LegalGELegalGE
...

Critical Infrastructure Protection

Which entities are considered critical infrastructure?

Critical infrastructure typically includes government agencies, banks, energy companies, telecom operators, water supply systems, and major transport hubs.

Is a security audit mandatory?

Yes, subjects falling under the Law on Information Security and related acts are required to conduct regular information and physical security audits.

What are the penalties for non-compliance?

Non-compliance leads to administrative fines, potential license suspension, and in cases of severe consequences, criminal liability for management.

How to vet employees for security clearance?

Employee vetting for strategic roles is regulated by law. A lawyer can assist in submitting requests to the State Security Service for reliability checks.

Reading Time

3 min

Published

...

Legal Assurance for Critical Infrastructure Protection

State security does not rely solely on military force; it is critically dependent on the smooth operation of facilities such as energy systems, transport hubs, water supply, the banking sector, and healthcare. Critical Infrastructure Protection (CIP) in Georgia is regulated by special legislation that obliges entities of strategic importance to implement high security standards. This includes physical protection, operational continuity, and personnel reliability checks. Non-compliance not only endangers national security but also leads to license revocation and severe administrative sanctions for organizations.

Legal services in the field of critical infrastructure protection are designed for both private and state companies operating in strategic sectors. The service includes:

  • Legal Audit and Compliance: Examining the organization's activities and determining its compliance with the "Law on Information Security" and other normative acts regulating critical infrastructure.
  • Development of Security Policies: Drafting internal bylaws, instructions, and protocols that define access regimes, protection rules, and emergency action plans at the facility.
  • State Secret Clearance: Legal assistance in the process of vetting employees and obtaining clearance for access to state secrets.
  • Regulatory Relations: Representation in dealings with the State Security Service, the Operational-Technical Agency, and the Digital Governance Agency.
  • Contract Management: Reflecting security requirements in contracts with contractors and suppliers to prevent the introduction of threats from external sources.

For a practical example, an energy company is required to have a physical protection plan agreed upon with the Ministry of Internal Affairs and a cybersecurity policy. If the company fails a mandatory audit or an incident occurs due to lack of protection, it faces liability. Also, issues often arise during personnel vetting—the company must ensure that a person posing a threat does not gain access to strategic controls, while simultaneously not violating labor laws and human rights. This balance requires qualified legal intervention.

In Georgia, this field is regulated by several laws, including the Law on State Security Service, the Law on Information Security (defining subjects of critical information systems), and the Law on State Secrets. Critical infrastructure subjects are divided into categories, each with different obligations. For example, Category I subjects (state agencies) have stricter requirements than Category III subjects (private banks, telecoms), although minimum standards are mandatory for all.

Cooperation with a lawyer ensures that the organization is ready for any inspection. The lawyer helps the company identify risks, prepares mandatory reports for the regulator, and manages crisis situations in the event of an incident. This service is vital for businesses operating in the energy, transport, finance, and telecommunications sectors.

Legal.ge offers access to lawyers with experience in national security and regulated industries law. Protect your strategic assets and ensure business continuity in full compliance with the law. Our experts will help you meet complex regulatory requirements.

Updated: ...

Specialists for this service

Loading...