We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
02 April 2021
Information technologies are increasingly being exposed to the potentially malicious intentions of various interest groups and individuals. Therefore, a systematic and coordinated effort to improve cybersecurity abilities is key for a safe digital society.
The Croatian cybersecurity system is a complex cross-sectorial network of institutions and regulations in constant development but aligned with the requirements acquired through the country's membership of the European Union and the North Atlantic Treaty Organisation (NATO).
This article is the second in a series on the regulation of cybersecurity in Croatia.(1)
The first legal act to regulate cybersecurity matters in Croatia was the Information Security Act (Official Gazette 79/2007), which was passed in 2007. This act laid the foundations for cybersecurity in the public cybersphere and established three bodies which have key roles in Croatia's cybersecurity policy:
Under the Information Security Act, the ONSC became the national security authority responsible for coordinating national, EU and NATO measurements and standards for the protection of classified and non-classified information in the government sector. The ONSC is the main body of the Croatian security and intelligence system. It performs tasks for the National Security Council and the Council for the Coordination of Security and Intelligence Services and informs the president and prime minister about security and intelligence agency work.
The Information Security Act tasked the ISSB with the coordination of prevention and response measures regarding information system security threats in the government sector. The ISSB is the central state authority responsible for the technical side of state body information security. This includes the management of:
ISSB directors are appointed by the government, based on the Council for Coordination of Security Intelligence Agencies' proposals.
The Information Security Act established the CERT as a department within the Croatian Academic and Research Network. The CERT is responsible for the prevention of security threats and the protection of all public information systems in Croatia. Its main task is to handle computer security incidents in which one of the parties is in Croatia (ie, parties that have a '.hr' domain or are within the Croatian internet protocol address range).
Additional functions of ONSC, ISSB and CERT
The Act on Cybersecurity of Operators of Essential Services and Digital Service Providers 2018 (Official Gazette 64/2018), which was transposed from the EU Network and Information Security Directive (2016/1148/EU), gave the three bodies additional national functions. The ONSC became the national single point of contact, while the ISSB and the CERT became national Computer Security Incident Response Team bodies with similar prevention and response tasks.
The 2015 adoption of the National Cybersecurity Strategy necessitated the introduction of a cross-institutional body to monitor its implementation and connect the competent institutions in the government and public sectors. In 2016 two cross-institutional bodies were established to manage the implementation of the National Cybersecurity Strategy's goals and measurements and to resolve all relevant national cybersecurity issues:
National Cybersecurity Council
The National Cybersecurity Council comprises 16 representatives of the following government institutions:
The ONSC representative acts as the president. The National Cybersecurity Council reports to the government and is responsible for the implementation of three cyber crisis management measures.
Operational and Technical Cybersecurity Coordination Group
The Operational and Technical Cybersecurity Coordination Group supports the National Cybersecurity Council's operations by:
The Operational and Technical Cybersecurity Coordination Group comprises eight members, some of whom are representatives of organisations that are also represented in the National Cybersecurity Council. The Ministry of the Interior representative acts as the coordinator. The Operational and Technical Cybersecurity Coordination Group reports to the National Cybersecurity Council and participates in the implementation of the measures for which the council is responsible.
For further information on this topic please contact Ivana Manovelo at Maćešić & Partners by telephone (+385 51 215 010) or email (email@example.com). The Maćešić & Partners website can be accessed at www.macesic.hr.
(1) For the first article in the series, please see "Cybersecurity: overview of relevant legislation".
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.