ON MEASURES AIMED
AT FURTHER STRENGTHENING ACTIVITIES
TO COMBAT CRIMES COMMITTED
USING INFORMATION TECHNOLOGIES
In order to effectively implement the tasks defined at the extended meeting of the National Anti-Corruption Council held on March 5, 2025, and to further strengthen efforts to combat crimes committed using information technologies (hereinafter – cybercrimes), I HEREBY DECREE:
I. Priority Tasks
1. To designate the Ministry of Internal Affairs as the authorized body for implementing a unified operational practice in combating cybercrime in the Republic of Uzbekistan, coordinating activities, and organizing targeted cooperation among all responsible state bodies and institutions in this area.
2. To assign to each authorized state body, as well as organizations, banks, payment system operators, and payment organizations, strict responsibility for taking all necessary measures aimed at preventing cybercrime and raising public cyber-awareness.
3. In organizing their daily operations, banks, payment system operators, and payment organizations shall prioritize the protection of clients’ interests and financial security.
2. To assign to each authorized state body, as well as organizations, banks, payment system operators, and payment organizations, strict responsibility for taking all necessary measures aimed at preventing cybercrime and raising public cyber-awareness.
3. In organizing their daily operations, banks, payment system operators, and payment organizations shall prioritize the protection of clients’ interests and financial security.
II. Improving Legal and Regulatory Mechanisms
4. The Ministry of Internal Affairs (Tashpulatov), together with relevant ministries and agencies, shall, by the end of 2025, develop and submit to the Cabinet of Ministers a draft law “On Combating Crimes Committed Using Information Technologies.” This law shall be based on a comprehensive study of current practices, modern requirements, and advanced international experience, and shall define the priorities and operational mechanisms of this sector, as well as specific responsibilities of state bodies, banks, payment system operators, and payment organizations in preventing and solving cybercrimes.
5. To approve the proposals of the Ministry of Internal Affairs, the State Security Service, the Prosecutor General’s Office, and the Central Bank, which provide for:
(a) Establishing administrative and criminal liability for persons (so-called “droppers”) who allow their bank cards, bank accounts, SIM cards, e-wallets (electronic accounts) to be used in the commission of cybercrimes;
(b) Improving current regulations on responsibility for non-compliance with information and cybersecurity requirements, including cases where consequences have not yet occurred;
(c) Introducing procedures for compensating material damage caused by cybercrime—due to non-compliance with information and cybersecurity requirements—at the expense of banks, payment system operators, and other relevant organizations;
(d) Strengthening the criminal penalties for offenses in the field of information technologies and illegal activities related to attracting financial assets or other property;
(e) Defining the use of information technologies in committing a crime as an aggravating circumstance;
(f) Introducing a system to set specific deadlines for complying with law enforcement agencies’ requests and decisions related to banking secrecy, and simplifying the mechanisms and requirements for fulfilling them.
6. The Ministry of Internal Affairs (Tashpulatov), State Security Service (Kurbanov), Prosecutor General’s Office (Yuldoshev), and the Central Bank (Ishmetov) shall, within two months, jointly develop and submit to the Cabinet of Ministers a draft law implementing the proposals approved by this Decree.
5. To approve the proposals of the Ministry of Internal Affairs, the State Security Service, the Prosecutor General’s Office, and the Central Bank, which provide for:
(a) Establishing administrative and criminal liability for persons (so-called “droppers”) who allow their bank cards, bank accounts, SIM cards, e-wallets (electronic accounts) to be used in the commission of cybercrimes;
(b) Improving current regulations on responsibility for non-compliance with information and cybersecurity requirements, including cases where consequences have not yet occurred;
(c) Introducing procedures for compensating material damage caused by cybercrime—due to non-compliance with information and cybersecurity requirements—at the expense of banks, payment system operators, and other relevant organizations;
(d) Strengthening the criminal penalties for offenses in the field of information technologies and illegal activities related to attracting financial assets or other property;
(e) Defining the use of information technologies in committing a crime as an aggravating circumstance;
(f) Introducing a system to set specific deadlines for complying with law enforcement agencies’ requests and decisions related to banking secrecy, and simplifying the mechanisms and requirements for fulfilling them.
6. The Ministry of Internal Affairs (Tashpulatov), State Security Service (Kurbanov), Prosecutor General’s Office (Yuldoshev), and the Central Bank (Ishmetov) shall, within two months, jointly develop and submit to the Cabinet of Ministers a draft law implementing the proposals approved by this Decree.
