by

Lika CHIMCHIURI[1]

PDF available.

Abstract

This paper examines NATO’s evolving cybersecurity policy and its influence on global and regional security frameworks. It explores the EU Directive 2013/40/EU, the African Union’s Malabo Convention, and the ECOWAS Directive as regional legal mechanisms against cybercrime. The study also analyzes Georgia’s national cybersecurity system, including its legal framework, institutional mechanisms, and cooperation with NATO, Eurojust, and Interpol. The findings highlight Georgia’s progress in aligning with international norms but reveal gaps in implementation, coordination, and technical capacity. The paper concludes that deeper integration with NATO and EU cybersecurity standards is essential for strengthening Georgia’s cyber resilience.

Keywords:  NATO, cybersecurity, cybercrime, Budapest Convention, EU Directive 2013/40/EU, Malabo Convention, Georgia, cyber defense, international cooperation.

1. The North Atlantic Treaty Organization (NATO) and a Brief Overview of Its Cybersecurity Policy

         The world has been engulfed by cyber threats, reaching even the member states of the North Atlantic Treaty Organization (NATO). The alliance has increasingly faced frequent, complex, and devastating cyberattacks. Strengthening cybersecurity has become one of the primary objectives for NATO and its partners.[2]

In 2016, NATO recognized cyberspace as an operational domain alongside the traditional air, land, and sea domains. This enabled NATO military commanders to better protect operations against cyber threats. As in all other domains, NATO’s actions in cyberspace are defensive, proportionate, and in line with international principles and norms. While each ally remains responsible for its own cyber defense, NATO supports allies by providing guidance on cyber defense, sharing information on cyber threats, and disseminating best practices. NATO assists member states in strengthening their cybersecurity through the following measures: real-time information sharing via a dedicated platform; rapid-response teams of cybersecurity specialists who assist member states in countering cyberattacks when necessary; defining targeted objectives for member states, which helps develop a unified and coordinated approach to advancing cybersecurity; and training exercises, such as the large-scale “Cyber Coalition,” which is one of the world’s most extensive initiatives in the field of cybersecurity.[3]

NATO has established a Cyberspace Operations Centre in Mons, Belgium. The centre assists military commanders in operational decision-making, thereby ensuring the effective management of the Alliance’s operations and missions. NATO also operates a school in Tallinn, Estonia, an accredited research and educational institution that conducts educational programs and research in cybersecurity. The centre provides expertise on cybersecurity issues and organizes so-called “cyber exercises” in which NATO allies and partners participate. As for NATO’s school in Oberammergau, Germany, it also delivers educational training related to cybersecurity, supporting the Alliance’s operations, strategy, policies, and procedures. Finally, NATO’s Defence College, located in Rome, Italy, fosters strategic thinking on politico-military matters, including in the field of cybersecurity.[4]

Over the past fifteen years, NATO’s approach to cybersecurity has undergone a significant transformation. Initially perceived as a purely technical challenge, it is now regarded as an integral component of the Alliance’s strategic security. The necessity to strengthen defensive capabilities against cyberattacks was first acknowledged by Alliance leaders at the Prague Summit in 2002. However, in 2007, when Estonia’s digital infrastructure became the target of cyberattacks, NATO recognized that interstate conflicts could be accompanied by cyberwarfare. Following this, at the 2008 Bucharest Summit, NATO adopted its first cybersecurity policy. That same year, the conflict between Russia and Georgia highlighted that cyberattacks can become a significant element of conventional military confrontations.[5] In parallel, in 2008, the NATO-accredited Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE) was established as a center of excellence. To this day, it operates as an internationally recognized hub in the field of cybersecurity, bringing together leading experts from governmental, military, private, and academic sectors (with participation from 29 countries). Its activities encompass interdisciplinary research, training, and practical exercises across four core areas: technology, strategy, operations, and law.[6]

It is worth noting that NATO has, since 2015, strengthened cybersecurity cooperation in the South Caucasus and Black Sea regions to ensure an effective response to cyber incidents, which, of course, has a positive impact on both the Black Sea and South Caucasus regions.[7] NATO’s initiative in the region aims to enhance regional cooperation, facilitate the rapid exchange of information, and develop joint measures for cyber defense.[8]

For Georgia, as a NATO partner country, it is crucial to modernize the legal framework to effectively address contemporary cyber threats, particularly cross-border and state-sponsored operations. To reiterate, the Georgian Criminal Code needs to criminalize the preparation of cybercrime (e.g., creation or possession of malicious software); incorporate the concept of so-called indirect intent (dolo eventualis); establish a separate provision for cyberattacks targeting national security; and align the Code with the national strategy and international obligations, particularly the Budapest Convention and NATO standards.

