Estonia

HomeEstonia

Estonia: Cybersecurity Act

The Cybersecurity Act is a law passed by the Estonian government to address cybersecurity and online offences in the country. The Act sets out the legal framework for securing information systems and networks in Estonia, including government and critical infrastructure systems. It requires implementing security measures, such as risk assessments, security audits, and incident reporting, to protect against cyber threats.

The Act establishes the Estonian Information System Authority (RIA) as the central Authority for ensuring the security of information systems and networks in Estonia. The RIA works with other government agencies, private sector organizations, and international partners to develop and implement cybersecurity policies and strategies.

The Act has been praised for its comprehensive approach to cybersecurity and for Estonia’s leadership in the field. Estonia is known for its advanced digital infrastructure and innovative e-government services, which make it a prime target for cyber attacks. The Act has helped establish Estonia as a global cybersecurity leader and build trust in its digital economy.

Download Law

Chapter 1: GENERAL PROVISIONS
1 – Subject matter and scope of Act
2 – Definitions
3 – Service provider
4 – Digital service provider
5 – Single point of contact and competent authority
6 – Principles of ensuring cybersecurity

Chapter 2: OBLIGATIONS FOR ENSURING CYBERSECURITY
7 – Security measures of service provider’s system
8 – Obligation of service provider to notify of cyber incident
9 – Security measures of state and local authority’s system
10 – Security measures of digital service provider’s system
11 – Obligation of digital service provider to notify of cyber incident

Chapter 3: ENSURING CYBERSECURITY
12 – Prevention and resolution of cyber incident
13 – Cyber incident registry

Chapter 4: STATE AND ADMINISTRATIVE SUPERVISION
14 – Exercise of state and administrative supervision
15 – Special state supervision measures
16 – Specifications of state supervision
17 – Administrative supervision measures

Chapter 5: LIABILITY
18 – Violation of requirements of Act
19 – Proceedings

Chapter 6: IMPLEMENTING PROVISIONS
20 – Identification of service providers
21 – Provisions governing the amendment of other Acts are omitted from this translation.
22 – Entry into force of Act

Download Law

Comments are closed.

Close
About Decybr

Decybr is a technology platform offering an extensive database of international legal resources including laws, case laws and legal literature on cybercrimes. Branded as Decybrary, this database aggregation will be classified and searched by professionals using AI technology.

In addition to providing access to a comprehensive database of legal resources to professionals, Decybr will also offer online training to professionals on the legal and IT aspects of the laws, case laws and legal literature within cybercrime.

Archives