Estonia, Internet, Security, Technology

International Internet Magazine. Baltic States news & analytics Tuesday, 18.06.2019, 20:18

Estonian govt planning to endorse cyber security bill

BC, Tallinn, 01.03.2018.Print version
The Estonian government at a sitting on Thursday is planning to endorse a cyber security bill, the aim of which is to strengthen the protection of network and information systems needed when rendering services of decisive importance and the network and information systems of state and local government units, writes LETA/BNS.

The bill to be filed by Minister of Entrepreneurship and Information Technology Urve Palo will take over the European Union Directive on security of network and information systems, with which regulations concerning the implementing of security measures and informing of cyber incidents will be set for providers of important and digital services. In addition, the tasks of the national supervision authority, the Information System Authority, in coordinating the assurance of cyber security and organization of cross-border cooperation will be clarified, government spokespeople said.


Service providers that significantly affect the functioning of the society, like vital services, important infrastructure companies, the Estonian Internet Foundation, as well as larger digital service providers like internet-based trading platforms, search engines or cloud data processors must in the event of the law coming into effect implement risk assessment based organizational, physical and information technological security measures. In addition, there will be the responsibility to inform the Information System Authority of cyber incidents with significant impact.


In the public sector, including the local governments, the responsibility to implement information security measures will also be extended to include e-mail servers, file servers and document management systems. So far, the responsibility to implement security measures based on a legal act has only applied to information systems that are databases in the interpretation of the Public Information Act.


The bill does not stipulate any significant new responsibilities for the public sector. Ensuring the security of information systems has for a long time been part of the development and management of IT systems.


The law is planned to come into force on May 10, 2018. As an exception, the regulations will enter into force for the Estonian Internet Foundation and the state and local government unit on January 1, 2020. The stipulation of the transfer period is first and foremost linked with the rearrangements made with the administrative reform as well as the planning process of the state budget strategy.






Search site