III. Mechanisms for Preventing Cybercrime
7. To establish the following procedures:
(a) The Ministry of Internal Affairs shall, for the purpose of increasing the accountability of banks and payment organizations for information and cybersecurity policies, implement a practice of publishing, at the end of each month, a list of banks and payment organizations whose systems have recorded the highest number of cybercrimes (due to vulnerabilities or deficiencies);
(b) The Central Bank shall implement a system for detecting signs of fraudulent schemes (e.g., “Ponzi schemes”) or suspicious activities aimed at attracting public funds, by monitoring transactions of individuals and legal entities and promptly notifying law enforcement agencies;
(c) The Cabinet of Ministers shall annually approve a comprehensive awareness-raising and educational program aimed at improving cyber-literacy and developing cyber-hygiene among the population, and shall establish strict oversight over its implementation.
8. During awareness-raising campaigns to prevent cybercrime, special attention shall be paid to:
(a) Holding an annual “Cyber Literacy Month” nationwide every November;
(b) New types of cybercrime and methods of commission;
(c) Utilizing targeted advertising services online and on social media free of charge to inform the public about types of cybercrime and how they are committed.
9. The Central Bank (Ishmetov) shall, by September 1, 2025, take the following urgent measures:
(a) Integrate transaction and other relevant data of banks, payment system operators, payment organizations, and credit bureaus with the Central Bank’s Unified Platform;
(b) Complete the implementation of the centralized anti-fraud system at the Central Bank and of anti-fraud systems (session-based, transactional, and telecom) at banks, payment system operators, and payment organizations;
(c) Develop technical specifications for platforms and specialized protection systems, in coordination with the Cybersecurity Center, the Ministry of Internal Affairs, and the Center for the Development of Digital Technologies.
10. The Ministry of Digital Technologies (Shermatov), together with relevant agencies and institutions, shall complete the implementation of a full-fledged system to block fraudulent phone calls by the end of 2025.
11. The Central Bank (Ishmetov), by the end of 2025, shall:
(a) Develop and implement appropriate requirements for the opening of bank accounts and issuance of bank cards to minors;
(b) Introduce a practice whereby banks notify parents about suspicious (fraud-related) transactions involving their minor children;
(c) Maintain a register of persons (“droppers”) to whom citizens have provided their bank card, bank account, or e-wallet information for committing cybercrimes;
(d) Take measures to ensure that banks and payment organizations install antivirus protection systems on their mobile applications and implement user notification practices in cases where signs of malicious software are detected on their devices.
(a) The Ministry of Internal Affairs shall, for the purpose of increasing the accountability of banks and payment organizations for information and cybersecurity policies, implement a practice of publishing, at the end of each month, a list of banks and payment organizations whose systems have recorded the highest number of cybercrimes (due to vulnerabilities or deficiencies);
(b) The Central Bank shall implement a system for detecting signs of fraudulent schemes (e.g., “Ponzi schemes”) or suspicious activities aimed at attracting public funds, by monitoring transactions of individuals and legal entities and promptly notifying law enforcement agencies;
(c) The Cabinet of Ministers shall annually approve a comprehensive awareness-raising and educational program aimed at improving cyber-literacy and developing cyber-hygiene among the population, and shall establish strict oversight over its implementation.
8. During awareness-raising campaigns to prevent cybercrime, special attention shall be paid to:
(a) Holding an annual “Cyber Literacy Month” nationwide every November;
(b) New types of cybercrime and methods of commission;
(c) Utilizing targeted advertising services online and on social media free of charge to inform the public about types of cybercrime and how they are committed.
9. The Central Bank (Ishmetov) shall, by September 1, 2025, take the following urgent measures:
(a) Integrate transaction and other relevant data of banks, payment system operators, payment organizations, and credit bureaus with the Central Bank’s Unified Platform;
(b) Complete the implementation of the centralized anti-fraud system at the Central Bank and of anti-fraud systems (session-based, transactional, and telecom) at banks, payment system operators, and payment organizations;
(c) Develop technical specifications for platforms and specialized protection systems, in coordination with the Cybersecurity Center, the Ministry of Internal Affairs, and the Center for the Development of Digital Technologies.
10. The Ministry of Digital Technologies (Shermatov), together with relevant agencies and institutions, shall complete the implementation of a full-fledged system to block fraudulent phone calls by the end of 2025.
