• Regulatory authority to oversee standards in public and private sectors 

The Ministry of Digital Economy stated that new cybersecurity laws, which are currently being drafted, would make it mandatory for both private and public institutions to implement an annual compliance readiness strategy on cybersecurity. 

When contacted by The Daily Morning yesterday (24), Ministry Secretary Waruna Sri Dhanapala said that cybersecurity efforts had so far largely been handled by the Sri Lanka Computer Emergency Readiness Team (SLCERT), but that a new Cybersecurity Regulatory Authority would be established under the proposed laws.

He said the new authority would be granted regulatory powers over both public and private institutions. “There are both proactive measures to avoid cyber crimes and also what to do after such an event,” he said.

Dhanapala added that the proposed legislation was based on a Bill initially drafted in 2019, but several new sectors had since been added due to the rapid rise of social media-related and cyber-related offences. “Under this, the measures and regulations relating to cyber war crimes in the international domain will also be regulated,” he said.

He further said that institutions failing to comply with the regulations could face fines and mandatory consultations.

He went on to say that cyber-related offences had previously been governed under the Computer Crime Act No. 24 of 2007, but several shortcomings had emerged over time. “At times, it is difficult to prove that certain crimes were committed through a computer. Those kinds of issues will be addressed through these new laws,” he said.

Last week, Deputy Minister of Digital Infrastructure Eranga Weeraratne told Parliament that a new cybersecurity law would soon be introduced and that a Cybersecurity Regulatory Authority would be established, noting that Sri Lanka currently lacked adequate laws to address cybercrime effectively.

The move comes amid a rise in reported cybercrime incidents in recent months.