Uzbekistan adopts national cybersecurity strategy to 2030

2026-03-17

Presidential Decree No. 38, signed on 10 March 2026, establishes the Cybersecurity Strategy for 2026 to 2030 and creates a comprehensive institutional framework for cyber resilience. The decree mandates new cybersecurity units across government agencies from 1 April 2026, establishes a National Coordinating Council and introduces a registry of authorised cybersecurity outsourcing providers.

What has changed and why it matters

Presidential Decree No. 38 establishes Uzbekistan's first comprehensive cybersecurity strategy for 2026 to 2030, with five strategic goals: strengthening national cyber resilience, protecting critical digital infrastructure, combating cybercrime, developing AI-based cybersecurity technologies and expanding international cooperation.

Institutional framework

A National Coordinating Council on Cybersecurity is established under the Presidential Security Council. From 1 April 2026, dedicated cybersecurity units must be created across state bodies. State organisations may direct both budget and off-budget funds toward cybersecurity needs.

Key compliance requirements

Authentication. Information systems for online state, banking and e-commerce services must implement multi-factor authentication and secure connections. Draft regulations due May 2027.

Outsourcing registry. State bodies may only engage cybersecurity providers listed in an official registry, to be established by 1 August 2026.

Vulnerability assessments. Independent assessments of critical infrastructure launch from 1 August 2026 through a dedicated electronic platform.

Key roadmap deadlines

What this means for your business

E-commerce platforms face new authentication and security standards. Cloud and outsourcing providers will be subject to new cybersecurity requirements. Financial sector participants should prepare for specific cyber resilience requirements. The strategy signals increased enforcement with provisions for strengthening liability.