Text size





Emergency Act

In 2009, the Emergency Act entered into force. The act lists vital sectors and services that come under them. Vital services are provided both by public sector agencies as well as private enterprises. In total, the Act lists 46 vital services.

Emergency Act imposes duties on authorities to maintain the sustainability of vital services and on service providers to provide vital services.

Duties to ensure the capacity for consistent operation of information systems used for providing vital services are regulated in the Regulation Security measures for information systems of vital services and related information assets (.pdf, 72 KB). The regulation was adopted on 2013 on the basis of subsection 40 (2) of the Emergency Act.

Cyber Security Strategy

The Cyber Security Strategy 2014–2017 (in .pdf) is the basic document for planning Estonia’s cyber security and a part of Estonia’s broader security strategy. The strategy highlights important recent developments, assesses threats to Estonia’s cyber security and presents measures to manage threats. This strategy continues the implementation of many of the goals found in the Cyber Security Strategy 2008–2013 (in .pdf, in Estonian only); however, new threats and needs which were not covered by the previous strategy have also been added.

In accordance with the strategy, the purpose of the critical information infrastructure protection is to maintain the proper functioning of the information systems, diminish the scope of disruption due to cyber attacks and to create conditions for the post-attack prompt recovery of the sustainability of the information systems. The strategy has five priority objectives:

  1. Establishment of national system of Critical Information Infrastructure Protection.
  2. Increase expertise on information security.
  3. Establishment of the judicial area required to maintain cyber security.
  4. International cooperation.
  5. Cyber security-related briefing.

Information security interoperability framework

Information security interoperability framework (in .pdf, in Estonian only) specifies the general functioning principles of information security in Estonia and contains the basic rules that state agencies and the private sector need to follow in order to maintain information security.

Did you get the answer to your question?

Added 07.02.2011
Updated 13.04.2016

Back to page "Critical Information Infrastructure Protection CIIP"