There will be no session of parliament today, the deputies decided. The proposal for this was made by Denitsa Sacheva from GERB – UDF, arguing with the late hour until which last night's plenary session lasted.
The agenda for the first Friday of the month provided for a blitz control at 9:00 a.m., during which the Prime Minister and Deputy Prime Ministers would answer current questions from deputies, and regular parliamentary control at 11:00 a.m.
Nikolai Denkov from „We continue the change – Democratic Bulgaria“ (PP – DB) objected to the proposal not to have a session today.
Colleagues believe that there is nothing to discuss at the control, but there are many events that require an explanation from both the Prime Minister and the Deputy Prime Ministers, said Denkov. I propose that we start an hour later and hear the answers of the executive branch in resignation, he added.
Asen Vassilev from PP – DB commented that this proposal is scandalous and requested a break so that the deputies could think it over.
After the given break of 15 minutes, with 90 votes “for“ and 65 &ndquo;against“ The deputies decided that the parliament would not sit.
Denkov's proposal to start the session one hour later was rejected with 62 votes “for“, 85 – “against“ and five – “abstain“.
It is scandalous to hide the Prime Minister and the ministers from the deputies' questions, commented Martin Dimitrov (PP – DB).
The Speaker of the National Assembly Raya Nazaryan announced that the next plenary session is on February 11 at 9:00. She then closed the session, which lasted until 23:30. For these more than 14 hours, the deputies adopted on second reading the changes to the Electoral Code to limit the sections in countries outside the EU.
The Parliament also adopted on second reading changes to the Cybersecurity Act, which introduce improved European requirements in relation to risk assessment and incident reporting. The amendments also include texts related to limiting the use of risky technologies.
The changes to the national legislation introduce provisions of the European Directive on measures for a high common level of cybersecurity, which includes the protection of network and information systems (NIS) or the so-called NIS Directive 2.
The entities to which the requirements of the law are addressed, in addition to administrative authorities, include public and private entities, providers of qualified certification services and domain name registries, educational institutions when they carry out scientific research activities of critical importance, and judicial authorities. According to certain criteria in the law, they are divided into essential and important entities.
The bill expands the sectors of impact, from eight to 18. It includes sectors such as space, wastewater, management of information and communication technology (ICT) services between businesses, as well as critical sectors such as postal and courier services, waste management, production and distribution of chemicals and food, production (of medical devices, computers, electronic and optical products, machinery and equipment, motor vehicles, trailers and semi-trailers), digital service providers and scientific research.
Essential and important entities shall notify SERIX (sectoral computer security incident response team) of each significant incident within 24 hours of its detection, the amendments provide. The information shall be updated within 72 hours and an initial assessment shall be provided, including its severity and impact, as well as technical information about the incident. For certification service providers, the deadline for updating the information is 24 hours. A final report is submitted no later than one month after the updated notification.
It is envisaged that the Council of Ministers (CM), by a decree adopted upon a proposal from the Cybersecurity Council, will be able to create requirements for essential and important entities to use specific, proven operationally and economically appropriate ICT products, ICT services and ICT procedures that have been developed by them or acquired from third parties, certified within the framework of European cybersecurity schemes, the deputies decided.
Based on information provided on the results of a coordinated EU-level assessment of the security risk of critical supply chains, the Cybersecurity Council shall prepare a reasoned proposal to the Council of Ministers for the adoption of a decree restricting the use by entities within the scope of the law of specific technologies or critical supply chains of ICT services or/and ICT products originating from countries outside the EU.
In case the entities within the scope of the law already use a technology that is restricted by the Council of Ministers' decree, they should cease using it within three years of the adoption of the decree. In cases of high risk to national security, the decree shall specify a shorter period, MPs agreed. The wording of these texts was proposed by Rumen Hristov from GERB – UDF and approved by the plenary hall.
Angel Slavchev ("Vazrazhdane") also proposed a revision – the Council of Ministers' decree to be of a recommendatory nature, but it was not adopted.
Maya Dimitrova ("BSP – United Left") requested that the period for using limited technology be five years from the adoption of the decree, but this was not supported in the plenary hall either.
During the debate, Angel Slavchev commented that this bill is over-regulation for business and is not needed. With it, we oblige not only state-owned enterprises, but also private business and impose on it what technology it should use. These restrictions will be at the proposal of the Cybersecurity Council, and the Council of Ministers will issue a decree, he explained. In his words, the American embassy has "pressured" the ruling majority to adopt this bill as soon as possible.
His colleague Tsoncho Ganev commented that a lobbying law is being considered "late in the day", which has one sole purpose – to expel all Chinese telecommunications equipment companies from Bulgaria. According to him, this serves "Nokia" and "Ericsson" and most likely they will take the place of the Chinese companies.
Krassimira Katincharova from "Velichy" said that the framework of the directive has been overstated too much and this turns the bill into an instrument of administrative pressure.
The outgoing Minister of Electronic Governance Valentin Mundrov was also present in the plenary hall.