Fines are being introduced for violations of the requirements of normative legal acts in the field of ensuring cybersecurity, APA reports.
This is reflected in the proposed new Article 371-2 of the Code of Administrative Offenses, which was discussed at a joint meeting of the Milli Majlis Committees on Legal Policy and State Building and on Labor and Social Policy.
According to the draft, for the failure of computer incident response centers, security operations centers, as well as information infrastructure entities, including owners of internet information resources, internet providers and hosting providers, to take measures related to ensuring the cybersecurity of information infrastructure, namely:
- failure to comply with the instructions of the body (institution) designated by the relevant executive authority regarding ensuring the cybersecurity of information infrastructure (prevention of cyber threats, cyberattacks and cyber incidents and elimination of their consequences), as well as conducting digital investigations and providing information on their results;
- failure to immediately provide the body (institution) designated by the relevant executive authority with information on cyber threats, cyberattacks and cyber incidents directed at information infrastructure, as well as information obtained through continuous real-time monitoring of cyber incidents and cyberattacks and the implementation of initial technical response measures;
- failure to respond within 24 hours to inquiries sent by the body (institution) designated by the relevant executive authority for the purpose of studying the cybersecurity status of information infrastructure and conducting proactive cybersecurity research, and failure to respond within 5 working days to inquiries related to conducting digital investigations;
- failure to carry out continuous real-time monitoring of cyber incidents and cyberattacks and to implement initial technical response measures against them;
- violation of the general and special cybersecurity requirements for information infrastructure performing socially significant functions by information infrastructure entities, including internet providers, hosting providers and owners of internet information resources;
- failure to create conditions for digital investigations and proactive cybersecurity research, as well as failure to preserve the integrity of information obtained during digital investigations, allowing its alteration, deletion or falsification —
shall result in a fine ranging from 500 to 1,000 manats for officials and from 1,000 to 2,000 manats for legal entities.
Operating as a computer incident response center or a security operations center without being included in the "Registry of Computer Incident Response Centers and Security Operations Centers" shall result in a fine ranging from 1,000 to 1,500 manats for officials and from 1,500 to 2,500 manats for legal entities.
These provisions shall not apply to critical information infrastructure, state bodies (institutions), including the Central Bank of the Republic of Azerbaijan, intelligence and counterintelligence entities, entities supervised in financial markets (banks, insurers, reinsurers, licensed persons in the securities market, joint-stock investment funds and investment fund managers, payment service providers, etc.), as well as the information infrastructure of protected persons, protected and strategic facilities, and computer incident response centers and security operations centers established by the body (institution) designated by the relevant executive authority and by the Central Bank of the Republic of Azerbaijan.
Follow us on Telegram
t.me/apanewsaz
Follow us on Instagram
Follow us on TikTok
Follow us on Facebook
Follow us on X
