Cybersecurity · Kyrgyzstan

Cybersecurity regulation in Kyrgyzstan (2026)

Comprehensive lawLaw on Cybersecurity of the Kyrgyz Republic (No. 121, July 17, 2024); Digital Code of the Kyrgyz Republic (2025); enforced by the State Committee for National Security (SCNS) / Coordination Centre on Cybersecurity (cert.gov.kg)Country index 85 · A

Kyrgyzstan shaded by its cybersecurity status

Kyrgyzstan enacted a dedicated Law on Cybersecurity (No. 121) on July 17, 2024, establishing a unified legal framework covering critical information infrastructure (CII), incident notification obligations, and a coordinating cybersecurity authority under the State Committee for National Security. This was supplemented in 2025 by the adoption of the Digital Code, which consolidated digital regulation and formally recognised digital resilience as a component of national security. Implementation rules for CII were issued by Cabinet resolution in December 2024.

Key points

Cybersecurity Law 2024

The Law on Cybersecurity of the Kyrgyz Republic (No. 121, July 17, 2024) establishes the legal basis for a unified national cybersecurity system, defines critical information infrastructure (CII), sets risk-management obligations for CII operators, and creates an Interdepartmental Commission on Information Security and Cybersecurity as the permanent coordinating body.

source 1 ↗source 2 ↗

CII Regulations (Dec 2024)

On December 9, 2024, the Cabinet of Ministers approved mandatory requirements for creation and operation of cybersecurity systems at critical information infrastructure facilities. The requirements apply to both government agencies and private/non-profit organisations operating systems classified as CII.

source 1 ↗

Incident-reporting duty

Operators of critical information infrastructure and government institutions are legally obliged under the 2024 Cybersecurity Law to notify the designated competent authority (SCNS Coordination Centre on Cybersecurity) of cyber incidents. Organisations handling personal data must also notify authorities of data breaches, with a 72-hour timeframe cited by leading data-protection trackers.

source 1 ↗source 2 ↗

Competent authority – SCNS CERT

The Coordination Centre on Cybersecurity, a structural unit of the State Committee for National Security, serves as the national CERT (cert.gov.kg). It is responsible for identifying and suppressing cybersecurity threats, coordinating sector CERTs, conducting state audits of particularly important information infrastructure, and developing international cybersecurity agreements.

source 1 ↗

Digital Code (2025)

Kyrgyzstan adopted a Digital Code in 2025 that systematically consolidates regulation of digital processes, rights and duties of digital-relation participants, protection of digital infrastructure, and incident-response measures. The Code formally elevates digital resilience to a matter of national security at the statutory level.

source 1 ↗

Digital Transformation Concept 2024–2028

A presidential decree in April 2024 approved the Concept for Digital Transformation 2024–2028, which designates cybersecurity and personal data protection as central pillars and provides the strategic roadmap under which the 2024 Cybersecurity Law and CII regulations sit.

source 1 ↗source 2 ↗

Kyrgyzstan - other topics

Crypto & Digital Assets Artificial Intelligence Data & Privacy Digital Payments & Fintech Digital Nomad & Residency Internet & Online Safety Starting a Business

Read in:Spanish French German Portuguese Hindi

Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →