Skip to content
World Watch/Moldova/Cybersecurity

Cybersecurity · Moldova

Cybersecurity law & regulation in Moldova (2026)

Comprehensive lawLaw No. 48/2023 on Cybersecurity (Legea nr. 48/2023 privind securitatea cibernetică), in force 1 January 2025; supplemented by Government Decision No. 1028/2023 (Cybersecurity Agency), Government Decision No. 860/2024 (service-provider identification), and Government Decision No. 562/2025 (sector-specific obligations). Supervised by the Cybersecurity Agency (Agenția pentru Securitate Cibernetică, ASC/NCSC-MD).Country index 79 · B+

Moldova shaded by its cybersecurity status

Cybersecurity in Moldova: comprehensive law, anchored by Law No. 48/2023 on Cybersecurity (Legea nr. 48/2023 privind securitatea cibernetică), in force 1 January 2025; supplemented by Government Decision No. 1028/2023 (Cybersecurity Agency), Government Decision No. 860/2024 (service-provider identification), and Government Decision No. 562/2025 (sector-specific obligations). Supervised by the Cybersecurity Agency (Agenția pentru Securitate Cibernetică, ASC/NCSC-MD)..

Moldova enacted a comprehensive cybersecurity law (Law No. 48/2023) that entered into force on 1 January 2025 and partially transposes EU Directive 2022/2555 (NIS2), covering risk management, incident reporting, and critical-sector obligations for medium-sized and larger entities. The Cybersecurity Agency was established in December 2023 as the competent national authority and single point of contact, with CERT-GOV-MD providing the operational government CSIRT function. Full NIS2 transposition remains in progress, with further implementing acts adopted through 2025 and a National Cybersecurity Programme for 2026-2030 under development.

Key points

Primary Law, Law 48/2023

Published in the Official Gazette 2023, no. 151-153, art. 225, and effective 1 January 2025. Transposes Articles 3 and Annexes I-II of EU NIS2 Directive (2022/2555), establishing scope, definitions, governance, and obligations for critical-sector service providers.

Competent Authority

The Cybersecurity Agency (ASC/NCSC-MD), created by Government Decision No. 1028/2023 in December 2023, exercises national cybersecurity policy, supervisory, and control functions, and serves as the NIS2-designated competent authority and national single point of contact.

Incident Reporting Obligations

Essential and critical-sector service providers must report significant cyber incidents to the Cybersecurity Agency. Government Decision No. 562/2025 sets specific cybersecurity obligations and reporting duties for providers in critical sectors; a State Register of Cyber Incidents will enable centralised monitoring.

Critical-Sector Scope

Government Decision No. 860/2024 identifies which service providers fall within scope. Coverage tracks NIS2 Annexes I-II sectors (energy, transport, banking, health, digital infrastructure, etc.) and applies to medium-sized or larger entities; supervisory powers include compliance verification over operators of critical information infrastructure.

CSIRT / CERT Capability

CERT-GOV-MD, operating under the Information Technology and Cyber Security Service (STISC), is Moldova's sole operational CSIRT and handles incidents for public administration. It is a registered FIRST member and the Council of Europe-recognised national CERT.

Ongoing NIS2 Alignment & Strategy

Transposition is acknowledged as partial; authorities are continuing full alignment with NIS2 as part of EU accession obligations (candidate status since June 2022, negotiations opened June 2024). The National Cybersecurity Programme 2026-2030 will guide further development.

Moldova - other topics

Cybersecurity in other countries

Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite · Explore the full world map →