2. Regional Regulatory Framework

In previous chapters, we have already discussed the Budapest Convention adopted by the Council of Europe; therefore, we will now turn to other regional mechanisms present in Europe. Specifically, this refers to the European Union’s Directive on attacks against information systems – Directive 2013/40/EU. The purpose of this directive is to harmonize the criminal laws of member states concerning attacks on information systems, thereby defining criminal acts and corresponding sanctions more effectively. The directive also aims to enhance cooperation among the competent authorities of member states (such as the police and other specialized law enforcement bodies), as well as with EU specialized agencies and bodies, including Eurojust, Europol, and its European Cybercrime Centre, and the European Union Agency for Cybersecurity (ENISA).[9]

Information systems constitute a key element of political, social, and economic interactions within the European Union. Society is fundamentally and increasingly dependent on such systems. The uninterrupted functioning and security of these systems are crucial for the development of the internal market, as well as for fostering a competitive and innovative economy. Ensuring an adequate level of protection for information systems should become an integral part of an effective and comprehensive framework for preventing crime in the fight against cybercrime, complementing criminal law enforcement measures.

Attacks targeting information systems, particularly those linked to organized crime, pose an increasing threat both within the European Union and globally. Of particular concern is the potential for attacks motivated by terrorism or political agendas on information systems that form part of the critical infrastructure of Member States and the EU as a whole. Such threats undermine the establishment of a secure and reliable information society network, as well as the development of a space grounded in freedom, security, and the rule of law. Consequently, it is essential to respond at the EU level and to strengthen cooperation and coordination on an international scale.

Several critical infrastructures within the European Union hold such strategic importance that their disruption or destruction would have serious global repercussions. It has become evident that, alongside the need to enhance the protection of critical infrastructure, measures against cyberattacks must be complemented by stringent criminal sanctions that reflect the severity of such attacks. Critical infrastructure can be understood as any facility, system, or part thereof located within member states that is essential for maintaining functions vital to public life, health, safety, security, or economic and social well-being, for example, power plants, transport networks, or state networks whose disruption or destruction could have a significant impact on any member state.[10]

Based on this, the European Union, through this directive, decided to regulate cyberattacks on information systems and to establish corresponding provisions. Specifically, unauthorized access to information systems is prohibited. Member states are required to take the necessary measures to ensure that when access to a system (in whole or in part) is carried out intentionally and without authorization, in violation of security measures, it is classified as a criminal offense, at least in cases where the matter does not concern a minor breach.[11]

Furthermore, the unauthorized interference with information systems is prohibited member states are obliged to adopt appropriate measures to ensure that any disruption or suspension of the functioning of an information system through the input, transmission, damage, deletion, deterioration, alteration, suppression, or rendering inaccessible of computer data, when done intentionally and without authorization, is subject to criminal liability, at a minimum in cases where the act does not constitute a minor infringement.[12]

Furthermore, any unauthorized interference with data is prohibited Member States shall take the necessary measures to ensure that the deletion, damage, corruption, alteration, blocking of access to, or disruption of data in a computer system, when done intentionally and without authorization, is considered a criminal offense and punished under criminal law, at least in cases where such actions are not deemed trivial.[13]

Finally, unlawful interception/eavesdropping is prohibited – Member States are obliged to take the necessary measures to ensure that the unauthorized disclosure of computer data, whether transmitted from, to, or within an information system, including the interception of electromagnetic emissions from such a system, carried out by technical means without legal justification and intentionally, is considered a criminal offense, at least in non-trivial cases, and that offenders are subject to criminal liability.[14]

This directive establishes minimum rules for the definition and penalties of offenses related to attacks against information systems. It also aims to promote the prevention of such offenses and to enhance cooperation between legal and other competent authorities.

