Law No. 124/2025 – Approval of Government Emergency Ordinance No. 155/2024 on Cybersecurity of Networks and Information Systems in the National Civil Cyberspace (Romania)

În Monitorul Oficial al României, Partea I, nr. 638 din 7 iulie 2025, a fost publicată Legea nr. 124/2025 privind aprobarea, cu modificări și completări, a Ordonanței de urgență a Guvernului nr. 155/2024 Published in the Official Gazette of Romania, Part I, No. 638 of July 7, 2025, Law No. 124/2025 approves, with amendments and additions, Government Emergency Ordinance No. 155/2024, which establishes the legal framework for cybersecurity within the national civil cyberspace.

Key Provisions:

• Clarifies the applicability of the law in relation to personal data protection legislation, the Criminal Code, and critical entities resilience laws;
• Establishes the competencies of the National Cybersecurity Directorate (DNSC) regarding oversight, incident reporting management, and the confidentiality of submitted information;
• Revises the definition of social networking service platforms;
• Introduces mandatory cybersecurity training for leadership and staff of essential and important entities, and mandates the designation of cybersecurity officers;
• Redefines the criteria under which an incident is deemed significant;
• Regulates the obligation of the national single point of contact to share relevant information with ENISA and the European Commission;
• Clarificarea obligațiilor privind acordurile de schimb de informații în domeniul securității cibernetice;
• Clarifies requirements for information-sharing agreements in the field of cybersecurity;
• Establishes obligations for ICT manufacturers and providers regarding vulnerability reporting and remediation, including DNSC’s notification to the European Commission;
• Provides for cooperation between DNSC, the National Bank of Romania (BNR), and the Financial Supervisory Authority (ASF) in assessing and managing cyber risks in the financial sector;
• Modifies response and reporting deadlines for addressing deficiencies identified by DNSC;
• Updates the regime of serious contraventions and sanctions for essential and important entities, including derogations from Government Ordinance No. 2/2001;
• Updates annexes related to regulated sectors: health, digital infrastructure, and the food industry.

The law was adopted in accordance with Articles 75 and 76(2) of the Romanian Constitution.

Full text available at: https://legislatie.just.ro/Public/DetaliiDocument/299675