The Ukrainian Union of Industrialists and Entrepreneurs (USPP) has demanded that the draft law No. 8087 “On Protection of Information Infrastructure” be finalized due to contradictions with the European legislation, excessive centralization and expansion of powers of the State Service for Special Communications and Information Protection (Gospetsvyaz).
According to information on its website, the relevant appeal was sent to the chairman of the Verkhovna Rada Ruslan Stefanchuk, all parliamentary committees and factions and the president of the country following the results of public hearings organized by the USPP together with the Council of Advocates of Kyiv region with the participation of representatives of the Ministry of Defense, the government, the legal community, representatives of anti-corruption bodies, the public, the IT business and experts.
“The main drawback of the draft law No. 8087 at the public hearings was called the fact that it significantly expands the powers of the State Spetsvyaz and assigns it unprecedentedly broad powers,” the USPP information says.
In particular, in its opinion, the supervisory body will have the right to carry out inspections of any enterprises, access to their facilities and premises, any of their documentation and information, to provide mandatory requirements to any business entity, regardless of whether it is a large corporation, IT-business enterprise or self-employed person (FLP, lawyer, etc.). In addition, the State Spetsvyaz will have the right to involve any other bodies, in particular the SBU and cyber police, in such inspections.
Other shortcomings in the appeal named inconsistency, “and sometimes even contradictions” with the EU Directive on Network and Information Security (NIS2 Directive), adopted on December 14, 2022 and coming into force in the EU on October 18, 2024.
“The NIS2 Directive does not apply to entities with national security activities and also establishes a clear list of criteria regarding the companies to which it applies. At the same time, Bill 8087 covers all state bodies and business entities without exception, burdening even the smallest of them with exorbitant administrative and financial burdens,” the USPP argues.
In its opinion, the bill forms one vertical of cybersecurity systems uniting all state information resources, which will make it more vulnerable to cyberattacks instead of more expedient decentralization.
In addition, the appeal criticizes the fact that the bill does not only affect cybersecurity in general and public sector cybersecurity in particular, but also largely concerns the private information sector, business climate, investment attractiveness, etc.
Source:
