Summary
The Republic of Serbia’s recently proposed Law on Information Security comes at a crucial time, responding to an unprecedented number of cyber incidents across Europe. With the increasing frequency of breaches, businesses must now prioritise information security rather than treating it as an afterthought. The new law, adopted on 27 February 2025, aims to enhance the protection of digital systems and infrastructure, aligning Serbian regulations with the updated EU NIS2 Directive, which introduces stricter cybersecurity standards.
This legislation not only updates existing guidelines but also broadens the scope to include key industries like healthcare and food production, mandating stricter compliance measures for businesses operating in these critical sectors. The new requirements raise the stakes for organisations, demanding proactive risk assessments, efficient incident reporting, and enhanced protection systems.
Key Points
- The Law improves information security measures to protect digital systems in Serbia.
- It aligns with the NIS2 Directive, expanding compliance standards for various industries.
- New obligations include risk assessments and mandatory incident reporting within 24 hours.
- The establishment of the Office for Information Security will enhance national cybersecurity readiness.
- Companies may face increased compliance costs but gain user and investor confidence.
- Stricter penalties are introduced for non-compliance, emphasising accountability.
Why should I read this?
If you’re involved in business in Serbia, this article is a must-read. The new law presents both challenges and opportunities. Staying informed means being able to adapt to the evolving regulatory landscape while enhancing your organisation’s security posture. Read on to save yourself time and see how these changes might affect your operations and strategic decisions.