New law significantly strengthens cybersecurity in Latvia

(20.06.2024.)

On Thursday, 20 June, the Saeima adopted in the final reading the draft National Cyber Security Law in order to significantly strengthen cybersecurity in Latvia. It aims to improve cybersecurity in Latvia, as well as introduces stricter security requirements for state, local government institutions and enterprises. This law will also implement European Union (EU) requirements for a high common level network and information system security across the EU.

The new law will significantly improve the shortcomings of the outdated and insufficient Information Technology Security Law. In the current geopolitical situation, it is very important that not only supervisory measures will be stricter in the future, but also cybersecurity incident reporting requirements will become more serious, previously emphasised Raimonds Bergmanis, Chair of the Defence, Internal Affairs and Corruption Prevention Committee responsible for the draft law.

Latvia is currently in second place in the EU after Poland in terms of cyber-attacks, and, for example, in 2022, 16 percent of all Russian cyber-attacks were directed against Latvia, the Ministry of Defence previously said. One of the objectives of this law is to improve cybersecurity measures so that cyber threats can be predicted, prevented and managed in a timely manner, as well as to eliminate their consequences, ensuring continuous confidentiality, integrity and availability of services.

The new law provides for the establishment of a National Cybersecurity Centre. It will be the central authority to manage and oversee the cybersecurity of our country, as well as to cooperate with other countries in this area. It will be staffed by the Ministry of Defence and Cert.lv.

The new law will significantly expand the range of entities that will be providers of essential or important services and will be subject to the requirements of the law. These entities will be supervised by the National Cybersecurity Centre. In its turn, the Constitution Protection Bureau will control how the owners and legal possessors of the critical infrastructure of information and communication technologies fulfil their obligations. In total, this will apply to around 2 000 entities. The law also provides for penalties for non-compliance with the established requirements, which could amount to as much as €10 million.

The essential and important service providers covered by the draft law cover a wide range of sectors of public interest, including energy, transport, banks, financial market infrastructure, health and other areas. These services play an essential role in the public interest and it is important that their providers comply with information and communication technology security and cybersecurity requirements, and report cybersecurity incidents. The draft law provides that such entities will have to register with the National Cybersecurity Centre by 1 April of the following year.

In order to promote the availability of critical services in crisis situations, the draft law envisages the establishment of a single national internet traffic exchange point. It is necessary to maintain it, for example, in order to ensure the operation of the Internet and the exchange of data flows in Latvia in case of disconnection from the World Wide Web.

Coordinated vulnerability identification is also enshrined in the law, which would allow using the expertise of security researchers in a controlled manner in order to identify the ‘weak spots’ of information and communication technology resources, the Ministry of Defence emphasised.

The number, scale, complexity, frequency and impact of cyber incidents are increasing and pose a significant threat to the functioning of network and information systems. As a result, cyber incidents can hamper the pursuit of economic activities in the internal market, cause financial losses, undermine user confidence and cause major damage to the EU economy and society. Cybersecurity preparedness is therefore now more important than ever for the proper functioning of the internal market. In addition, the development of information and communication technologies both in Latvia and abroad has reached an unprecedented speed and volume, as highlighted by the authors of the draft law.

The new law will enter into force on 1 September.

 

Saeima Press Service

Trešdien, 27.novembrī
09:00  Pieprasījumu komisijas sēde
09:00  Eiropas lietu komisijas sēde
10:00  Ārlietu komisijas sēde
10:00  Budžeta un finanšu (nodokļu) komisijas sēde
10:00  Juridiskās komisijas sēde
10:00  Izglītības, kultūras un zinātnes komisijas sēde
10:00  Aizsardzības, iekšlietu un korupcijas novēršanas komisijas sēde
10:00  Valsts pārvaldes un pašvaldības komisijas sēde
10:00  Tautsaimniecības, agrārās, vides un reģionālās politikas komisijas sēde
10:00  Sociālo un darba lietu komisijas sēde
10:15  Cilvēktiesību un sabiedrisko lietu komisijas sēde
12:00  Mandātu, ētikas un iesniegumu komisijas sēde
12:00  Publisko izdevumu un revīzijas komisijas sēde
12:00  Nacionālās drošības komisijas sēde
12:00  Pilsonības, migrācijas un sabiedrības saliedētības komisijas sēde
12:00  Ilgtspējīgas attīstības komisijas sēde
15:30  Cilvēktiesību un sabiedrisko lietu komisijas Mediju politikas apakškomisijas sēde
15:30  Parlamentārā izmeklēšanas komisija par "Rail Baltica" projekta parlamentārās kontroles nodrošināšanu, lai apzinātu projekta īstenošanā pieļautās kļūdas un panāktu, ka tas kļūst par prioritāru valdības jautājumu un lēmumi tiek pieņemti pārskatāmi, laikus un ievērojot Latvijas valsts un visas sabiedrības intereses, ietekmi uz Latvijas tautsaimniecību un valsts budžetu sēde