The following is the legal framework of the African Union: the African Union Convention on Cybersecurity and Personal Data Protection (Malabo Convention)[15], adopted in 2014 in Malabo, the capital of Equatorial Guinea. The purpose of this Convention is to address the absence of specific legal norms in the region for the protection of consumers’ intellectual property rights, personal data, and information systems; the lack of regulations governing electronic services and remote work; the introduction of electronic methods in commercial and administrative activities; the legal recognition of evidence generated through digital technologies; and the absence of adequate tax and customs regulations for electronic commerce, among other objectives. [16]

The aforementioned circumstances necessitate the development of an appropriate normative framework that aligns with Africa’s legal, cultural, economic, and social context. It is emphasized that the protection of personal data and privacy constitutes one of the principal challenges in the information society, both for states and other stakeholders. To address this, it is essential to strike a balance between the use of information and communication technologies and the safeguarding of citizens’ privacy, while simultaneously ensuring the free flow of information.[17]

The Convention aims to establish a unified and harmonized cybersecurity legal framework among the member states of the African Union and to ensure the creation of mechanisms that can effectively address breaches of confidentiality arising during the collection, processing, transfer, storage, and use of personal data. The Convention envisions the establishment of an institutional framework that imposes the protection of individuals’ fundamental rights and freedoms in any data processing activity, while taking into account the prerogatives of states and local communities as well as business interests, and is grounded in internationally recognized best practices.[18]

To put it more clearly, the Convention criminalizes cybercrimes; in other words, the Malabo Convention establishes a legal framework for punishing acts such as: unauthorized access to computer systems; unlawful acquisition, alteration, or destruction of data; cyberattacks (including DDoS attacks, malware, and viruses); and the illegal collection and dissemination of personal data, while also promoting international cooperation.

Although the Convention constitutes a continental instrument, it sets out mechanisms for cooperation with international law enforcement bodies. Specifically, it includes the exchange of evidence, extradition procedures, and the coordination of law enforcement agencies. In the African region, we also encounter a legal instrument addressing cybercrime. Notably, the Economic Community of West African States (ECOWAS) adopted a significant regional legal framework aimed at harmonizing efforts to combat cybercrime and promoting cybersecurity among its member states. The ECOWAS Directive C/DIR.1/08/11 on Combating Cybercrime was adopted in August 2011.[19] It covers the regulation of offenses such as unauthorized access to computer systems (i.e., hacking); illegal alteration of data; unlawful interference with data and system functionality; misuse of technical devices; document forgery and fraud facilitated by computers; offenses related to the dissemination of child pornography, among others. The directive also promotes the establishment of national bodies and mechanisms to combat cybercrime, the development of national strategies and action plans, regional cooperation, and the enhancement of training for personnel involved in combating such offenses.[20]

Based on all of the above, I believe that reforming Georgia’s Criminal Code in line with European and regional standards would be highly beneficial for the country. Cybercrimes should be distinctly defined, mechanisms for the protection of critical infrastructure must be implemented, and crimes committed through the use of AI should be criminalized, with clear definitions of all relevant terms.

3. Georgia’s Mechanisms for Combating Cybercrime

In this section, we examine Georgia’s mechanisms for combating cybercrime, as well as its cooperation with international and regional organizations and states. Thus, in addition to Chapter XXXV of the Criminal Code, which regulates acts committed in cyberspace and has already been discussed, Georgia has other mechanisms to fight cybercrime. Specifically, on June 30, 2023, the Parliament of Georgia adopted the Law on “Information Security.” [21] which came into force on March 1, 2024. This law establishes general standards for information security applicable to both the public and private sectors. In particular, it aims to promote the effective and operational implementation of information security measures, sets out the rights and obligations of public and private sector entities in the field of information security, and defines the state’s mechanisms for overseeing the implementation of information security policies.[22]

Although Chapter XXXV (Articles 284–289) of the Criminal Code of Georgia provides a significant legal framework for prosecuting cybercrime, considering the diversity of real-world threats, these mechanisms still require enhancement, further detailing, and functional synchronization with other legal and institutional instruments.

