Azerbaijan is set to introduce administrative penalties for violations of regulatory requirements in the field of cybersecurity. According to the Operative Information Center-OMM, amendments to the Code of Administrative Offenses have been proposed to address these gaps.
The draft legislation was discussed during a joint meeting of the Milli Majlis (National Assembly) Committee on Legal Policy and State Building and the Committee on Labor and Social Policy.
The proposed measures target computer incident response centers, security operations centers, information infrastructure subjects, internet service providers, and host providers. Under the new regulations, entities failing to implement necessary cybersecurity measures face significant fines. Specifically, penalties will be imposed for:
- Failure to comply with instructions from relevant state authorities regarding cybersecurity defense, threat prevention, and digital investigations;
- Failure to immediately report cyber threats, attacks, or incidents to the designated state body;
- Failure to respond to inquiries from state authorities regarding cybersecurity status within 24 hours, or within 5 business days for digital investigation requests;
- Failure to conduct real-time, continuous monitoring of cyber incidents and attacks;
- Violation of general and specific cybersecurity requirements for critical information infrastructure;
- Failure to facilitate digital or proactive cybersecurity research, or tampering with data obtained during such investigations.
Under the proposed amendments, officials face fines ranging from 500 to 1,000 AZN, while legal entities face fines between 1,000 and 2,000 AZN. Furthermore, operating as a computer incident response center or security operations center without being included in the official registry will result in fines of 1,000 to 1,500 AZN for officials and 1,500 to 2,500 AZN for legal entities.
These legislative changes reflect Azerbaijan's ongoing efforts to strengthen its national digital infrastructure. As the country accelerates its digital transformation, establishing a robust legal framework for cybersecurity is critical to protecting state and private information systems against evolving global cyber threats.
