The Armenian government has approved a legislative package that includes the draft laws On Cybersecurity, On Public Information, On Regulatory Authority for Information Systems, and related acts. The measures will define critical sectors and infrastructure in both the state and private spheres, establishing a unified national cybersecurity policy.
International experience from Estonia, Moldova, Singapore, Albania, Georgia, Uzbekistan, and others has been studied and incorporated. The law will introduce ISO 27001 and other global standards to safeguard government systems and private companies operating civil infrastructure.
A new Regulatory Authority for Information Systems will be created, with its commission members elected by the National Assembly. Core professional divisions within the authority will be staffed by regulatory service officers, whose roles will be a distinct category of public service under the draft law. Support divisions will be staffed by civil servants.
The decision establishes a legal basis for developing a comprehensive national cybersecurity strategy and action plan, cataloguing and classifying cybersecurity threats and risks, implementing coordinated incident response measures, strengthening protection during emergencies and martial law, creating contingency plans and scenarios, clarifying roles and responsibilities, planning and conducting cyber drills, and running public awareness and digital literacy programs.
