Ukraine: new cyber security protection measures


On 13 February 2017 the President approved the National Security and Defence Council’s decision on securing Ukraine against evolving cyber threats (the “NSDC Decision”).

The NSDC Decision sets out actions aimed at increasing overall cyber security to tackle and combat cyber crims and threats, involving propaganda, espionage and cyber-attacks, efficiently. The main cyber security measures envisaged by the NSDC Decision include the following:

  • The Cabinet of Ministers shall propose draft laws to Parliament to implement the Convention on Cybercrime (ETS No.185) introducing, among others:
    • the ability of the law-enforcement bodies to issue mandatory orders to electronic data owners (e.g. telecommunication providers and operators) for the immediate recording and storing of electronic data necessary to investigate crimes for a period from 90 days to 3 years;
    • an obligation for telecom operators and providers to provide all data necessary to identify service providers and data routes to the law enforcement bodies, as per their request;
    • the possibility to block informational resources (for example, websites) by court decision; and
    • an effective legal mechanism for the use of electronic evidence in criminal court proceedings.
  • The National Bank of Ukraine shall develop a legal framework authorising it to block payment systems owned by entities of the state-aggressor (i.e. the Russian Federation) on the territory of Ukraine.

Legislation: The President Decree No 32/2017 "On the Decision of the National Security and Defence Council of Ukraine dated 29 December 2016 "On Threats to the Cybersecurity of the State and Urgent Measures to Neutralize Them".