Armenia to have information system regulator - bill

ArmInfo.  Armenia will establish an information systems regulator. At its November 21  session, the National Assembly Committee on State and Legal Affairs  approved the second reading of the draft laws "On Cybersecurity," "On  Public Information," and "On the Information Systems Regulatory  Authority," submitted by the government.

According to RA Minister of High-Tech Industry Mkhitar Hayrapetyan,  several proposals were received for the second reading, both from the  government and from members of parliament, resulting in some changes  to the package. Specifically, it envisages the creation of an  information systems regulatory commission. The commission will  consist of six members, four of whom, including the chair, will be  nominated by the government, and one each by a representative of the  ruling faction in the National Assembly and the parliamentary  opposition. The Cabinet will also approve a provision regarding the  terms of office for commission members, which will be limited to one,  three, four, and five years. Individuals who hold shares or stakes in  the authorized capital of private companies may not serve as  commission members. The commission will consist of three groups of  civil service employees, each classified into three subgroups.  Armenian citizens with at least a secondary vocational education and  relevant work experience are eligible to serve on the commission.  Higher education will be mandatory for individuals holding senior  positions on the commission.

The purpose of this package is to create a legal framework for  protecting information systems and critical infrastructure, including  the energy, transport, and financial sectors, from cyber threats. The  scope of regulation covers relations related to the uninterrupted  functioning of information systems and critical information  infrastructures used to provide vital services; ensuring the  availability, integrity, and confidentiality of processed,  distributed, stored, and transmitted information; notification of  cyber incidents, their prevention, and resolution; requirements for  cybersecurity service providers; and monitoring compliance with the  requirements of this law. The bill clarifies the powers of the body  developing state policy in the field of cybersecurity, represented by  the Ministry of High-Tech Industry of the Republic of Armenia; and  the body ensuring the implementation of cybersecurity policy,  represented by the autonomous body; as well as other competent state  bodies in this area. The adoption of the package will create a legal  basis for developing a comprehensive state policy and action plan in  the area of cybersecurity, inventorying and classifying cybersecurity  challenges and risks, and principles for responding to cyber  incidents, strengthening cybersecurity in emergency situations and  under martial law, clarifying roles and responsibilities, planning  and conducting cyber exercises, and implementing programs aimed at  raising public awareness. To ensure the security of the state  information system, an autonomous body will be tasked with  restricting the use of state information systems and the level of  data exchange (X-road). These systems are created and developed using  state budget funds, are critical infrastructure, contain a security  component, and are aimed at providing the public with uninterrupted,  secure, and high-quality services. To implement this function, the  body must have clear legislative provisions and an enabling  regulatory framework.

With the adoption of the bill, the total annual salary and social  security costs, once the relevant positions and employees of the  autonomous body are fully staffed, will amount to 4-6 billion drams.  The cost calculations took into account the fact that the salaries of  employees in professional units are high in the market, and these  teams will comprise the bulk of the body's staff.