Why is this important
Credit bureaus store sensitive information about the financial history of citizens and companies. Strengthening the requirements will protect the system from leaks, increase customer trust, and create unified security standards in the financial market.
What is provided for
- Credit bureaus are obliged to create a separate cybersecurity service.
- Introduction of an internal information security policy coordinated with the Central Bank.
- Assessment of the level of cybersecurity through a rating system (similar to banks).
- Mandatory implementation of DLP (Data Loss Prevention) systems to prevent data leaks, unauthorized deletion, or editing.
- In case of violations — the bureau’s obligation to compensate clients for the damage at its own expense.
- Similar requirements have already been introduced for banks (security service, notification of the regulator about external attacks).
- The Central Bank is strengthening control over cybercrime in the financial sphere, including the introduction of anti-fraud in banking systems.
Context
In August 2025, the Central Bank announced similar requirements for banks, emphasizing cybersecurity. In April, the president instructed to strengthen the digital security of financial transactions. The credit bureau sector is becoming a strategic element of the lending ecosystem and the “fintech zone”, therefore strengthening data protection is an important step for market stability.
