LTH PRL Cyber Security Law


Jul. 11, LTH PRL issued law to amend the Cyber Security Law of LTH.


  • LTH PRL issued law XIV-2902 making amendments to cyber security law of Lithuania.
  • Follows, LTH PRL Jun. 2024 issued draft law amending the cyber security law.
  • Document dated Jul. 11, 2024, was received on Jul. 23, 2024 due to a new feed.
  • EU Law Implemented
  • Regulation 2019/881 on ENISA and cybersecurity certification of information and communication technologies, which repeals Reg 526/2013 (Cyber Security Act)
  • Regulation 2021/887 establishing a European Cybersecurity Industry, Technology and Research Competence Center and a Network of National Coordination Centers.
  • Directive 2022/2555 amending Regulation 910/2014 and Directive 2018/1972 and repealing Directive 2016/1148 (TIS 2 Directive).
  • Overview
  • Law to establish the principles of cyber security, the institutions that form and implement the cyber security policy, their functions and powers, the bases for the identification of cyber security entities and the duties of these entities.
  • Also the exchange of information and inter-institutional cooperation, checks of compliance of cyber security entities with the requirements of this law and enforcement measures, powers of the national cyber security certification authority.
  • This law does not apply to credit unions, with the exception of credit unions that manage and/or manage network and information systems independently of central credit unions to provide services or perform activities.
  • Note that Credit institutions as defined in Reg 575/2013 on prudential requirements for credit institutions and investment companies and amending Reg 648/2012 (banking) and main counterparties as defined in Reg 648/2012 on over-the-counter derivatives, main counterparties and transaction data repositories are both considered sectors of special importance and as such fall within the provisions of the cyber security act.
  • Effectiveness
  • Law is in force Oct. 18, 2024; implementing legislation to be adopted Oct. 17, 2024.
  • By Apr. 17, 2025, National Cyber Security Center must identify cyber security entities operating in the sectors specified in Appendices 1 and 2 of the Cyber Security Law.
  • Entities included in the list of critical information infrastructure and its managers before the date of entry into force of this law, have until Apr. 17, 2025 to ensure compliance of their networks/information systems with cyber security requirements applied to cyber security entities, set out in Art. 11 point 1 of the Cyber Security Law.
  • Security commissioners have 2 years to ensure compliance with certain provisions.

Regulators LTH PRL
Entity Types Bank; Depo; MSB; OTC
Reference Act XII-1428, 7/11/2024; bill XIVP-3815(2), 6/19/2024; NIS Dir 2016/1148, Dir 2022/2555; CRR Reg 575/2013; CRR 2 Reg 2019/876
Functions BCS; Cyber; Technology
Countries Lithuania
Category
State
Products Banking; Payments
Regions EMEA
Rule Type Final
Rule Date 7/11/2024
Effective Date 10/17/2024
Rule Id 220155
Linked to N/A
Reg. Last Update 7/11/2024
Report Section UK

Last substantive update on 07/24/2024