The Cabinet of Ministers on Tuesday supported the draft National Cybersecurity Law, which aims to improve cybersecurity in Latvia, as well as to transpose the requirements of the revised European Union Network and Information Security Directive.
Pursuant to the bill endorsed by the government today, a number of significant changes are planned. A National Cybersecurity Center will be established to act as a single point of contact for cybersecurity issues and to monitor implementation of national cybersecurity requirements, as well as to develop national cybersecurity policy initiatives in cooperation with the Defense Ministry and the Information Technology Security Incident Response Institution Cert.lv.
The National Cybersecurity Law will apply to essential and critical service providers as well as critical ICT infrastructure, and set out criteria for defining whether a public or private sector organization belongs to one of these groups.
The legislation requires public and private sector organizations covered by the law to determine their status by April 1, 2025 and to appoint a cybersecurity manager by July 1, 2025. Other requirements include meeting minimum cybersecurity requirements, reporting incidents and vulnerabilities, developing a risk management and business continuity plan and submitting an annual self-assessment report.
The bill law provides that the National Cybersecurity Center will monitor essential and critical service providers, inspect documents and ICT infrastructure, and implement corrective measures.
The draft law also provides for the establishment of requirements for protection against denial of service (DDoS) attacks, security requirements for data centers, and the development of cyber hygiene requirements applicable to state and municipal institutions.
The National Cybersecurity Law needs to be adopted by Saeima to enter into force.
Defense Minister Andris Spruds (Progressives) said that Latvia should be prepared to continue to be the target of Russian cyberattacks, but the new law will proactively strengthen Latvia’s cyber capabilities and cybersecurity governance.
Source: BNS
(Reproduction of BNS information in mass media and other websites without written consent of BNS is prohibited.)