Additionally, Georgia has the Law on the Protection of Personal Data, which was adopted on December 28, 2011, and entered into force on May 1, 2012.[23] Since then, it has been revised and updated several times, including in alignment with European regulations such as the GDPR and human rights standards. The purpose of the law is to safeguard fundamental human rights and freedoms, particularly the rights to privacy, family life, personal space, and the confidentiality of communications when processing personal data.[24]

The Cybercrime Division has been established within the Central Criminal Police Department of the Ministry of Internal Affairs of Georgia. Its mandate includes detecting, preventing, and addressing unlawful activities committed in cyberspace. When necessary, the Division also carries out arrests.[25]

In addition, within the Ministry of Internal Affairs, a Subdivision for Computer-Digital Expertise has been established under the Main Department of Forensic-Criminalistics, which is directly responsible for the initial handling of digital evidence and its subsequent examination. The Ministry also operates an Operational-Technical Department, which oversees the implementation and operation of innovative information technologies and digital telecommunication systems within the Ministry, provides consultation to other state institutions in these areas, ensures telecommunication support for the Ministry and its structural units, and, in accordance with the procedures established by law, conducts forensic-criminalistic examination of digital evidence obtained during investigative activities.[26] Accordingly, standard operating procedures have been developed for the initial handling of digital evidence. The documents define the types of software and technical protocols to be used in the processing of digital evidence. At the Ministry of Internal Affairs Academy, specialized training modules have been developed covering issues related to cybercrime, including the search and seizure of electronic evidence, investigative techniques for cyber offenses, the legal aspects of cybercrime, and more.

On September 30, 2021, the Government of Georgia adopted the National Cybersecurity Strategy 2021–2024 and its corresponding Action Plan. The seven strategic documents define four priority objectives.[27]: Development of the information society and organizational cyber culture, as well as the strengthening of capabilities in cyberspace to address threats and incidents; resilience of the cybersecurity governance system and enhancement of public-private cooperation; advancement of cyber capabilities through a highly skilled workforce and adequate technical infrastructure; and strengthening Georgia's role as a secure and protected country on the international cybersecurity stage.

Regarding Georgia’s international cooperation in combating cybercrime, the country has a law in the criminal justice sector on international cooperation, which establishes procedures for providing legal assistance in criminal cases, extradition, the transfer of criminal case materials or their duly certified copies for the purpose of subsequent criminal prosecution, the enforcement of judgments, international cooperation in connection with the confiscation of property, and the transfer (handover) of convicted persons for the execution of custodial sentences.[28] Accordingly, Georgia is obliged to cooperate with other states in combating crime. An example of this is the collaboration between Georgian and U.S. law enforcement authorities in 2019, which led to the imprisonment of members of a transnational cybercriminal network. Members of this criminal network resided in Russia, Georgia, Ukraine, Moldova, and Bulgaria. Therefore, to ensure coordinated action among all participating countries, international organizations, namely Eurojust and Europol, actively engaged in the case, under whose auspices multiple meetings were planned and held in The Hague.

On May 8, 2019, based on a court order, the Ministry of Internal Affairs of Georgia arrested two Georgian citizens: A.K. (also known as “none_1”), one of the leaders of the Goznim criminal network, and his principal technical assistant, M.K. (also known as “phant0m”). The Office of the Prosecutor General of Georgia brought charges against both citizens for crimes committed against American companies, specifically: unauthorized access to computer systems by a group of persons acting in concert; unlawful storage of computer data and unauthorized use of computer data and computer systems, committed by a group acting in concert; and theft committed by an organized group, which caused substantial damage. The Tbilisi City Court fully upheld the evidence presented by the Prosecutor General’s Office of Georgia, sentencing A.K. (aka “phant0m”) to seven years of imprisonment and M.K. (aka “none_1”) to five years of imprisonment.[29] This case is the best example and experience proving that in the fight against transnational crime, there is no alternative to international legal cooperation.

The Phantom case clearly demonstrates that a purely national legal framework is unequivocally insufficient to provide an effective response to transnational cybercrime. The involvement of Eurojust, Europol, and Interpol enhances legal coordination, which is essential for the successful application of Articles 286¹ and 284–285.

