CYBERSECURITY IN AZERBAIJAN: LEGISLATIVE MEASURES TO PROTECT CRITICAL INFORMATION INFRASTRUCTURE
Authors: Balajanov Elvin
Affiliation: Association of Cybersecurity Organizations of Azerbaijan
Category:
Keywords: critical information infrastructure, CII, Azerbaijan, legal regulation, criticality criteria, security requirements, cybercrime, legal liability
ABSTRACT. The scope of information infrastructures underpinning business operations and technological processes within Azerbaijan’s national security sectors is rapidly expanding. These infrastructures are essential for ensuring operational continuity and resilience, with any compromise posing a risk of significant disruption and damage. Consequently, safeguarding these infrastructures has become a core priority within the nation’s broader information security strategy. To this end, substantial measures, including enhanced legal regulations, have been implemented to strengthen the security of infrastructures deemed critical, as well as the information systems, communication networks, and automated management systems vital to the interests of the state, society, and its citizens. This article examines the legal frameworks established for the protection of critical information infrastructure (CII) in Azerbaijan, while also identifying areas needing further development and optimization.
References:
Strategy of the Republic of Azerbaijan on Information Security and Cybersecurity for 2023–2027 (Approved by Decree No. 4060 of the President of the Republic of Azerbaijan, dated August 28, 2023).
Decree of the President of the Republic of Azerbaijan "On Certain Measures for Ensuring the Security of Critical Information Infrastructure" (Decree No. 1315, April 17, 2021).
Law of the Republic of Azerbaijan "On Information, Informatization, and Information Protection" (Law No. 460-IQ, April 3, 1998).
Decree of the President of the Republic of Azerbaijan "On the Implementation of the Law of the Republic of Azerbaijan on Information, Informatization, and Information Protection" (No. 729, 19 june 1998).
NIS2 Directive - Directive (EU) 2022/2555 of the European Parliament and of the Council of December 14, 2022, on measures for ensuring a high common level of cybersecurity across the Union.
Decree of the President of the Republic of Azerbaijan "On the Implementation of the Law of the Republic of Azerbaijan on Information, Informatization, and the Protection of Information" (Decree No. 729, June 19, 1998).
"Rules on Ensuring the Security of Critical Information Infrastructure in the Republic of Azerbaijan" (approved by the Cabinet of Ministers of the Republic of Azerbaijan, Decree No. 229, July 17, 2023).
"Regulations on the Structure, Creation, and Maintenance of the Registry of Critical Information Infrastructure Objects" (approved by the Cabinet of Ministers of the Republic of Azerbaijan, Decree No. 230, July 17, 2023).
Administrative Offenses Code of the Republic of Azerbaijan (2015) (https://e-qanun.az/framework/46960).
Criminal Code of the Republic of Azerbaijan (1999) (https://e-qanun.az/framework/46947).
UK Computer Misuse Act 1990 (https://www.legislation.gov.uk/ukpga/1990/18/contents).
Menu