In order to strengthen cybersecurity in Latvia and implement the requirements of the revised European Union Network and Information Systems Security Directive (NIS2, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022L2555&qid=1725010616581), the National Cybersecurity Law (NCSL, https://likumi.lv/ta/id/353390), developed by the Ministry of Defense, came into force on September 1st.

The entry into force of the NCSL has introduced changes to the cybersecurity governance model, including the launch of a new institution—the National Cybersecurity Centre. Compliance with cybersecurity requirements now applies to a broader range of companies, and the cyber incident response body, CERT.LV, has been assigned new responsibilities.

While several NCSL-related regulations are still being developed, the work of strengthening infrastructure security must continue. We will discuss the cyberattacks in Latvia in 2024 and focus on the most pressing IT security threats. Drawing on our experience, we will highlight the most significant risks and outline our vision for the necessary tasks in the near future, both for those already collaborating with CERT.LV and for those who have yet to engage with us.