Ukraine’s President Volodymyr Zelenskyy has taken a decisive step in addressing the escalating cyber threats facing the nation by signing a comprehensive cybersecurity bill into law. The legislation, known as Law No. 4336-IX, focuses on enhancing the protection of state networks and critical infrastructure in the face of a rising number of cyberattacks associated with Russia.
The new law, which was approved by parliament on March 27 and signed by President Zelenskyy last week, represents a significant overhaul of Ukraine’s national cyber strategy. With the country currently embroiled in both physical and digital conflicts, the bill aims to strengthen Ukraine’s ability to respond to cyber threats targeting government systems and essential services.
According to officials, the implementation of Law No. 4336-IX will enable Ukraine to better integrate into the global cybersecurity ecosystem. Oleksandr Potii, the head of Ukraine’s State Service of Special Communications and Information Protection, emphasized that the law’s adoption will bolster the country’s resilience against modern digital challenges.
One of the key provisions of the cybersecurity bill is the establishment of a National Cyber Incident Response System. This system delineates the roles, responsibilities, and coordination mechanisms among various state response teams and agencies. It also introduces a crisis response protocol to enable the government to activate emergency measures swiftly in response to large-scale or nation-state cyberattacks.
Additionally, the law mandates the creation of a Cyber Incident Information Exchange System to facilitate the reporting, management, and disclosure of cybersecurity incidents across both public and private sectors. This platform aims to improve early warning capabilities and expedite the remediation of cyber incidents by drawing on best practices from the European Union.
A notable structural change introduced by the legislation is the shift away from the outdated Comprehensive Information Protection System (CIPS) towards a risk management approach that emphasizes continuous security throughout the lifecycle of digital systems. Each system will now be subject to tailored protection profiles, with a focus on agility and adaptability.
Furthermore, the cybersecurity bill includes provisions for the assessment of cybersecurity frameworks through periodic audits. The government has clarified that these audits will prioritize practical outcomes and organizational maturity, avoiding unnecessary interference.
To support the implementation of the law, dedicated cybersecurity officers will be designated within government ministries and critical infrastructure sectors. These officers will be responsible for leading internal cyber policy, ensuring compliance, and liaising with national authorities during cybersecurity incidents.
The legislation also aligns Ukraine with European cybersecurity norms, positioning the country for deeper cooperation with EU partners. By harmonizing legal frameworks and enhancing cybersecurity practices, Ukraine aims to strengthen its defenses against a surge in cyber threats, particularly those emanating from Russia.
In light of the increasing sophistication and persistence of cyber attackers, CERT-UA, Ukraine’s national Computer Emergency Response Team, reported a 70% rise in cyber incidents in 2024 compared to the previous year. These incidents include espionage, infrastructure sabotage, and psychological warfare campaigns targeting key sectors such as telecommunications, energy, and military command systems.
In response to the growing cyber threats, Ukraine recognizes the need for continuous evolution and adaptation in its cybersecurity defenses. The successful operationalization of the new cybersecurity law will depend on support from domestic institutions and international partners, including NATO allies and European cyber agencies.
By enacting this legislation, Ukraine joins a growing number of countries that understand the importance of proactive and integrated cybersecurity policies. With the focus on coordinated response, crisis activation, and information sharing, Ukraine is taking significant steps towards fortifying its cyber posture and safeguarding its digital sovereignty in the long term.