Public discussion initiated about Draft Law on Information Security

At the premises of the municipality of Stari Grad, the first round table was held as part of the public debate on the Draft Law on Information Security, whose adoption is expected during the fall. On this occasion, the representative of the Ministry of Information and Telecommunications presented the key novelties brought by the new legal solution and explained the main goals and motives of the proposed changes.

The establishment of the Office for Information Security is the most important institutional change brought about by the new law. Its formation ensures greater data security, better coordination in the prevention, detection, analysis and termination of all potential events and dangers that can threaten data or services available through information and communication technologies (ICT). The newly established Office should carry out certification of ICT systems, products and services, professional development of persons working in information security affairs, cooperation at the national level with all relevant institutions.

Also, the proposed changes envisage the possibility of intervention by the Government of Serbia in case of a very high level of threat to information security.

- What we have introduced with this law is the case of a very high-level incident. These are the incidents that cannot be eliminated by the regular action of competent institutions and operators of ICT systems of special importance, when particular attention and specific activities are needed in order to eliminate serious consequences for society - said Milan Vojvodić, Head of Department for Regulation in the field of Information Technology of the Ministry of Information and Telecommunications.

Another improvement of the previous law concerns the capacity building of the National CERT, primarily technological, human and organizational, which would enable the transition from an informative and advisory to a more operational role. In close cooperation with ICT systems of special importance, at their request, CERT will be able to proactively determine system vulnerabilities, and perform non-intrusive network scanning or form a vulnerability database of all risks and threats.

At the public hearing, it was pointed out that one of the reasons for the amendment of the Law was the alignment with the current European regulations, namely the EU Network and Information Security Directive (NIS2) and the EU Information Security Act. The improved law should enable an adequate response to risks and threats related to the use of ICT in daily activities, provision of services and circulation of data and be open to new technological developments in accordance with European Union regulations.

NALED provided direct support for changes to the Law by participating in the working group within the project "Serbia at your fingertips - Digital transformation for development" implemented by the United Nations Development Program (UNDP). The second public hearing will be held on August 21 in Kragujevac.