Unofficial transfer (c) Soyuzpravoinform LLC

LAW OF THE REPUBLIC OF ARMENIA

of December 24, 2025 No. ZR-442

About cyber security

Accepted by National Assembly of the Republic of Armenia on December 4, 2025

Chapter 1. General provisions

The purpose of this law is ensuring cyber security of information systems and crucial information infrastructures in the vital sectors of economy of the Republic of Armenia.

Article 1. Subject of regulation and coverage of the law

1. This law governs the relations connected with ensuring cyber security of information systems or crucial information infrastructures in the vital spheres, in particular, in sense of this law, circle of the subjects providing services, the vital spheres concerning detection of cyberincidents, their notifications, prevention and permission, bodies of system of public administration in the field of cyber security and amount of their powers, monitoring, control, responsibility for observance of requirements of this law, cyber security audit, and also other relations connected with cyber security.

2. Any other legal entity or the individual entrepreneur who in sense of this law are not considered as service providers in the procedure established by the government can voluntarily undertake the obligations on ensuring cyber security following from this law or to refuse them.

3. Operation of this law extends:

1) on legal entities and individual entrepreneurs who at the same time perform activities in one or several spheres of the vital value listed regarding the 4th article 16 of this law and operate information system or critical information infrastructure;

2) on state and regional authorities.

4. Operation of this law does not extend to the legal entities and individual entrepreneurs answering to the criteria of classification of subjects of midget and small business provided by the law "About the State Support of Small and Medium Entrepreneurship", except as specified, when specified persons operate critical information infrastructure.

5. Operation of this law does not extend to observance of requirements of cyber security of the information systems operated by authorized state bodies in spheres of defense, homeland security, the international relations and foreign intelligence in case of accomplishment of the functions by them.

6. Operation of this law does not extend to observance of the requirements of cyber security connected with operation of the information systems and critical information infrastructures applied for the purpose of processing of the data containing the state secret.

7. Operation of this law does not extend to the relations regulating the sphere of cybercrime other laws.

8. When implementing the measures aimed at providing cyber security, established by this law, the service provider when making any actions connected with personal data is guided by requirements of the legislation governing the relations connected with processing of personal data.

9. When implementing the measures aimed at providing cyber security, established by this law, the service provider when making any actions connected with information containing the state secret, and also other secret protected by the law is guided by requirements of the legislation protected by the law and the legislation governing the relations connected with this secret.

Article 2. Legislation on cyber security

1. The relations arising in the field of ensuring cyber security are regulated by the Constitution of the Republic of Armenia, this law, the laws "About Public Information", "About Regulating Authority of Information Systems", international treaties of the Republic of Armenia, other legal acts.

2. If the international treaties ratified by the Republic of Armenia establish other regulations, than those which are provided by this law then are applied regulations of international treaties.

Article 3. The basic concepts used in this law

1. In this Law the following basic concepts are used:

1) cyber security is set of the organizational, technical and program measures protecting the information processed, which is stored and transferred in the computer, the computer equipment, digital data carriers, information systems, crucial information infrastructure and electronic communication networks from accidental loss, unauthorized access, use, disclosure, violation, modification, destruction, the attacks, copying, record, distribution and other illegal invasions or interventions, and also providing availability, integrity, authenticity, confidentiality and accuracy of this information;

2) Authorized body - the body of system of public administration developing and performing policy in the spheres listed in Item 16 of appendix to the Law "About Structure and Activities of the Government" (further - Authorized body);

3) Autonomous body - the commission on regulation of information systems provided by the law "About Regulating Authority of Information Systems" (further - autonomous body);

4) safety of information system capability of information system to resist to any situation which threatens access, the authenticity, integrity, confidentiality and accuracy of the data which are stored, processed, received or transferred in this system or the services offered by this system or provided through this system;

5) critical information infrastructure - the automated control systems, information systems, the equipment or their parts operated in the vital sectors, failure or destruction of which can create threats of homeland security, to defense, economy, social wellbeing, health of the population, the environment, public order, the international relations and continuity of management (governance continuity);

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info