The Central Bank of the Republic of Kosovo (CBK) has approved the Regulation on Information Systems and Cyber Risk Management, which establishes a comprehensive framework to enhance digital security and operational resilience in the financial sector. This step reflects the reality of the financial sector’s digital transformation, where new technologies and innovative use of existing ones improve operational efficiency and the quality of services for consumers. However, digitalization also brings greater exposure to technological and cyber risks, which are becoming increasingly sophisticated and could threaten the financial ecosystem.

The drafting of the Regulation was supported by the International Monetary Fund (IMF) and built upon industry assessments and the results of dozens of examinations conducted in recent years in relevant areas. During this process, frameworks from international institutions were taken into account, such as the Basel Committee on Banking Supervision, the European Union (DORA and NIS2), the European Central Bank (ECB), and the NIST Cybersecurity Framework. Broad consultations were also held with the World Bank (WB) and domestic financial institutions, ensuring that the regulation reflects the needs and capacities of the industry, including through several explanatory information sessions.

The approval of this Regulation represents a strategic step toward building a healthier, safer, and more resilient financial industry. The Regulation requires institutions to adopt sound and sustainable practices for technology and cyber risk management, with mandatory standards that take into account the principle of proportionality based on the institutions’ activities, size, complexity, and risk profile. The Regulation is available on the CBK website at this link: Regulation on information systems and cyber risk management.

The Regulation allows for the use of advanced technologies as required by the complexity and scale of financial institutions’ operations, which will remain a focus of CBK’s supervisory process. This strengthens the foundation for effective supervision while preparing the industry for the challenges of digital transformation.

Through this regulation, the CBK provides a clear framework for financial institutions, helping them adopt safe and sustainable practices that protect not only technological infrastructure but also overall financial stability, public trust, and consumer interests.

The CBK thanks its international partners for their continuous support throughout the drafting of this regulatory framework, the first of its kind, and remains dedicated under its Strategic Plan, to continuously addressing the challenges of the financial sector with a careful approach and in line with international standards and best practices.

Governor Ismaili hosts in a meeting the World Bank Mission experts on the financial sector development projects – FinDev and FinSAC CBK with the first regulatory framework for Crypto-Assets in Kosovo: The first step towards gradual regulation and transparency