This article was created by
Radu Serrano, eGA
Share this article!
Cybersecurity in Kosovo
This article is powered by eGA’s National Cyber Security Index (NCSI), a global live index, which measures the preparedness of countries to prevent cyber threats and manage cyber incidents. Available at https://ncsi.ega.ee/, the NCSI is also a database with publicly available evidence materials and a tool for national cyber security capacity building.
Kosovo demonstrates a higher level of preventive cybersecurity, followed by a decreasing emphasis on responsive and strategic cybersecurity. Due to its heterogeneous international recognition, Kosovo does not figure in the ITU’s GCI or the EGDI and NRI digital development metrics.
Strategic cybersecurity
The economy scores in cybersecurity policy by having a competent entity, under the Ministry of Internal Affairs, assigned to the development of national cybersecurity strategies and policies. The existence of a National Cyber Security Strategy for the 2023 – 2027 period and cybersecurity undergraduate degrees is also a boost. Unfortunately, global contributions or research and development efforts do not appear to exist.
Preventive cybersecurity
Similar to the rest of the region’s economies, Kosovo fulfils all personal data protection indicators with the corresponding legislation and authority. Law NO.08/L-022 on Electronic Identification and Trust Services in Electronic Transaction legislates most items related to the cybersecurity of digital enablers.
Critical and critical information infrastructure operators are identified and subject to cybersecurity requirements. However, requirements for the public sector and the corresponding competent supervisory authority are still being worked upon. The same is also true for cyber threat analysis and awareness-raising endeavours, except for cyber threat analysis, which has an assigned government entity.
Responsive cybersecurity
Cyber incident response is almost maxed out, and international cooperation is currently missing a single point of contact. The fight against cybercrime is present in a legislative manner, but the corresponding authorities and capacities are still being developed. However, cyber crisis management does not yet appear to be available. Finally, the Kosovo Security Force has participated in international exercises.
Overall
Kosovo demonstrates a 40.00% completion rate of eGA’s NCSI. Due to its heterogeneous international recognition, it is not presented in the ITU’s GCI, nor in the EGDI and NRI digital development metrics. Therefore, it is not possible to compare its cybersecurity and digital developments within the national digital transformation efforts.
Additional reference
- NCSI | Kosovo(*). (2025) e-Governance Academy (eGA). https://ncsi.ega.ee/country/xk/
Disclaimer:
This article was written in May 2025, with the data available at that time in the NCSI. If you believe the current NCSI information is wrong or outdated, please contact us at and send us your comments, questions and any updated data.
