The National Bank of Moldova has issued a regulation establishing minimum requirements for managing information and communications technology (ICT) risks, information security and business continuity, with phased compliance expectations for payment service providers. The regulation was approved by the Executive Committee of the National Bank of Moldova and enters into force on 20 March 2025. Payment service providers must ensure compliance with point 81 within three months; points 4–56, 62, 65–67, 76–80 and 82 within nine months; point 57 and point 58 subpoints 58.1–58.11 within 12 months; and subpoints 58.12–61, points 63–64 and 68–75 within 15 months.
National Bank of Moldova 2025-02-20
National Bank of Moldova sets minimum ICT risk, information security and business continuity requirements for payment service providers
The National Bank of Moldova has issued a regulation setting minimum requirements for managing ICT risks, information security, and business continuity for payment service providers. The regulation, approved by the Executive Committee, takes effect on 20 March 2025, with phased compliance deadlines ranging from three to fifteen months.