For Georgia, effective implementation of the Budapest Convention should encompass not only formal alignment of provisions but also the establishment of genuine legal assistance mechanisms, including the preservation and transfer of temporary data, as well as the exchange of evidence.

In addition, the Government of Georgia, the European Commission, and the Council of Europe agreed to implement a joint project covering the period from June 1, 2009, to May 31, 2010. Its objective was to assist Georgia in developing a coherent policy on cybercrime through the implementation of the Convention on Cybercrime. In particular, this included drafting legislative proposals, bringing Georgian legislation fully in line with the Convention on Cybercrime and relevant European data protection standards, as well as conducting training, developing modules, and other related activities.[30]

Since this period, there has been progress, though not ideal. In Georgia’s 2024 report, the alignment rate with the EU’s Common Foreign and Security Policy (including cybersecurity) remains significantly low, at 49%. Georgia has not participated in the EU’s crisis management missions and operations under the Common Security and Defence Policy since June 2023. This has resulted in Georgia falling behind, including in legal terms.[31]

In 2019, Georgia and Eurojust signed a cooperation agreement. The agreement provides for the swift and effective exchange of information and evidence between Georgia, EU member states, and third countries that have also concluded cooperation agreements with Eurojust. Notably, the agreement enables Georgia to appoint a prosecutor as a coordinator/contact point at Eurojust, thereby strengthening operational cooperation and ensuring better coordination of the international actions it facilitates. Georgia is among the most active third countries in judicial cooperation supported by Eurojust.[32]

Also, Georgia maintains close ties with Interpol, which facilitates cooperation in combating cybercrime. This partnership enables the exchange of information and the conduct of joint operations against crime.

Georgia’s National Cybersecurity Strategy (2021–2024) adequately reflects the ambition to respond to modern threats; however, the legal instruments and their practical implementation still lag behind the strategic objectives. Therefore, the practical application of the provisions of the Criminal Code should be strengthened within law enforcement agencies, ensuring their coordination with the Law on Personal Data Protection and the Law on Information Security, alongside the standardization of training courses at the Ministry of Internal Affairs Academy and within judicial training programs. Since cybercrime is often carried out from abroad, evidence collection and investigation become more complex. In this process, inter-state cooperation is crucial, as it ensures mutual assistance in cases of urgent necessity. One of the key provisions of the Convention on Cybercrime is the possibility for a member state to transmit information without a prior request, which facilitates the effective investigation of crimes and significantly assists the receiving state.[33] Accordingly, it is important to update the legislation in line with modern challenges, strengthen both security and technical resources, and deepen cooperation at the regional and international levels.

Georgia has a solid legal framework for combating cybercrime; however, its implementation, technical mechanisms, and international engagement require strengthening and better synchronization. Particular importance lies in refining the existing provisions of the Criminal Code, expanding their technical content, and adapting them to practical realities. The current norms of the Criminal Code are often too broad and general, which complicates their application to real-life situations. Practice lags behind strategic objectives, and there is no unified, integrated platform that brings together information security, personal data protection, and criminal law. Despite notable progress, international coordination still needs improvement, especially at the investigative and preventive stages. What is required is the convergence of the legal framework on cybercrime with technical realities, meaning not merely the existence of laws on paper, but their functional and practical implementation in real life.

Conclusion

Cybersecurity has become a strategic component of global security. NATO and regional organizations have developed robust frameworks, but their effectiveness depends on national implementation. Georgia has made notable legal progress; however, it must enhance institutional coordination, technical capacity, and cross-border cooperation. Strengthening these areas will ensure Georgia’s stronger alignment with international cybersecurity standards and contribute to regional stability.

References

1. Bosco, D. (2014). Rough Justice: The International Criminal Court in a World of Power Politics. Oxford University Press.

2. Council of Europe. (2001). Convention on Cybercrime (Budapest Convention). ETS No. 185.

3. European Union. (2013). Directive 2013/40/EU of the European Parliament and of the Council on attacks against information systems. Official Journal of the European Union, L 218/8.

