Podcast 🎧 & blog: Cyber legislation for safe cyberspace

Cybersecurity has been, undoubtedly, a dominant theme in last year’s digital governance discourse. The attention, and relevance, that cybersecurity increasingly enjoyed in the past years should be taken as a sign. As our life becomes increasingly digital, it is natural that more and more subdomains of it enter the scene too.

In this podcast episode, Elsa Neeme, Senior Expert on Cybersecurity at eGA, and Vitalie Varaniță, assisting activities in Moldova, tell us more about cyber laws’ role in the development of secure cyberspace. One of the topics in focus of the EU-funded Cybersecurity Rapid Assistance project taking place in the country.

How the cyber legislation benefit to safer cyberspace? What needs to be kept in mind when creating laws concerning cyberspace? What lessons can share Moldova after the launch of its first cybersecurity law? All of this and more, as we dissect with experts meanings and targets of taking action in cyber legislation.

All the faces of cyber law, explained

Speaking of cyber law takes us beyond the conventional understanding of critical infrastructure protection. Within its scope, several critical areas make it an expansive domain. “Cyber law is much more. It encompasses privacy, public sector data administration, e-commerce, national security, and cybercrime,” Neeme begins with. Just before a deep dive into the sub-domains that make, so to say, the range and space of action of cyber law drafting.

Personal data protection
In an increasingly digital world, vast amounts of personal information are processed online. This aspect of cyber law safeguards individuals’ privacy rights, ensuring that digital interactions remain secure and private.

Public sector data administration
This involves regulating how government databases are managed and accessed, ensuring data integrity and security. By establishing legal frameworks in this area, governments can enhance public trust in digital services.

E-commerce
As online business transactions become commonplace, legal provisions governing data exchange, consumer protection, and digital contracts become increasingly significant. Cyber law in this context ensures that online business activities are conducted fairly and securely, fostering a reliable digital marketplace.

National security and defense
Governments worldwide are focusing on protecting their digital infrastructure from both domestic and foreign cyber threats. This involves developing legal frameworks that empower governmental bodies to take decisive actions against such threats while respecting citizens’ rights and international norms.

Cybercrime
Actions in this domain include defining and penalising cyber offenses like hacking, identity theft, and malware distribution. By addressing these challenges, cyber law plays a vital role in maintaining digital order and safeguarding users against cybercriminal activities.

What’s the role of cyber laws in cybersecurity?

One of the primary reasons for enacting cyber laws is to uphold national security in the digital realm. As threats evolve, so must the legal frameworks that address them, ensuring that nations are equipped to protect their digital assets and infrastructure.

But at the same time, the balance between individual rights and state interests must remain in focus. “Cybersecurity laws must balance individual rights with state interests, providing legal grounds for state actions while safeguarding citizens’ freedoms,” Neeme says.

This dual role is clear. And essential in democratic societies where the protection of individual freedoms must coexist with national security concerns. Keeping such an outward look, Varaniță adds instead, “Effective cyber laws also require international cooperation and adaptability, to keep up with evolving cyber threats and technological advancements.” A point, this one, that underscores how laws that are too rigid or outdated can hinder a nation’s ability to respond effectively to new cyber challenges.

“Cybersecurity is a complex field requiring legal, technical, organisational, and educational measures for effective implementation,” Varaniță points out. As such, simply having a law in place is not sufficient; it must be supported by a robust infrastructure, skilled professionals, and a well-informed public. Sounds like a lot, but a careful and comprehensive approach ensures that cyber laws are effective in enhancing cybersecurity across all levels of society.

Cyber law implementation in Moldova – and beyond

Moldova’s experience in implementing cybersecurity law offers insightful lessons for other nations. The law, set to be effective from January 2025, represents a significant step forward in the country’s digital security landscape. However, its journey from legislation to implementation highlights several key aspects.

The process began with a comprehensive assessment of Moldova’s specific needs and resources. This initial phase was crucial in tailoring the law to fit the country’s unique context, particularly considering its EU candidacy and the need for harmonisation with EU policies. The development of the law was not in isolation but in alignment with international standards and practices, ensuring its relevance and efficacy.

One of the critical actions in this process is the establishment of a centralised national cybersecurity center, to coordinate cybersecurity efforts across various sectors. Then, comes the identification and regulation of critical service providers, to define the scope of the law and ensure that key sectors are adequately protected. “The law’s transitional provisions facilitate this process,” Varaniță explains, allowing for a gradual and well-organised implementation.

As the highlight of this venture, the establishment of the National Agency for Cyber Security of Moldova , took place at the end of 2023.  In light of all this, Moldova’s approach does serve practitioners a good case study in creating a legal framework both complete and practical. This process bound together contextual understanding, international alignment, coordination, and detailed planning in developing and rolling out effective cybersecurity legislation.