ArmInfo. Armenia will establish an information systems regulator. At its November 21 session, the National Assembly Committee on State and Legal Affairs approved the second reading of the draft laws "On Cybersecurity," "On Public Information," and "On the Information Systems Regulatory Authority," submitted by the government.
According to RA Minister of High-Tech Industry Mkhitar Hayrapetyan, several proposals were received for the second reading, both from the government and from members of parliament, resulting in some changes to the package. Specifically, it envisages the creation of an information systems regulatory commission. The commission will consist of six members, four of whom, including the chair, will be nominated by the government, and one each by a representative of the ruling faction in the National Assembly and the parliamentary opposition. The Cabinet will also approve a provision regarding the terms of office for commission members, which will be limited to one, three, four, and five years. Individuals who hold shares or stakes in the authorized capital of private companies may not serve as commission members. The commission will consist of three groups of civil service employees, each classified into three subgroups. Armenian citizens with at least a secondary vocational education and relevant work experience are eligible to serve on the commission. Higher education will be mandatory for individuals holding senior positions on the commission.
The purpose of this package is to create a legal framework for protecting information systems and critical infrastructure, including the energy, transport, and financial sectors, from cyber threats. The scope of regulation covers relations related to the uninterrupted functioning of information systems and critical information infrastructures used to provide vital services; ensuring the availability, integrity, and confidentiality of processed, distributed, stored, and transmitted information; notification of cyber incidents, their prevention, and resolution; requirements for cybersecurity service providers; and monitoring compliance with the requirements of this law. The bill clarifies the powers of the body developing state policy in the field of cybersecurity, represented by the Ministry of High-Tech Industry of the Republic of Armenia; and the body ensuring the implementation of cybersecurity policy, represented by the autonomous body; as well as other competent state bodies in this area. The adoption of the package will create a legal basis for developing a comprehensive state policy and action plan in the area of cybersecurity, inventorying and classifying cybersecurity challenges and risks, and principles for responding to cyber incidents, strengthening cybersecurity in emergency situations and under martial law, clarifying roles and responsibilities, planning and conducting cyber exercises, and implementing programs aimed at raising public awareness. To ensure the security of the state information system, an autonomous body will be tasked with restricting the use of state information systems and the level of data exchange (X-road). These systems are created and developed using state budget funds, are critical infrastructure, contain a security component, and are aimed at providing the public with uninterrupted, secure, and high-quality services. To implement this function, the body must have clear legislative provisions and an enabling regulatory framework.
With the adoption of the bill, the total annual salary and social security costs, once the relevant positions and employees of the autonomous body are fully staffed, will amount to 4-6 billion drams. The cost calculations took into account the fact that the salaries of employees in professional units are high in the market, and these teams will comprise the bulk of the body's staff.
