Cybersecurity in Ukraine: current challenges and ways to improve legislative regulation
DOI:
https://doi.org/10.35774/app2025.02.164Keywords:
information security, law enforcement, cybersecurity, legal support, administrative-legal aspect, criminal liability, administrative liability, European integration, harmonization of legislation, international standards, NATO, European Union (EU), state information policy, information security threats, implementation of law, subjects of information security, legal liability, information offenses, propaganda, artificial intelligenceAbstract
The modern realities of the digital transformation of society make it critically important to ensure cybersecurity as a key element of the state's national security. Ukraine, in conditions of permanent confrontation with hybrid threats and active digitalization of state and private structures, is faced with the need to form an effective system of legal regulation in the field of cyber defense. This study is aimed at a comprehensive analysis of the current state of legislative support for cybersecurity in Ukraine and identifying priority areas for its improvement.
The relevance of the study is due to the rapid development of information and communication technologies, the increase in the number and sophistication of cyber attacks, as well as the need to adapt national legislation to European cybersecurity standards. The analysis of modern cyber threats demonstrates their cross-border nature, a high degree of coordination and the use of advanced technologies to cause damage to critical infrastructure, state institutions and the private sector. Special attention is paid to the study of the specifics of cyberterrorism, information operations and attacks on critical infrastructure in the context of modern geopolitical challenges.
The methodological basis of the study includes a comprehensive approach to the analysis of regulatory legal acts, international agreements and the practice of their implementation into national legislation. The methods of comparative law, system analysis and empirical methods of research into the practice of law enforcement in the field of cybersecurity were used. Special attention is paid to the study of the experience of the European Union countries in the field of legal regulation of cyber protection and the possibilities of its adaptation to Ukrainian realities.
The results of the study indicate the presence of significant gaps in the current legislation of Ukraine on the regulation of cybersecurity, including insufficient coordination between various state bodies, the absence of clear mechanisms for responding to cyber incidents and the inadequacy of sanctions for cyber offenses. Problems in the field of personal data protection, ensuring the security of critical information infrastructure and international cooperation in the field of countering cybercrime were identified. It was established that the existing regulatory framework does not fully meet the modern challenges of the digital age and requires comprehensive reform.
The practical significance of the study lies in the development of specific recommendations for improving the legislative regulation of cybersecurity in Ukraine, including proposals for creating an integrated system of cyber protection, improving mechanisms for interagency interaction and increasing the effectiveness of countering cyber threats. Models of legal regulation adapted to the specifics of the Ukrainian legal system and compatible with international cybersecurity standards are proposed.
Prospects for further research are related to the need for constant monitoring of the evolution of cyber threats and the appropriate adaptation of the legislative framework, the development of mechanisms for public-private partnership in the field of cybersecurity, as well as an in-depth study of the impact of artificial intelligence and new technologies on the system of legal regulation of cyber defense. An important direction is also the study of the role of international cooperation in the formation of the global cybersecurity architecture and the place of Ukraine in this system.
References
1. Aristova, V. I. & Sulatskyi, D. V. (2013). Informatsiyna bezpeka lyudyny yak spozhyvacha telekomunikatsiynykh posluh: monohrafiya [Information security of a person as a consumer of telecommunication services: monograph]. Kyiv: Pravo Ukrainy [in Ukrainian]
2. Buriachok, V. L. (2020). Informatsiyna ta kiberbezpeka: sotsiotekhnichnyy aspekt: pidruchnyk [Information and cybersecurity: sociotechnical aspect: textbook]. Kyiv: Borys Grinchenko Kyiv Metropolitan University [in Ukrainian]
3. Buriachok, V. L. (2019). Osnovy informatsiynoyi ta kibernetychnoyi bezpeky: navchalnyi posibnyk [Fundamentals of information and cybernetic security: educational manual]. Kyiv: NAU [in Ukrainian]
