Cyber Law at Cyprus
Cyprus has established a comprehensive cybersecurity legal framework, aligning with European Union directives and enhancing national resilience against cyber threats. Here's an overview of the key legislative developments:
Cyprus Cybersecurity Legal Framework
1. Network and Information Systems (NIS) Law
Cyprus transposed the EU's NIS2 Directive into national law through the Security of Networks and Information Systems Law (No. 89(I)/2020. This legislation, effective from 18 October 2024, imposes stringent cybersecurity requirements on entities operating in critical sector. Key provisions include:
Expanded Scope Coverage now includes medium and large enterprises in sectors such as energy, transport, banking, health, and digital administration.
Cybersecurity Measures Obligations encompass risk analysis, incident handling, business continuity, supply chain security, and the use of multi-factor authenticatio.
Incident Reporting Entities must report significant cybersecurity incidents to the national Computer Security Incident Response Team
Enforcement and Penalties The Digital Security Authority (DSA) is empowered to impose fines up to €200,000, with daily penalties for ongoing infringements. Criminal liabilities include imprisonment and fines for non-complianc.
2. General Data Protection Regulation (GDPR)
As an EU member state, Cyprus enforces the GDPR, which governs the processing of personal dat. Key obligations for data controllers include:
Lawful Processing Ensuring fairness, transparency, and lawfulness in data processing activitie.
Data Security Implementing appropriate technical and organizational measures to safeguard personal dat.
Breach Notification Reporting data breaches to the Commissioner for Personal Data Protection and affected individuals without undue dela.
Penalties Fines up to €10 million or 2% of global annual turnover for certain infringements, and up to €20 million or 4% for other.
3. National Cybersecurity Authority (NCCA)
The DSA, designated as the NCCA, oversees the implementation of EU cybersecurity certification schemes for ICT products and service. This includes certifying cloud services and 5G technologies, promoting Cyprus as a regional cybersecurity hu.
4. Digital Operational Resilience Act (DORA)
Effective from 17 January 2025, DORA imposes enhanced cybersecurity requirements on financial entities in Cyprus, including banks and insurance companie. The Central Bank of Cyprus mandates compliance to ensure operational resilience against cyber disruption.
Cyprus's cybersecurity legal framework demonstrates a robust commitment to safeguarding digital infrastructure and personal data, aligning with EU standards and enhancing national and regional security.
RELATED Blog
0 comments