The Central Bank of the Republic of Kosovo has approved a Regulation on Information Systems and Cyber Risk Management, establishing a comprehensive framework to strengthen digital security and operational resilience across the financial sector. The regulation introduces mandatory standards for financial institutions, applying the proportionality principle based on each institution’s activity, size, complexity and risk profile. The framework was developed with support from the International Monetary Fund and draws on industry assessments and the results of dozens of recent examinations. In preparing the regulation, the central bank considered international and regional frameworks including the Basel Committee on Banking Supervision, the European Union’s Digital Operational Resilience Act and NIS2, the European Central Bank’s approach, and the NIST Cybersecurity Framework, alongside consultations with the World Bank and domestic financial institutions. It also allows the use of more advanced technologies where required by operational scale and complexity, with these capabilities expected to be a focus of supervisory assessment.
Central Bank of the Republic of Kosovo 2025-09-25
Central Bank of the Republic of Kosovo adopts regulation on information systems and cyber risk management for financial institutions
The Central Bank of the Republic of Kosovo has approved a Regulation on Information Systems and Cyber Risk Management to enhance digital security and operational resilience in the financial sector. It mandates standards based on the proportionality principle, considering each institution's activity, size, complexity, and risk profile. Developed with IMF support, it aligns with international frameworks and allows advanced technologies for complex operations.