New law significantly strengthens cybersecurity in Latvia

(20.06.2024.)

On Thursday, 20 June, the Saeima adopted in the final reading the draft National Cyber Security Law in order to significantly strengthen cybersecurity in Latvia. It aims to improve cybersecurity in Latvia, as well as introduces stricter security requirements for state, local government institutions and enterprises. This law will also implement European Union (EU) requirements for a high common level network and information system security across the EU.

The new law will significantly improve the shortcomings of the outdated and insufficient Information Technology Security Law. In the current geopolitical situation, it is very important that not only supervisory measures will be stricter in the future, but also cybersecurity incident reporting requirements will become more serious, previously emphasised Raimonds Bergmanis, Chair of the Defence, Internal Affairs and Corruption Prevention Committee responsible for the draft law.

Latvia is currently in second place in the EU after Poland in terms of cyber-attacks, and, for example, in 2022, 16 percent of all Russian cyber-attacks were directed against Latvia, the Ministry of Defence previously said. One of the objectives of this law is to improve cybersecurity measures so that cyber threats can be predicted, prevented and managed in a timely manner, as well as to eliminate their consequences, ensuring continuous confidentiality, integrity and availability of services.

The new law provides for the establishment of a National Cybersecurity Centre. It will be the central authority to manage and oversee the cybersecurity of our country, as well as to cooperate with other countries in this area. It will be staffed by the Ministry of Defence and Cert.lv.

The new law will significantly expand the range of entities that will be providers of essential or important services and will be subject to the requirements of the law. These entities will be supervised by the National Cybersecurity Centre. In its turn, the Constitution Protection Bureau will control how the owners and legal possessors of the critical infrastructure of information and communication technologies fulfil their obligations. In total, this will apply to around 2 000 entities. The law also provides for penalties for non-compliance with the established requirements, which could amount to as much as €10 million.

The essential and important service providers covered by the draft law cover a wide range of sectors of public interest, including energy, transport, banks, financial market infrastructure, health and other areas. These services play an essential role in the public interest and it is important that their providers comply with information and communication technology security and cybersecurity requirements, and report cybersecurity incidents. The draft law provides that such entities will have to register with the National Cybersecurity Centre by 1 April of the following year.

In order to promote the availability of critical services in crisis situations, the draft law envisages the establishment of a single national internet traffic exchange point. It is necessary to maintain it, for example, in order to ensure the operation of the Internet and the exchange of data flows in Latvia in case of disconnection from the World Wide Web.

Coordinated vulnerability identification is also enshrined in the law, which would allow using the expertise of security researchers in a controlled manner in order to identify the ‘weak spots’ of information and communication technology resources, the Ministry of Defence emphasised.

The number, scale, complexity, frequency and impact of cyber incidents are increasing and pose a significant threat to the functioning of network and information systems. As a result, cyber incidents can hamper the pursuit of economic activities in the internal market, cause financial losses, undermine user confidence and cause major damage to the EU economy and society. Cybersecurity preparedness is therefore now more important than ever for the proper functioning of the internal market. In addition, the development of information and communication technologies both in Latvia and abroad has reached an unprecedented speed and volume, as highlighted by the authors of the draft law.

The new law will enter into force on 1 September.

 

Saeima Press Service

Previous MonthMaijs 2025Next Month
POTCPSSv
2829301234
567891011
12131415161718
19202122232425
2627282930311
Otrdien, 13.maijā
08:30  Izglītības, kultūras un zinātnes komisijas Sporta apakškomisijas sēde
08:30  Tautsaimniecības, agrārās, vides un reģionālās politikas komisijas Vides, klimata un enerģētikas apakškomisijas sēde
10:00  Budžeta un finanšu (nodokļu) komisijas sēde
10:00  Aizsardzības, iekšlietu un korupcijas novēršanas komisijas sēde
10:00  Valsts pārvaldes un pašvaldības komisijas sēde
10:00  Tautsaimniecības, agrārās, vides un reģionālās politikas komisijas sēde
10:00  Sociālo un darba lietu komisijas sēde
12:00  Budžeta un finanšu (nodokļu) komisijas Eksporta un konkurētspējas apakškomisijas sēde
12:00  Juridiskās komisijas Satversmes un tiesu politikas apakškomisijas sēde
12:00  Publisko izdevumu un revīzijas komisijas sēde
13:00  Aizsardzības, iekšlietu un korupcijas novēršanas komisijas Visaptverošas valsts aizsardzības apakškomisijas sēde
13:00  Sociālo un darba lietu komisijas Sabiedrības veselības apakškomisijas sēde
13:30  Saeimas Ārlietu komisijas, Saeimas deputātu grupas sadarbības veicināšanai ar Ukrainas parlamentu un Saeimas deputātu grupas Starptautiskās Krimas platformas atbalstam rīkotā Krimas okupācijas liecību publiskā uzklausīšana
14:00  Izglītības, kultūras un zinātnes komisijas Augstākās izglītības, zinātnes un cilvēkkapitāla apakškomisijas sēde
15:00  Saeimas deputātu grupas sadarbības veicināšanai ar Dienvidkorejas parlamentu vadītāja Ainara Latkovska un grupas deputātu tikšanās ar Korejas Republikas ārkārtējo un pilnvaroto vēstnieku Latvijas Republikā V.E. Kim Jonghan