The FBiH Government approved the Draft Law on Information Security of the Federation of BiH

Yesterday, the Government of the Federation of BiH, at the proposal of the Federal Ministry of Transport and Communications, determined the Draft Law on Information Security of the FBiH, and referred it to the parliamentary procedure. For the first time, this law regulates the field of information, that is, cyber security in the Federation of Bosnia and Herzegovina.

The Government of the FBiH today, at the proposal of the Federal Ministry of Transport and Communications, established the Draft Law on Information Security of the FBiH, and referred it to the parliamentary procedure, announced the Public Relations Office of the Government of the FBiH.

This law regulates the field of information and cyber security in the Federation of Bosnia and Herzegovina for the first time. As explained today, cyber security requires a systematic and coordinated approach between entities and all other interested parties in BiH, with the inevitable consideration of the fact that cyber space is a global category that by its very nature exceeds the frameworks and borders of entities or other authorities.

The Federal Ministry of Transport and Communications prepared the preliminary draft of this law in order to fulfill the goals defined by the strategic documents, the Reform Agenda, the Work Program of the Government of FBiH, and in accordance with the list of priority regulations and recommendations of the European Union, and the Framework Guidelines for the establishment of a strategic framework for cyber security in BiH. Also, this legal act is partially harmonized with the NIS2 Directive of the European Parliament and the Council on measures for a high common level of cyber security throughout the Union, which was adopted on November 28, 2022, to the extent that it was possible considering that BiH is not a member of the EU. The Ministry, in cooperation with EU experts, incorporated the enforceable part of this directive into the text of the Draft Law that was determined today.

As further stated in the explanation, global business, as well as public administration systems, and other segments of society are becoming integrated through ICT infrastructure, but also through interdependence in effective defense against threats. This connection and synergy of rational use, especially of communication technologies and protection of the digital environment, leads to numerous positive effects and development of society, but also to numerous new risks that must be identified and treated in a timely manner. Therefore, it was pointed out that the Federation of BiH, as one of the pillars of government in BiH, has the obligation to actively participate and respond to these risks in order to guarantee its citizens and the business community a smooth and safe life and work, as well as the development of society as a whole.

As stated in the explanation, the reasons for the adoption of this law lie in the need for a systemic approach to reducing the risk of growing threats, threats to critical infrastructure, property or services, especially terrorism, cybercrime and abuse of children in cyberspace.

It is also argued that cyber space is becoming a new potential and real area of conflict between companies, interest groups, and states, and that a large number of countries are developing infrastructure, systems and capacities with the aim of reducing the risk of negative impacts of cyber threats and other related vulnerabilities.

Namely, it is extremely important that these activities are focused and controlled in order to be more successful. It was also emphasized that the European Union and neighboring countries are working rapidly to adopt recommendations and a formal legal framework that would guarantee a safe, open and stable cyber space.

This law would regulate the procedures and measures for achieving a high common level of information security of federal organizations, operators of key services and providers of digital services, as well as the competences and authorizations of competent sector bodies, single contact points, and bodies responsible for prevention and protection against incidents. (competent CERT). It also regulates the supervision of federal organizations, key service operators and digital service providers in the implementation of this law, as well as misdemeanor provisions.

As it is pointed out, the goal of information security is to enable the development of protection and prevention mechanisms against endangering data and information systems for the benefit of all subjects of the information society – citizens, the economy and the state as a whole. By establishing that draft, the FBiH Government expresses its commitment to increase the level of knowledge and use of modern information technologies in public institutions in the Federation of BiH, especially when it comes to cyber security.

That law, among other things, would define measures to achieve a high level of information security, then the obligation to implement those measures, protection of data and the information system itself, then coordination, prevention and handling of incidents, as well as inter-institutional cooperation by establishing a coordinating body for information security .