Government Proposes National Cyber Security Agency to Protect Critical Digital Infrastructure

The Maldivian government has submitted a specialized legislative proposal to the Parliament to establish a National Cyber Security Agency, aiming to fortify the nation's digital environment against evolving threats. The bill, formally introduced by Hussain Nasih, Member of Parliament for Central Henveyru, seeks to create a centralized authority to secure the Maldives' cyberspace. The primary objective of the legislation is to safeguard critical information systems within both state and private institutions. By defining precise security requirements, the proposed framework aims to identify domestic and cross-border threats, prevent cyber incidents, and build a resilient system capable of responding rapidly to digital vulnerabilities. Under the proposed structure, the National Security Council will remain the primary body for determining cybersecurity policies. However, it will do so based on strategic advice provided by the new agency. This agency will be governed by a five-member executive board and, while operating as an independent institution with distinct legal authority, it will fall under the oversight of the Ministry of Homeland Security, Labour and Technology. The bill also introduces rigorous regulations for the private sector, particularly for those providing cybersecurity services. These providers will be required to obtain official operational licenses to practice. The legislation carries significant penalties for non-compliance; those operating without a valid license could face administrative fines ranging from USD 3,243.77 to USD 32,437.72. While the law is designed to cover critical information infrastructures across both the public and private sectors, the government has included specific exemptions. The systems and personnel belonging to the nation’s defense and security services will not be subject to these particular regulations, ensuring their operational autonomy is maintained.