4. European Union Agency for Cybersecurity (ENISA). (2023). Cybersecurity Threat Landscape 2023. ENISA Publications.

5. NATO. (2016). Warsaw Summit Communiqué. North Atlantic Treaty Organization.

6. NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). (2024). Cyber Defence Overview. Retrieved from https://ccdcoe.org

7. African Union. (2014). Convention on Cyber Security and Personal Data Protection (Malabo Convention). African Union Commission.

8. Economic Community of West African States (ECOWAS). (2011). Directive C/DIR.1/08/11 on Combating Cybercrime. ECOWAS Commission.

9. Government of Georgia. (2021). National Cybersecurity Strategy of Georgia 2021–2024. Tbilisi.

10.  Ministry of Internal Affairs of Georgia. (2024). Annual Report on Cybercrime and Digital Evidence. Tbilisi.

11.  Eurojust. (2019). Cooperation Agreement between Eurojust and Georgia. The Hague.

[1] CyJurII Scholar, Young researcher, PhD Student in Law at Caucasus International University, LL.M, LL.B, Assistant to the Rector and Invited Lecturer at Sokhumi State University. United Nations Representative & Delegate for CIRID – ECOSOC NGO Accredited to: UNOG (Geneva), UNOV (Vienna), and UNHQ (New York)

[2] Maigre, Merle. NATO’s Role in Global Cyber Security. Policy Brief, German Marshall Fund of the United States, Apr. 2022, www.gmfus.org, Accessed Date  12May 2025

[3] North Atlantic Treaty Organization. NATO Cyber Defence. Factsheet, NATO, Apr. 2021, www.nato.int/factsheets, Accessed Date  12 May 2025

[4] North Atlantic Treaty Organization. NATO Cyber Defence. Factsheet, NATO, Apr. 2021, www.nato.int/factsheets, Accessed Date  12 May 2025

[5] Maigre, Merle. NATO’s Role in Global Cyber Security. Policy Brief, German Marshall Fund of the United States, Apr. 2022, www.gmfus.org, Accessed Date  12 May 2025

[6] Ibid.  

[7] "Enhanced Cyber Defence Cooperation in the South Caucasus and Black Sea Region." NATO, 29 July 2015, www.nato.int/cps/en/natohq/news_121969.htm. Accessed Date  30 May 2025

[8] Ibid.

[9] European Parliament and Council of the European Union. Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on Attacks Against Information Systems and Replacing Council Framework Decision 2005/222/JHA. Official Journal of the European Union, 14 Aug. 2013, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32013L0040, Accessed Date  14 May 2025

[10] European Parliament and Council of the European Union. Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on Attacks Against Information Systems and Replacing Council Framework Decision 2005/222/JHA. Official Journal of the European Union, 14 Aug. 2013, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32013L0040, Accessed Date  14 May 2025

[11] European Parliament and Council of the European Union. Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on Attacks Against Information Systems and Replacing Council Framework Decision 2005/222/JHA. Official Journal of the European Union, 14 Aug. 2013, article 3, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32013L0040, Accessed Date  14 May 2025

[12] European Parliament and Council of the European Union. Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on Attacks Against Information Systems and Replacing Council Framework Decision 2005/222/JHA. Official Journal of the European Union, 14 Aug. 2013, article 4, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32013L0040, Accessed Date  14 May 2025

[13] European Parliament and Council of the European Union. Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on Attacks Against Information Systems and Replacing Council Framework Decision 2005/222/JHA. Official Journal of the European Union, 14 Aug. 2013, article 5, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32013L0040, Accessed Date  14 May 2025

[14] European Parliament and Council of the European Union. Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on Attacks Against Information Systems and Replacing Council Framework Decision 2005/222/JHA. Official Journal of the European Union, 14 Aug. 2013, article 6, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32013L0040, Accessed Date  14 May 2025

[15] African Union. African Union Convention on Cyber Security and Personal Data Protection. 27 June 2014, https://au.int/sites/default/files/treaties/29560-treaty-0048_-_african_union_convention_on_cyber_security_and_personal_data_protection_e.pdf, Accessed Date  13May 2025

[16] Ibid.

