The Parliament of Montenegro has adopted the Law on Information Security.
This law prescribes information security measures to achieve the highest level of security for network and information systems, including cybersecurity, the designation of key and important entities, the management of cybersecurity, as well as other issues relevant to information security.
The obligation to apply the provisions of this law applies to state authorities, ministries, and other administrative bodies, bodies of local self-government units, local administration bodies, and services established in accordance with the law regulating local self-government, legal entities performing public powers, business entities, and other legal and natural persons who access or handle data and who use and manage network and information systems (other entities).
Key entities are bodies and other entities that apply information and communication technologies and provide services of special importance for the life, health, safety of citizens, and functioning of the state, and on whose functioning depends the performance of activities of public interest, the interruption of which or destruction of which would endanger the life, health, safety of citizens, and functioning of the state, regardless of their size in terms of the law regulating accounting, particularly operators of critical infrastructure in accordance with the law regulating the designation and protection of critical infrastructure.
Important entities are bodies and other entities that apply information and communication technologies and provide services of significance for the life, health, safety of citizens, and functioning of the state, and on whose functioning depends the performance of activities of public interest, the interruption of which or destruction of which would impair the functioning of the state, regardless of their size in terms of the law regulating accounting, particularly operators of critical infrastructure in accordance with the law regulating the designation and protection of critical infrastructure.
The most important provisions relate to information security measures:
Information security measures include:
- Data protection, and
- Protection from cyber threats and incidents.
Additionally, the law defines the obligation for data protection and protection from cyber threats and incidents.
Article 18 defines the obligation to apply information security measures, as well as the obligation to designate an employee responsible for monitoring the implementation of information security measures.
On the date this law enters into force, the Law on Information Security (“Official Gazette of Montenegro”, nos. 14/10, 40/16, and 67/21) and the provisions of Article 74, paragraph 1, point 8b and Article 74a of the Law on Classified Information (“Official Gazette of Montenegro”, nos. 14/08, 76/09, 41/10, 38/12, 44/12, 14/13, 18/14, 48/15, and 74/20) shall cease to apply.
The Law on Information Security was published in the “Official Gazette of Montenegro” no. 113/2024 dated 27.11.2024 and enters into force on the eighth day following its publication in the “Official Gazette of Montenegro.”
Other categories