Effective
Document from CIS Legislation database © 2012-2026 CIS Legislation Company

Unofficial transfer (c) Soyuzpravoinform LLC

LAW OF UKRAINE

of March 27, 2025 No. 4336-IX

About introduction of amendments to some Laws of Ukraine concerning information security and cyberprotection of the state information resources, objects of critical information infrastructure

The Verkhovna Rada of Ukraine decides:

I. Make changes to such laws of Ukraine:

1. In the Law of Ukraine "About information security in information and communication systems" (Sheets of the Verkhovna Rada of Ukraine, 2005, No. 26, Art. 347 with the following changes):

1) in Article 1 part one:

paragraphs the third, seventh and fifteenth to state in the following edition:

"leakage of information result of actions or failure to act owing to which information processed in system or information processing device becomes known or available to the physical persons and/or legal entities which do not have access rights to it";

"the information security in system activities directed to prevention of violation of integrity, confidentiality and availability of information in system";

"information processing in system - accomplishment of one or several transactions, in particular collection, input, record, transformation, reading, storage, destruction, Registration, acceptance, obtaining, the transfer performed in system by means of technical and software or is autonomous (without connection to other means of information processing, communication lines or data transmission networks) information processing devices";

add taking into account alphabetic procedure with terms of the following content:

"authorization on safety decision about possibility of functioning (operation) of the corresponding information, electronic communication, information and communication, technological system taking into account its compliance to requirements of the legislation, to national standards and regulating documents in spheres of the technical protection, cryptographic protection and cyberprotection accepted in the procedure established by the legislation";

"the authorized system on safety - information, electronic communication, information and communication, technological system or its separate elements, object of critical information infrastructure into whom measures and/or systems on the safety of information which underwent authorization on safety are entered";

"complex of technical protection of information set of actions, the means of technical information security intended for information security from leakage by technical channels in information, electronic communication and information and communication systems";

"Information processing devices - technical devices (means) of information processing in which technically it is impossible to realize program procedures of differentiation of access for users and other functional services of safety";

"the list of the authorized systems on safety - the single electronic database containing data on the authorized systems on safety of information, electronic communication, information and communication and technological systems in which the state information resources or the office information and information which is the state secret, objects of critical information infrastructure are processed owners or managers of which public authorities, state bodies, the state companies, organizations and the organizations, local government bodies which procedure for maintaining, procedure for introduction of data on the authorized systems on safety to which and procedure for access and provision of information by which are determined by specially authorized central executive body concerning the organization of special communication and information security, are. Information on the authorized systems on safety containing in the list is open, public and free, except information with limited access and information, access to which is limited according to the legislation for action of warlike situation";

"the technical channel of leakage of information - the interconnected set of source of dangerous signal, the circle of its distribution and means of technical investigation aimed at providing information leakage";

Article 8 to state 2) in the following edition:

"Article 8. Information processing conditions in system

Information processing conditions in system, object of critical information infrastructure are determined by the owner or the manager of the corresponding system taking into account the requirements for information security determined by the legislation.

The state information resources or information with limited access, the requirement for which protection is established by the law, in systems, objects of critical information infrastructure, owners or managers of which are public authorities, state bodies, the state companies, organizations and the organizations, local government bodies, shall be processed in the authorized systems on safety or by receipt of the certificate of conformity to the standard of information security issued by conformity assessment body.

Authorization on safety of systems, objects of critical information infrastructure, owners or managers of which are public authorities, state bodies, the state companies, organizations and the organizations, local government bodies, and also confirmation of observance of requirements for safety concerning such systems, objects of critical information infrastructure during their lifecycle are performed according to the procedure, established by the Cabinet of Ministers of Ukraine.

Establishment of the notifying (declarative) principle concerning acceptance by the owner or manager of system, object of critical information infrastructure (except in what information which is the state secret is processed) decisions on implementation of authorization on safety taking into account the corresponding profiles of safety, and also terms and procedure for confirmation of observance of requirements according to basic, target and industry (in the presence) safety profiles during lifecycle of the corresponding system, object of critical information infrastructure shall be component of such procedure for authorization on safety.

Confirmation of conformity of the standard of information security by results of procedure for assessment of conformity to national standards of Ukraine is performed by conformity assessment body which is accredited by national authority of Ukraine on accreditation or national authority on accreditation of foreign state if national authority of Ukraine on accreditations and national authority on accreditation of the relevant state are members of the International or regional organization for accreditation and/or signed the agreement on mutual recognition on assessment of conformity with such organization.

The procedure of receipt of the certificate of conformity to the standard of information security is not applied to systems in which information which is the state secret is processed.

Authorization on safety or receipt of the certificate of conformity to the standard of information security concerning systems in which the state information resources or the office information and information which is the state secret, objects of critical information infrastructure are processed owners or managers of which are public authorities, state bodies, the state companies, organizations and the organizations, local government bodies, is performed in case of simultaneous observance of the following conditions:

use for information security in systems of the means of technical and/or cryptographic information security having the positive expert opinion by results of state examination in the field of technical and/or cryptographic information security or the document on compliance (except systems, objects of critical information infrastructure, in which is processed the office information or information which is the state secret) issued by conformity assessment body which is accredited by national authority of Ukraine on accreditation or national authority on accreditation of foreign state if national authority of Ukraine on accreditations and national authority on accreditation of the relevant state are members of the International or regional organization for accreditation and/or signed the agreement on mutual recognition on assessment of conformity with such organization;

paid document

Full text is available with an active Subscribtion after logging in.

Login  Signup  Get Subscribtion

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Search in text CTRL-F

Demo Access

If you are guest on our site, you will work in Demo mode. In Demo mode you can see only first page of each document.

Full Access

With full access you can

  • see full text
  • see original text of document in Russian
  • download attachment (if exist)
  • see History and statistics

Get Full Access Now

Effectively work with search system

Database include more 65000 documents. You can find needed documents using search system.
For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions.
This section provides answers to questions set by users.

Search engine created by CIS Legislation Company