български deutsch italiano
Varadinov & Co.
Legal Bulletin

Varadinov & Co Attorneys at law is recognised in the IFLR1000
Varadinov & Co Attorneys at law is listed in Legal 500

State Gazette, issue 94/November 13th, 2018
The Cyber Security Act introduces the requirements of the European Parliament and Council Directive (EU) 2016/1148 of 6 July 2016 on measures for a high common level of security of networks and information systems in the Union. The law regulates cyber security organization, management and control activities, including cybercrime activities and projects, and countering cybercrime, as well as taking the necessary measures to achieve a high level of network and information security.
The network and information security, as well as the measures for their implementation, the minimum scope of which shall be determined by an ordinance of the Council of Ministers upon a proposal of the Chairperson of the State Agency for Electronic Management shall be regulated. The measures can not impose the use of a certain type of technology and do not apply to certain entities - the communication and information systems for processing of classified information within the meaning of the Classified Information Protection Act; networks and information systems of the Ministry of Defense, the Ministry of Interior, the State Agency for National Security, the State Agency for Intelligence, the State Agency for Technical Operations, the Military Information Service and the National Security Service, which are not related to the provision of administrative services by electronic means and the exchange of electronic documents between the administrative authorities; undertakings providing public electronic communications networks and / or services within the meaning of the Electronic Communications Act; providers of certification and digital services if the latter are micro and small enterprises.
The Chairperson of the State Agency for Electronic Management creates, maintains a register of essential services within the meaning of this law which is not public. The cyber-security system is defined as part of the national security protection system, and its settlement and organization are implemented by the Council of Ministers, assisted by the Advisory Council on Cyber Security. The Council of Ministers adopts with decision a National Cyber Security Strategy and a National Network and Information Security Strategy. The Minister of the Interior carries out the state policy in the area of countering cybercrime. In the General Directorate for Combating Organized Crime of the Ministry of Internal Affairs, a Cybercrime Center is being set up to carry out activities on the detection, investigation and documentation of computer crimes at national level.
State Agency for National Security implements the policy of protection from cyber-criminals in the communication and information systems of the strategic sites and activities that are important for the national security. The State Agency “National Security” builds and maintains a Monitoring and Response Center for incidents with a significant detrimental impact on the communication and information systems of the strategic sites and activities that are relevant to national security. A National Unitary Contact Point is established to the State Agency for Electronic Management, which coordinates the issues related to network and information security and the issues related to the cross-border cooperation with the relevant authorities in other EU Member States. A National Response Team for computer security incidents is also established at the State Agency for Electronic Management.
The law introduces a wide range of administrative and criminal liability for non-fulfillment of obligations related to notification of incidents, non-fulfillment of mandatory instructions, failure to provide information and evidence.

State Gazette, issue 94/November 13th, 2018
By increasing the transparency of media ownership, amendments to the Law on the compulsory deposit of printed and other works are motivated. Media service providers will submit annually, by 30 June at the Ministry of Culture, a declaration in a form that identifies their actual owners and contains information on whether they hold a public post as well as any received funding in the previous calendar year, its amount and basis, details of the person who made the funding. Where the media service provider is a public company within the meaning of the Public Offering of Securities Act or under its national law, the identification of the competent institution under the oversight of which is the company shall be considered as information identifying its beneficial owner. Where the person who actually controls the content of the media service and / or the editorial policy is different from the actual owner of the media service provider, that fact shall be stated in the declaration. It lists all contracts and their value concluded by the media service provider in the previous calendar year with state or local authorities or companies with state or municipal shareholdings in the capital, including as a result of public contracts, with political parties, advertising contracts with persons , which are subject to regulation, as well as the contracts that have received funding from the European structural and investment funds or from other international financial institutions and donors.
The declaration is submitted by filling in an electronic form on the website of the Ministry of Culture in compliance with the Law on Electronic Document and Electronic Certification Services. A declaration that does not contain the required amount of information is considered not to be submitted. The declaration shall be filed with the Registry Agency and shall be subject to announcement in the respective register under Art. 3, para. 1 of the Commercial Register Act and the Register of Non-Profit Legal Entities. The media service provider must declare the change within 7 days of the change of the actual owner and indicate whether the actual owner holds a public position. The media service provider publishes up-to-date information about their actual owner and their website. Similar requirements have been introduced with regard to distributors of periodical printed matter. The Ministry of Culture establishes and maintains a public register of information on media ownership and implements the administrative and criminal liability for non-compliance with the above requirements.