Doina Nistor
The new regulations require service providers to keep and maintain activity logs. This is necessary to identify and respond to potential cyber incidents in a timely manner and to mitigate their impact. Backup copies of the logs will have to be kept for at least 12 months and protected from unauthorized access.
Logs should cover a wide range of critical activities: network traffic (inbound and outbound); account management (creating, modifying, or deleting accounts, and extending access rights); system access (tracking access to applications and systems, including privileged access by administrative accounts); changes (logging any changes to critical configuration files and backups); security events; and physical monitoring (physical access to equipment and facilities).
These measures are designed to ensure full traceability of events and the ability to investigate in detail in the event of a cyberattack.
Analysis of the current situation has shown that, despite the existence of the Cybersecurity Law, the lack of complete sectoral regulations jeopardizes the functioning of Moldova’s economy, especially its digital sector. Improving the cyber resilience of legal entities that are critical service providers becomes a key challenge.
According to the International Telecommunication Union (ITU) report, Moldova has improved its position on legal, organizational and cooperation measures in 2024 compared to 2020. However, there is a marked decline in technical measures and capacity development. This situation requires harmonization of national legislation with EU norms,” the accompanying note to the government’s decision says.
The analysis carried out by the European Commission shows that the average costs per small or medium-sized enterprise (SME) for the implementation of these measures amount to 2,500-5,000 euros. As Doina Nistor, Minister of Economy and Digitalization, pointed out at the government meeting, the application of the requirements will be gradual. Essential service providers (critical services) will implement the standards within 12 months and important ones within 18 months.
“Protecting citizens and critical infrastructure is paramount. Cybersecurity has become an urgent need. A cyberattack can disrupt vital services – energy, water, transportation, telecommunications, banking or healthcare. The new standards are clear and predictable, based on European and international norms. The aim is to strengthen the resilience of public and private service providers so that the networks and information systems they use have a high level of protection. These measures will make Moldova more secure, allowing it to take a decisive step into the European digital market. Cybersecurity is one of the fundamental pillars of the modern economy”, concluded Doina Nistor.
