Draft Law on Cybersecurity

On April 26, 2023, the Council of Ministers published for public consultation the draft law “On Cybersecurity,” which consultation concluded on May 24, 2023. The draft law is expected to be reviewed and approved in the parliamentary committees and the Parliament of Albania. With the entry into force of this draft law, Law No. 2/2017, “On Cybersecurity,” will be repealed.

The proposed draft law is in full compliance with Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 “concerning measures for a high common level of network and information systems security across the Union” (NIS 1), and is partially aligned with Directive (EU) No. 2022/2555 of the European Parliament and of the Council of 14 December 2022 “on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No. 910/2014 and Directive (EU) No. 2018/1972, and repealing Directive (EU) No. 2016/1148” (NIS2).

The purpose of the draft law is to define the rights and obligations of public and private entities that administer infrastructure of information, communication networks and their systems, the violation or destruction of which would have an impact on the health, safety, economic well-being of citizens and the effective functioning of the economy in the country.

Compared to the current law in force No. 2/2017, “On Cybersecurity,” this draft law introduces several key innovations: