CSDG presented today the policy paper on cyber governance challenges in Albania. Parliament member Mr. Etjen Xhafaj and Deputy Minister Ms. Enkeleda Muçaj, as well as representatives from the Authority of National Certification and Cyber Security, Mr. Igli Tafa, Electronic and Postal Communications Authority, Mr. Bledar Kazia, and Banka Kombëtare Tragtare, Ms. Blerina Tushe, participated on the discussion table and shared their remarks on the topic theme.
This policy paper is conducted on the frame of EU’s change of trajectory on cybersecurity. Since the methodology of conducting cyber-attacks has evolved with the evolvement of technology, and cyber criminals are targeting critical infrastructures, the European Union has introduced a package of directives and regulations, focusing on increasing the resilience and cyber security of the critical infrastructures across the Union. In Albania, the cornerstone law that governs cybersecurity is Law No. 2/2017 “On Cybersecurity”, which is in the process of repealing in the purpose of aligning it with the EU acquis. The draft law on cybersecurity first introduced for public consultation, lacked compliance with the rules and obligations introduced in the Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (also known as “NIS 2 Directive”). CSDG finds a high importance on the discussion on cybersecurity, which is included in Chapter 24 of Cluster 1. A lack of a full alignment between Albania and EU, on the cyber legal framework, could potentially impede or pause the process of Albania joining the EU.
CSDG brings an analysis on cyber governance in Albania, pausing in three key matters:
1. The necessity for full alignment of domestic legislation with the reformed cyber related acquis of the EU;
2. Transparency and clarity regarding the interaction of institutions and actors involved in cyber governance, as well as regular publications by responsible institutions on general data on vulnerabilities of critical and important infrastructures, annual analysis on cyber-attacks, the most vulnerable sectors, and supporting instructions for all subjects in Albania, are all recommended, and
3- the consolidation of cyber policy in Albania in accordance with the European Union’s recommendations for increased cooperation between institutions, particularly the institution responsible for cyber security and the institutions responsible for the defence and security, increased investments in research, human resources, and technology, as well as new provisions regarding cyber incident reporting and sanctions in cases of violation of legal obligations related to securing critical infrastructures.
The policy document aims to start a constructive debate on the state of cyber governance in Albania, with the aim of eventually improving its legal and institutional framework, based on the best practices in Europe. The CSDG supports the position of the European Union, and maintains that the EU’s approach of sharing responsibility for cyber security across government and private entities is an appropriate approach in today’s society that is increasingly interconnected with technology.