Compare
Compare
An EU candidate country since 2012, Serbia is an important partner in the Western Balkans. The 2020 iteration of the Digital Evolution Scorecard characterised Serbia as a ‘break out’ economy, meaning that despite a relative lack of digital infrastructure the country is rapidly digitalising; internet penetration is one of the highest across the region, standing at 79%. Over the past decade, Serbia’s digital policy has been focused on attracting foreign investment, deepening the digital transformation across the public and private sectors, and promoting economic growth in line with EU targets. These objectives have been operationalised through a series of strategies, notably the Strategy for the Development of Information Security for the period 2017-2020 and the Strategy for combat against cyber crime 2019-2023. The ITU notes, however, that “while innovative, internet-based e-commerce is expected to bring significant growth and development, obsolete legislation and a lack of harmonisation with EU standards and best practice persist, hampering progress”. As the country becomes increasingly more digitalised, the challenge for Serbian cyber diplomacy will be to develop and enhance avenues of European, regional, and international cooperation.
As of 2020, 86 % of Uruguayans are active internet users, second in South America, only behind Chile. 9 out of 10 individuals in Uruguay are social media users. This provides a fabric for efficient digital policies and strategies that have transformed Uruguay since the 2010s. Uruguay is ranked first in Latin America and 35th place in the world on Digital Government Development, according to the UNDESA index, which measures dimensions related to technological infrastructure, availability of online services, and ability of citizens to take advantage of those resources. Uruguay also ranks first in Latin America and 42nd in the world on ICT Development, according to the 2017 IDI, published by the International Telecommunications Union. In all, this South American country has positioned itself at the forefront as a regional and world benchmark in Digital Government.
El Salvador is known for its adoption of Bitcoin as a legal tender in 2021. El Salvador’s internet penetration rate stood at 50.5 % of the total population at the start of 2022, with over 4 million social media users. El Salvador is making important progress towards digitalisation in terms of infrastructure capacity and reliability, but there are still challenges to overcome, such as access and affordability to internet connections, especially in rural areas. Regarding data protection, El Salvador still lacks a comprehensive data protection law, although the country has made improvements in the past years.
The country has not assumed a firm stance on the application of international law in cyberspace. Serbia’s position paper concerning the Open-Ended Working Group (OEWG) highlighted that multilateral dialogue on “information security” must occur “with strict respect for the Charter of the United Nations”. Echoing the stance of states such as China, Russia, and Cuba, Serbia also raised the alarm about the “danger of developing offensive ICT and militarising the digital space”.
As a member state of the UNGA, Uruguay expressed their views at the OEWG in 2021, considering cybersecurity an essential element in the prevention of international conflicts. Uruguay provides a rather humanitarian approach to international law and its application on cyber issues. The country is a member of international organisations that promote the development and compliance with standards of transparency and access to information, such as the Open Government Partnership, the Electronic Government Network of Latin America and the Caribbean (GEALC) and Digital Nations.
Uruguay was the first Latin American country, in 2013, to sign the only existing binding, international document concerning the Automatic Processing of Personal Data (known as Convention 108). Its signature and membership have been ratified in 2021.
Uruguay’s Digital initiatives at the national level are also in compliance with the Digital Agenda for Latin America and the Caribbean (eLAC by CEPAL). In particular, Uruguay’s Cybersecurity goal is in line with CEPAL’s framework for confidence-building measures such as combating digital crime by formulating public policies and strategies for cybersecurity and critical infrastructure protection. El Salvador has supported, along with several other states, a Russian-backed proposal to develop a new binding legal instrument to govern responsible state behaviour in cyberspace. It’s the Salvadoran position that the absence of legislation is the main obstacle towards fighting cybercrime internationally.
Uruguay was the first Latin American country, in 2013, to sign the only existing binding, international document concerning the Automatic Processing of Personal Data (known as Convention 108). Its signature and membership have been ratified in 2021.
Uruguay’s Digital initiatives at the national level are also in compliance with the Digital Agenda for Latin America and the Caribbean (eLAC by CEPAL). In particular, Uruguay’s Cybersecurity goal is in line with CEPAL’s framework for confidence-building measures such as combating digital crime by formulating public policies and strategies for cybersecurity and critical infrastructure protection. El Salvador has supported, along with several other states, a Russian-backed proposal to develop a new binding legal instrument to govern responsible state behaviour in cyberspace. It’s the Salvadoran position that the absence of legislation is the main obstacle towards fighting cybercrime internationally.
Serbia was represented in the 2016-2017 UN Group of Governmental Experts (UNGGE). Despite its EU candidate status, Serbia does not typically vote in alignment with the EU on key cybersecurity resolutions presented before the UN First Committee. Notable examples include UNGA resolution 73/27, which first established the Open-Ended Working Group (OEWG), as well as later resolutions 74/29 and 75/240.
