Aligning Kosovo’s Critical Infrastructure Law with The EU’s Directive on the Resilience of Critical Entities And EU’s NIS2 Directive


Përafrimi i Ligjit të Kosovës për Infrastrukturën Kritike me Direktivën e BE-së për Qëndrueshmërinë e Entiteteve Kritike dhe Direktivën NIS2 të BE-së

Kosovar Center for Security Studies

Supported by

Kosovar Center for Security Studies


Besnik Limaj


This research document presents a thorough analysis and strategic recommendations for the revision of Kosovo’s Law No. 06/L –014 on Critical Infrastructure. The objective is to align it with the latest European Union standards as defined in Directive (EU) 2022/2557 on the resilience of critical entities and the EU NIS 2 Directive 2022/2555, focusing on cybersecurity.

Key Observations: 

  1. Legislative Context and Evolution:
  • Kosovo's existing legislation, Law No. 06/L –014, initially aligned with the EU Directive 2008/114/EC, is now outdated due to the repeal of this directive and the advent of new EU standards.
  • The new Directive (EU) 2022/2557 introduces a paradigm shift from a protection-centric to a resilience-centric approach, expanding the scope of critical infrastructure protection.
  • The EU NIS 2 Directive 2022/2555 significantly broadens the cybersecurity framework, emphasizing the need for comprehensive risk management, enhanced incident reporting, and expanded sectoral coverage.
  1. Comparative Legislative Analysis:
  • The current Kosovo law focuses primarily on energy and transport sectors with defined roles for infrastructure protection, such as Security Coordinators and Security Liaison Officers.
  • In contrast, the EU directives propose an integrative risk management approach, encompassing a wider array of sectors, including digital infrastructure, healthcare, and public administration, and stress the importance of EU-wide collaboration and information sharing.
  1. Strategic Recommendations for Law No. 06/L –014:
  • Revise the law to align with the resilience-oriented framework of Directive (EU) 2022/2557, emphasizing a comprehensive approach to risk assessment and management.
  • Expand the sectoral scope to encompass critical sectors identified in the EU directives, ensuring comprehensive coverage of all vital infrastructure components.
  • Enhance security and resilience planning, improve coordination mechanisms, and ensuring robust reporting and information exchange systems.
  • Integrate cutting-edge cybersecurity technologies and practices, adhering to European cybersecurity standards and certification requirements.
  • Foster robust international cooperation for knowledge sharing and collaborative efforts in infrastructure protection.
  • Establish a mechanism for continuous review and dynamic adaptation of the law to respond effectively to evolving technological and threat landscapes.


Conclusion: The proposed alignment of Kosovo’s critical infrastructure law with the EU’s latest directives is imperative for Kosovo's continued infrastructural resilience and security. Implementing these strategic recommendations will ensure that Kosovo not only complies with EU standards but also enhances its capabilities to protect against modern threats. This progressive alignment will strengthen Kosovo's infrastructure resilience, thus securing the well-being and stability of its citizens in an increasingly interconnected and digitalized global environment.