Cyber Governance Challenges for Albania: Addressing policy choice dilemmas

Supported by:Netherlands Embassy in Tirana

Project:Improved Policy Debate and Accountability to Delivering on Fundamentals First, through the Establishment of Cluster One EU Negotiations Platform – Albania (C1-EU-NPA)

This policy paper analyses Albania’s path towards European Union (EU) membership, with an emphasis on its cybersecurity policies and their alignment with the evolving EU acquis. As Albania approaches a decade as an official EU candidate nation, the research delves into the complex process of EU accession discussions, which demand harmonisation with the EU legal and regulatory requirements. Clustered within the “Fundamentals First” thematic area, cybersecurity has become an integral part of Chapter 24 “Justice, Freedom and Security”. The paper emphasises the importance of cybersecurity in the context of the EU’s increased focus on protecting digital systems and information.

By drawing parallels between the EU’s new cybersecurity strategy and Albania’s cyber governance model, the study proposes a strategic realignment of Albania’s cybersecurity approach. This recommendation arises from the potential risks of stagnation in cybersecurity progress or incompatibility with current EU standards if Albania adheres to the prior framework.

The European Union has prioritised the task of Shaping Europe’s Digital Future, by promoting cyber resilience, safeguarding communication and data and keeping online society and economy secure. Over a span of five years, the EU adopted the Second EU Cyber Security Strategy 2020-2025 (EUCSS), adopted the NIS2 Directive on measures for a high common level of cybersecurity across the Union (2022) and is discussing the proposals for the Directive on the resilience of critical entities, a proposal to establish the digital wallet and e-Identity (eIDAS 2.0), and a proposal to set uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies), such as cloud platforms or data analytics services (Digital Operational Resilience Act (DORA)); and other initiatives such as the EU Cyber Diplomacy and expanding the prerogatives of ENISA (The European Union Agency for Cybersecurity). The analysis on EU cyber landscape is based on four pillars:

Pillar 1: Cybersecurity Strategy and Governance
Pillar 2: Investment and Research
Pillar 3: Policy Guidance and Coordination
Pillar 4: Collaboration and Diplomacy

The central focus of this paper is linked to the EU’s pivot to another standard of cybersecurity. Considering this, Albania finds itself in the position of pursuing alignment with a moving train (EU trajectory to the Digital Europe). This situation prompts an inquiry into Albania’s strategies and measures concerning the resilience of its critical infrastructures and, by extension, its overall approach to cybersecurity.

 

The aim of this paper is threefold:

  • To introduce the Albanian audience to the EU standard on cybersecurity;
  • To provide an overview of the current situation of the cybersecurity in Albania, focusing on the legal framework, cyber policy, cyber resilience of the critical and important information infrastructures; and
  • To ascertain whether Albania should jump in the EU’s moving train towards a resilient, digital society.