The amended Cybersecurity Act significantly broadens the scope of regulated sectors and entities, introduces detailed minimum cybersecurity risk management requirements and incident reporting obligations, and provides for substantial sanctions, including personal liability of members of management bodies. All in-scope entities are required to ensure full compliance as of the date of entry into force.

The period following entry into force of the amendments places cybersecurity governance, risk management and supply chain controls at the forefront of corporate compliance. Proactive assessment and timely alignment with the new statutory requirements will be essential in mitigating regulatory and operational risk.

DGKV’s team, Violetta Kunze and Georgi Sulev prepared a summary of the relevant amendments to the Bulgarian Cybersecurity Act, which we would like to share with our clients and stakeholders.

The publication is available in Bulgarian: