible subjects of cyber security and their respective duties (National Authority Responsible for Cyber Security, national CSIRT, sectoral CSIRT, CSIRT near information infrastructure operators).
It is also foreseen to establish a structure that monitors security at the national level - National SOC. Another new structure is established to deal with emergency situations and cyber crisis situations - CERT.
Another element is the guarantee of cyber security through the regulation of cyber security certification in accordance with the certification schemes of the European Union as well as related procedures.
The report underlines as innovation the clear legal provisions related to the administration of cyber security: the strengthening of cyber security measures, the increase of supervision within their implementation, risk management measures, incident reports, voluntary reports.
Likewise, the increase of national and international cooperation for the strengthening of cyber security in the country and the fulfillment of international obligations in this field is emphasized.
The draft also fully transposes the NIS1 Directive as well as the inclusion of some elements of the NIS2 Directive, fulfilling the objective of aligning local legislation with that of the EU within the framework of the National European Integration Plan of the Republic of Albania (2023-2025). .
The draft law is estimated to have financial effects at the moment it is approved as it will require investments from operators with infrastructures that can be affected by cyber attacks, but how much this effect is cannot be calculated at present, according to Monitor. These investments must be made in order to increase security for the protection of information systems and networks.