Montenegro has taken decisive steps to reinforce its national cybersecurity framework, marking significant progress since the large-scale cyberattacks that targeted state infrastructure in 2022. The reforms were highlighted during a high-level event on strengthening information infrastructure, organized in cooperation with DCAF.
Legislative and Institutional Milestones
Following the 2022 cyber crisis, Montenegro adopted a new Law on Information Security aligned with the EU NIS2 Directive, reinforcing regulatory oversight and clarifying responsibilities across critical sectors. Key institutional developments include:
- Establishment of a national Computer Incident Response Team (CIRT)
- Operationalization of a modern Government Security Operations Center (G-SOC), equipped with advanced monitoring and incident response tools
- Creation of a dedicated Cybersecurity Agency to coordinate actors across critical infrastructure sectors
These measures represent a shift from reactive incident management to a proactive and preventive cybersecurity model.
Strategic Alignment with EU Integration
Cybersecurity reform has been positioned not only as a national security priority but also as a strategic pillar of Montenegro’s European integration process. The implementation of the Reform Programme strengthens governance structures, expands threat information-sharing mechanisms, and enhances cooperation between public institutions and operators of critical infrastructure.
The objective is to build a system capable of anticipating and neutralizing cyber threats before they materialize—ensuring long-term digital stability and protection for citizens, institutions, and the economy.
Building a Resilient Digital Future
By consolidating its legal, operational, and institutional framework, Montenegro is positioning itself as a credible contributor to regional digital stability. Continued collaboration with international partners and alignment with European standards remain central to sustaining progress and ensuring resilience against increasingly sophisticated cyber threats.