Uzbekistan to introduce legal accountability for citizens facilitating cybercrime

According to the press service of the lower house of parliament, the proposed legislation seeks to clarify state roles, introduce victim support systems, and hold individuals accountable for facilitating fraudulent activities.

The first document designates the Ministry of Internal Affairs as the authorized body for combating cybercrime. It specifically outlines the responsibilities of various state agencies, banks, payment services, and internet providers, increasing their accountability for monitoring suspicious transactions and maintaining robust cybersecurity standards. A significant addition is the introduction of a rehabilitation institute for victims of cybercrime, which will provide legal consultation, medical and psychological assistance, and programs to enhance financial and digital literacy.

Furthermore, the bill introduces proactive mechanisms to prevent illicit activities, including the rapid suspension of suspicious financial transactions. It also focuses on the detection and suppression of "financial pyramids" and other illegal investment schemes. To ensure long-term effectiveness, the law addresses professional training for personnel and emphasizes the importance of international cooperation in the digital sphere.

The second draft law introduces administrative and criminal liability for the illegal transfer of bank cards, electronic wallets, and crypto-wallets to third parties. This also applies to the unauthorized sharing of access credentials, such as logins and passwords. Additionally, stricter penalties are proposed for the illegal transfer and use of SIM cards, personal accounts, and various identification tools.

This focus on personal responsibility follows a presentation made to President Shavkat Mirziyoyev in March, where it was suggested that citizens must bear greater responsibility for electronic payment means and subscriber numbers registered in their names. The goal is to discourage the practice of allowing scammers to use personal accounts and SIM cards for criminal purposes.

The legislation also places a higher burden of responsibility on financial institutions. Banks and payment organizations will be required to compensate victims for damages resulting from their own failure to meet cybersecurity requirements. Moreover, the document establishes precise timeframes for banks to provide necessary data to investigative authorities upon request, ensuring that cybercrime inquiries are not delayed by bureaucratic hurdles.