[17] African Union. African Union Convention on Cyber Security and Personal Data Protection. 27 June 2014, https://au.int/sites/default/files/treaties/29560-treaty-0048_-_african_union_convention_on_cyber_security_and_personal_data_protection_e.pdf, Accessed Date  13May 2025

[18] Ibid.

[19] Economic Community of West African States. Directive C/DIR.1/08/11 on Fighting Cyber Crime Within ECOWAS. Sixty-Sixth Ordinary Session of the Council of Ministers, 17–19 Aug. 2011, Abuja, Nigeria. ECOWAS, 2011. https://www.ecowas.int/wp-content/uploads/2012/12/Directive-on-Cybercrime.pdf, Accessed Date  29 May 2025

[20] Economic Community of West African States. Directive C/DIR.1/08/11 on Fighting Cyber Crime Within ECOWAS. Sixty-Sixth Ordinary Session of the Council of Ministers, 17–19 Aug. 2011, Abuja, Nigeria. ECOWAS, 2011. https://www.ecowas.int/wp-content/uploads/2012/12/Directive-on-Cybercrime.pdf, Accessed Date  29 May 2025

[21] Law of Georgia “On Information Security.” Parliament of Georgia, June 5, 2012, Legislative Herald. Website, June 19, 2012, consolidated version, https://matsne.gov.ge/ka/document/view/16807, Accessed May 25, 2025.

[22] Ibid.

[23] Law of Georgia “On Personal Data Protection.” Parliament of Georgia, 14 June 2023, Official Gazette. Website, 3 July 2023, consolidated version (latest update: 13 May 2025), https://matsne.gov.ge/ka/document/view/20936, Accessed 25 May 2025.

[24] Law of Georgia on the Protection of Personal Data. Parliament of Georgia, 14 June 2023, Official Gazette, website, 3 July 2023, consolidated version (latest update: 13 May 2025), https://matsne.gov.ge/ka/document/view/20936, Accessed 25 May 2025

[25] Svanadze, Vladimir and Andria Gotsiridze. Cyber Defense: Key Players in Cyberspace, Cybersecurity Policy, Strategy, and Challenges (A Collection of Papers and Articles). Ministry of Defense of Georgia, LEPL – Bureau of Cybersecurity, Tbilisi, 2015 (In Georgian), p. 148.

[26] Svanadze, Vladimer, and Andria Gotsiridze. Cyber Defense: Key Players in Cyberspace, Cybersecurity Policy, Strategy, and Challenges (Collection of Papers and Articles). Ministry of Defense of Georgia, LEPL – Cybersecurity Bureau, Tbilisi, 2015 (In Georgian), p. 149

[27] Institute for Development of Freedom of Information (IDFI), Cybersecurity and the Protection of Personal Data: Insufficient Legal Safeguards and Recommendations, Tbilisi, 2022 (In Georgian), p. 4

[28] Law of Georgia on International Cooperation in the Field of Criminal Justice. Parliament of Georgia, 16 April 2009. SSM, website. 11th edition, 19 April 2024. Consolidated version. https://matsne.gov.ge/ka/document/view/112594?publication=11, Accessed 3 June 2025.

[29] Prosecutor General’s Office of Georgia. “As a result of cooperation between the law enforcement agencies of Georgia and the United States, members of a transnational cybercriminal network have been sentenced to imprisonment.” 19 December 2019. Prosecutor General’s Office of Georgia, official website, https://pog.gov.ge/news/saqarTvelosa-da-ashsh-is-samarTaldacav-organoebs-shoris-Tanamshromlobis-shedegad-transnacionaluri-k, Accessed 3 June 2025.

[30] “Cybercrime Project Georgia.” Council of Europe, 2025, www.coe.int/en/web/cybercrime/c-proc-capacity-building/completed-projects/cybercrime-project-georgia. Accessed Date  30 May 2025

[31] European Commission. Commission Staff Working Document: Georgia 2024 Report. SWD (2024) 697 final, 30 Oct. 2024. Accompanying the document Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of Regions: 2024 Communication on EU Enlargement Policy, p.4

[32] Ibid.

[33] Zoidze, Murman. International Criminal Law Cooperation Against Cybercrime. Georgian Technical University, Tbilisi, 2021 (In Georgian), p. 82