The Agency for Regulation and Development of the Financial Market of the Republic of Kazakhstan reminded banks and financial institutions that they must strictly comply with information security requirements when developing and implementing new digital services, including those using biometric technologies, and that compliance will remain under ongoing oversight. Under the applicable rules, each information system must undergo mandatory testing that includes source code analysis and checks of the components and libraries used. All transmitted data must be encrypted using Transport Layer Security (TLS) version 1.2 or higher, while customers’ confidential information must be stored only in protected containers or system repositories and subjected to checks intended to prevent attacks and the injection of malicious code.
Agency for Regulation and Development of the Financial Market of the Republic of Kazakhstan 2025-11-10
Agency for Regulation and Development of the Financial Market of the Republic of Kazakhstan reiterates mandatory testing and TLS 1.2 encryption for banks’ new digital and biometric services
Kazakhstan's Financial Market Agency insists banks and financial institutions comply with information security for new digital services, including biometrics. Continuous oversight will ensure compliance, with mandatory system testing, data encryption using TLS 1.2 or higher, and secure storage of confidential information.