Uruguay is a represented member in the Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace. The South American country has openly stated that the voluntary norms included in the Report of the Group of Experts (GGE) represent an inescapable guide for the responsible behaviour of States in cyberspace. In session 5 of the second substantive session of the OEWG 2021-2025, Uruguay along with seven other States pointed out the importance of the protection of critical infrastructure, according to norm 13(f).
El Salvador has been actively involved in promoting a safe cyberspace. The Latin American country, back in 2015, signed a memorandum of understanding with the UN Office on Drugs and Crime to support the fight against cybercrime, with training in capacity building, prevention and cooperation.
El Salvador has expressed views on the use of information and communications technologies for criminal purposes at the UNGA. As part of their statement, it was noted the lack of regulation obliging network administrators of public, private, or non-profit institutions to establish, maintain, and safeguard the connection logs of their internal clients, which can be exploited for the commission of traditional crime and cybercrime.
As part of the OEWG discussions, El Salvador has identified the norm regarding ICT product supply chains as the most important for states, in addition to proposing that the OEWG highlights the efforts and progress that countries are making in cybersecurity, making the spirit of cooperation in this area clear.
El Salvador has expressed views on the use of information and communications technologies for criminal purposes at the UNGA. As part of their statement, it was noted the lack of regulation obliging network administrators of public, private, or non-profit institutions to establish, maintain, and safeguard the connection logs of their internal clients, which can be exploited for the commission of traditional crime and cybercrime.
As part of the OEWG discussions, El Salvador has identified the norm regarding ICT product supply chains as the most important for states, in addition to proposing that the OEWG highlights the efforts and progress that countries are making in cybersecurity, making the spirit of cooperation in this area clear.
Serbia’s legislative framework on cybersecurity is structured upon the 2016 Law on Information Security and its bylaws. The Law ushered in several institutional developments, including the creation of a national CERT in the regulatory agency for electronic communications and postal services (RATEL). The national CERT “monitors the status of incidents on national level, provides early warnings, alerts and announcements, and reacts on incidents by providing the information on affected entities and persons”. [x] It also holds seminars and technical trainings for operators of special importance (critical infrastructure) [x].
Meanwhile, the 2021 Cyber Tesla drill (organised in collaboration with the US state of Ohio) constitutes only one example of Serbia’s increased emphasis on critical infrastructure through the prism of cyber defence; the stated objectives included the “construction of military defence system capacities and the National CERT’s capacities for the protection from high-tech attacks, as well as an enhanced cooperation with relevant government and private sector organisations and academic institutions for the purpose of protection of the IT systems”.
In its UNGGE position paper in 2016, Serbia emphasised the importance of interstate cooperation in “maintaining effective and responsive mechanisms for information exchange, alerts and announcements on cybersecurity incidents”. The paper goes on to posit that “the special focus should be on the protection of critical infrastructure”, especially in the case of transnational attacks. In 2021, Norway donated a platform worth €1.2 million which will “[serve] to hold cyber exercises at the national level enables the real situation of different attack scenarios, and will contribute to capacity building and training of officials in various state institutions”, according to State Secretary of the Ministry of Trade, Tourism and Telecommunications Milos Cvetanovic [x]. Objective 10 of Uruguay’s Digital Agenda for 2025 provides a clear guideline for resilience measures in cybersecurity and ICT. Uruguay is focused on enhancing cybersecurity to prevent and mitigate risks in cyberspace, advancing compliance with the national cyber-security framework, based on public-private cooperation and ensuring the availability of critical information assets. Uruguay intends to achieve this goal by improving efficiency in detecting and responding to cyber incidents by implementing new technologies that allow for predictive analytics and response automation, among others. El Salvador has taken steps towards addressing cybercrime by establishing a Cybersecurity Policy which aims to ensure the resilience and security of strategic assets. It lays out criteria to develop cybersecurity capacities aimed at protecting critical infrastructure, strengthening response mechanisms, and developing technical and administration skills so that the public and private institutions in El Salvador as well as citizens are aware of cybersecurity and risks related to the use of information technologies.
Meanwhile, the 2021 Cyber Tesla drill (organised in collaboration with the US state of Ohio) constitutes only one example of Serbia’s increased emphasis on critical infrastructure through the prism of cyber defence; the stated objectives included the “construction of military defence system capacities and the National CERT’s capacities for the protection from high-tech attacks, as well as an enhanced cooperation with relevant government and private sector organisations and academic institutions for the purpose of protection of the IT systems”.