4. Hulvanska, Yu. A. (2024). Pravove rehulyuvannya kiberbezpeky v Ukrayini: suchasnyy stan ta perspektyvy rozvytku [Legal regulation of cybersecurity in Ukraine: current state and development prospects]. Informatsiya i pravo - Information and Law, 2(49), 45-52 [in Ukrainian]
5. Shevchuk, O., Mentukh, N. (2021). Realizatsiya polityky derzhavnoyi informatsiynoyi bezpeky Ukrayiny v konteksti zapobihannya koruptsiyi: administratyvno-pravovyy aspekt [Implementation of Ukraine's state information security policy in the context of corruption prevention: administrative and legal aspect]. Naukovyi visnyk Uzhhorodskoho natsionalnoho universytetu. Seriia: Pravo - Scientific Bulletin of Uzhhorod National University. Series: Law, 64, 282–287. Retrieved from http://visnyk-juris-uzhnu-uz.com/wp-content/uploads/2021/06/NVUzhNU_64.pdf [in Ukrainian]
6. Loginova, N. I. (2023). Kibernetychna bezpeka derzhavy: teoretyko-pravovyy aspekt: monohrafiya [Cybernetic security of the state: theoretical and legal aspect: monograph]. Kharkiv: Pravo [in Ukrainian]
7. Marushchak, A. I. (2024). Stratehiya kiberbezpeky Ukrayiny: pravovi zasady ta mekhanizmy realizatsiyi [Ukraine’s cybersecurity strategy: legal foundations and implementation mechanisms]. Visnyk Natsionalnoho universytetu «Lvivska politekhnika». Yurydychni nauky - Bulletin of Lviv Polytechnic National University. Legal Sciences, 2(38), 112-119 [in Ukrainian]
8. Ostapenko, O. V. & Bernaz, P. S. (). Kiberzlochynnist yak zahroza natsionalniy bezpetsi Ukrayiny [Cybercrime as a threat to Ukraine's national security]. Naukovyi visnyk Natsionalnoi akademii vnutrishnikh sprav - Scientific Bulletin of the National Academy of Internal Affairs, 1(130), 78-86. [in Ukrainian]
9. Mazepa, S. & Bratasyuk, O. (2023). Die Gewährleistung der Informationssicherheit in der Ukraine–Verwaltungs-und strafrechtliche Maßnahmen. OER Osteuropa Recht, 68(4), 421-442 [in German]
10. Petrov, K. M. (2023). Mizhnarodne spivrobitnytstvo u sferi kiberbezpeky: ukrayinskyy dosvid [International cooperation in cybersecurity: Ukrainian experience]. Aktualni problemy mizhnarodnykh vidnosyn - Current Problems of International Relations, 157, 92-105 [in Ukrainian]
11. Pro osnovni zasady zabezpechennya kiberbezpeky Ukrayiny: Zakon Ukrayiny vid 05.10.2017 № 2163-VIII [On the Basic Principles of Cybersecurity in Ukraine: Law of Ukraine dated 05.10.2017 № 2163-VIII] (as amended on 03.04.2025). (2017). Database «Legislation of Ukraine». Verkhovna Rada of Ukraine. Retrieved from https://zakon.rada.gov.ua/laws/show/2163-19 [in Ukrainian]
12. Pro zatverdzhennya planu zakhodiv na 2023-2024 roky z realizatsiyi Stratehiyi kiberbezpeky Ukrayiny: Postanova KMU vid 19.12.2023 № 1163 [On approval of the action plan for 2023-2024 for the implementation of Ukraine's Cybersecurity Strategy: Resolution of the Cabinet of Ministers dated 19.12.2023 № 1163]. (2023). Official website of the Cabinet of Ministers. Retrieved from https://www.kmu.gov.ua/npas/pro-zatverdzhennia-planu-zakhodiv-na-20232024-roky-z-realizatsii-stratehii-kiberbezpeky-ukrainy-i191223-1163 [in Ukrainian]
13. Stratehiya kiberbezpeky Ukrayiny: Ukaz Prezydenta Ukrayiny vid 14.09.2021 № 447/2021 [Ukraine’s Cybersecurity Strategy: Decree of the President of Ukraine dated 14.09.2021 № 447/2021] (2021). Official Internet Representation of the President of Ukraine. Retrieved from https://www.president.gov.ua/documents/4472021-40013 [in Ukrainian]
14. Furashev, V. M. (Ed.). (2024). Ukrayina v umovakh hibrydnoyi ahresiyi: pravovi aspekty kiberbezpeky: kolektyvna monohrafiya [Ukraine under hybrid aggression: legal aspects of cybersecurity: collective monograph]. Kyiv: NISD [in Ukrainian]
15. Shemchuk, V. V. & Kostenko, O. L. (2024). Kiberprostir yak sfera natsionalʹnoyi bezpeky: pravovi zasady zabezpechennya] Cyberspace as a sphere of national security: legal foundations of provision. Naukovyi visnyk publichnoho ta pryvatnoho prava - Scientific Bulletin of Public and Private Law, 3, 167-174 [in Ukrainian]
16. Cybersecurity in Ukraine: Legal Framework Analysis. IFES Ukraine Report, 2024 [in English]
17. Thompson, M. & Kovalenko, O. (Eds.) (2024). Digital Security in Wartime: Ukrainian Experience and International Best Practices. Kyiv: Digital Ukraine Institute [in English]
18. Legal Aspects of Cybersecurity During Armed Conflicts: Ukrainian Case Study (2024). International Journal of Cyber Law, 12(3), 45-67 [in English]
19. Pro vnesennya zmin do deyakykh zakoniv Ukrayiny shchodo zakhystu informatsiyi ta kiberzakhystu derzhavnykh informatsiynykh resursiv, obyektiv krytychnoyi informatsiynoyi infrastruktury: Zakon Ukrayiny vid 27 bereznya 2025 roku № 4336-IX [On amendments to certain laws of Ukraine regarding information protection and cyber protection of state information resources, critical information infrastructure objects: Law of Ukraine dated March 27, 2025 № 4336-IX] (2025). Retrieved from https://zakon.rada.gov.ua/laws/show/4336-20#Text [in Ukrainian]