In its UNGGE position paper in 2016, Serbia emphasised the importance of interstate cooperation in “maintaining effective and responsive mechanisms for information exchange, alerts and announcements on cybersecurity incidents”. The paper goes on to posit that “the special focus should be on the protection of critical infrastructure”, especially in the case of transnational attacks. In 2021, Norway donated a platform worth €1.2 million which will “[serve] to hold cyber exercises at the national level enables the real situation of different attack scenarios, and will contribute to capacity building and training of officials in various state institutions”, according to State Secretary of the Ministry of Trade, Tourism and Telecommunications Milos Cvetanovic [x]. Objective 10 of Uruguay’s Digital Agenda for 2025 provides a clear guideline for resilience measures in cybersecurity and ICT. Uruguay is focused on enhancing cybersecurity to prevent and mitigate risks in cyberspace, advancing compliance with the national cyber-security framework, based on public-private cooperation and ensuring the availability of critical information assets. Uruguay intends to achieve this goal by improving efficiency in detecting and responding to cyber incidents by implementing new technologies that allow for predictive analytics and response automation, among others. El Salvador has taken steps towards addressing cybercrime by establishing a Cybersecurity Policy which aims to ensure the resilience and security of strategic assets. It lays out criteria to develop cybersecurity capacities aimed at protecting critical infrastructure, strengthening response mechanisms, and developing technical and administration skills so that the public and private institutions in El Salvador as well as citizens are aware of cybersecurity and risks related to the use of information technologies.
The Information Society and Information Security Development Strategy for the period 2021-2026 provides a comprehensive approach to the field of information security, which includes both (a) information security of ICT systems of special importance and security of the Republic of Serbia, and (b) security of citizens and businesses, which is particularly reflected through the fight against cybercrime. Its predecessor, the 2017 Strategy for the Development of Information Security, in turn, indicates the fight against cybercrime as one of the government’s five key priorities.
In light of EU accession negotiations, Serbia has signed and ratified the Council of Europe Convention on Cybercrime (Budapest Convention), including its Additional Protocol on Xenophobia and Racism Committed Through Computer Systems. Nevertheless, the country also voted in favour of UNGA resolution 74/247 calling for an international legal instrument to govern this domain. Domestically, the national legislative framework has been developed in accordance with the Budapest Convention and EU legislation. A High-Tech Crime Unit has recently been established within the special prosecutor’s office, along with three specialised units: crime analysis; terrorism and extremism; and drug prevention, addiction and repression.
Serbia is a member of Interpol, with which the country has discussed ways to enhance cooperation with regard to combatting cybercrime. Serbia is also gradually developing its own bilateral cooperation network, signing a Cooperation Memoranda with India in 2016 [x] and Romania in 2017 [x] as well as receiving assistance from Russian experts [x].
Special thanks to Ms Maja Lakusic for her valuable comments. Uruguay is not a signatory State of the Budapest Convention on Cybercrime, cooperating in international affairs outside of the framework established by the Council of Europe. However, it has a relatively low rate of cybercrime compared to other countries in the region, staking its position as one of the most advanced countries in Latin America and the Caribbean in terms of cybersecurity. Much of its success relies on the Cybersecurity Framework published in 2021, which is allowing Uruguay to start using artificial intelligence to automate incident response and pattern detection, as well as incorporating data analytics to make projections and anticipate incidents.
Regarding Data Protection, Uruguay has adapted its national framework to the European GDPR, despite its latest Data Protection Law dating back to 2008. El Salvador has its own legal framework regarding cybercrime, dating back to 2016, but updated during Bukele’s government, called Special Law against Cybercrime and Related Offenses. The bill establishes a series of crimes related to computer systems and electronic communication, such as unauthorised access to computer systems, the production and dissemination of malicious software, and computer fraud.
In light of EU accession negotiations, Serbia has signed and ratified the Council of Europe Convention on Cybercrime (Budapest Convention), including its Additional Protocol on Xenophobia and Racism Committed Through Computer Systems. Nevertheless, the country also voted in favour of UNGA resolution 74/247 calling for an international legal instrument to govern this domain. Domestically, the national legislative framework has been developed in accordance with the Budapest Convention and EU legislation. A High-Tech Crime Unit has recently been established within the special prosecutor’s office, along with three specialised units: crime analysis; terrorism and extremism; and drug prevention, addiction and repression.
Serbia is a member of Interpol, with which the country has discussed ways to enhance cooperation with regard to combatting cybercrime. Serbia is also gradually developing its own bilateral cooperation network, signing a Cooperation Memoranda with India in 2016 [x] and Romania in 2017 [x] as well as receiving assistance from Russian experts [x].
Special thanks to Ms Maja Lakusic for her valuable comments. Uruguay is not a signatory State of the Budapest Convention on Cybercrime, cooperating in international affairs outside of the framework established by the Council of Europe. However, it has a relatively low rate of cybercrime compared to other countries in the region, staking its position as one of the most advanced countries in Latin America and the Caribbean in terms of cybersecurity. Much of its success relies on the Cybersecurity Framework published in 2021, which is allowing Uruguay to start using artificial intelligence to automate incident response and pattern detection, as well as incorporating data analytics to make projections and anticipate incidents.
Regarding Data Protection, Uruguay has adapted its national framework to the European GDPR, despite its latest Data Protection Law dating back to 2008. El Salvador has its own legal framework regarding cybercrime, dating back to 2016, but updated during Bukele’s government, called Special Law against Cybercrime and Related Offenses. The bill establishes a series of crimes related to computer systems and electronic communication, such as unauthorised access to computer systems, the production and dissemination of malicious software, and computer fraud.