11. The Central Bank (Ishmetov), by the end of 2025, shall:
(a) Develop and implement appropriate requirements for the opening of bank accounts and issuance of bank cards to minors;
(b) Introduce a practice whereby banks notify parents about suspicious (fraud-related) transactions involving their minor children;
(c) Maintain a register of persons (“droppers”) to whom citizens have provided their bank card, bank account, or e-wallet information for committing cybercrimes;
(d) Take measures to ensure that banks and payment organizations install antivirus protection systems on their mobile applications and implement user notification practices in cases where signs of malicious software are detected on their devices.
IV. Mechanisms for Solving Cybercrimes
12. The Ministry of Internal Affairs (Tashpulatov) and the Central Bank (Ishmetov), within one month, shall take the following joint measures to establish an operational response system for the early prevention and rapid detection of cybercrimes, as well as to prevent the transfer of funds outside the Republic:
(a) Prompt blocking of bank cards involved in suspicious money transfer transactions, based on requests from relevant departments of the internal affairs authorities;
(b) Immediate provision of information about bank cards involved in suspicious money transfer transactions to the responsible departments of the internal affairs authorities.
13. To introduce a procedure for issuing a cybersecurity compliance opinion by the State Cybersecurity Center (GUP “Cybersecurity Center”) during preliminary inspections and pre-trial investigations of cybercrime cases.
14. To establish that:
(a) A Department for Ensuring Legality in the Field of Combating Cybercrime, consisting of 6 staff units, shall be created within the Directorate for Oversight of Law Enforcement in the Internal Affairs Bodies of the Prosecutor General’s Office. Additionally, 44 staff positions shall be allocated to organize the work of its groups within the departments for supervision of law enforcement in the territorial and transport prosecutor’s offices;
(b) These units shall conduct prosecutorial supervision of the legality of the internal affairs bodies’ activities in investigating and solving cybercrimes;
(c) These units shall be formed using the existing staff of the Bureau of Compulsory Enforcement under the Prosecutor General’s Office and personnel involved in the operations of regional socio-economic development sectors.
15. The Prosecutor General’s Office (Samadov) shall, by July 1, 2025, take measures to train employees of the newly created cybercrime legality units (within the prosecution structure, as outlined in this Decree) through retraining courses at the Law Enforcement Academy.
16. The Ministry of Internal Affairs (Tashpulatov) shall:
(a) By September 1, 2025, launch a platform for electronic data exchange between the Ministry of Internal Affairs, the Prosecutor General’s Office, and the Central Bank, to ensure the prompt transfer of data and urgent action on incoming cybercrime-related reports;
(b) In cooperation with the Ministry of Foreign Affairs (Saidov), organize official business trips for cybersecurity unit staff to foreign countries to study international best practices and enhance their qualifications.
17. The Ministry of Foreign Affairs (Saidov), together with interested ministries and agencies, shall create an Interdepartmental Working Group and, within three months, ensure a comprehensive study of the issue of acceding to the European Union’s Budapest Convention on Cybercrime under defined conditions, and shall submit well-grounded proposals in this regard in accordance with the established procedure.
(a) Prompt blocking of bank cards involved in suspicious money transfer transactions, based on requests from relevant departments of the internal affairs authorities;
(b) Immediate provision of information about bank cards involved in suspicious money transfer transactions to the responsible departments of the internal affairs authorities.
13. To introduce a procedure for issuing a cybersecurity compliance opinion by the State Cybersecurity Center (GUP “Cybersecurity Center”) during preliminary inspections and pre-trial investigations of cybercrime cases.
14. To establish that:
(a) A Department for Ensuring Legality in the Field of Combating Cybercrime, consisting of 6 staff units, shall be created within the Directorate for Oversight of Law Enforcement in the Internal Affairs Bodies of the Prosecutor General’s Office. Additionally, 44 staff positions shall be allocated to organize the work of its groups within the departments for supervision of law enforcement in the territorial and transport prosecutor’s offices;
(b) These units shall conduct prosecutorial supervision of the legality of the internal affairs bodies’ activities in investigating and solving cybercrimes;
(c) These units shall be formed using the existing staff of the Bureau of Compulsory Enforcement under the Prosecutor General’s Office and personnel involved in the operations of regional socio-economic development sectors.
15. The Prosecutor General’s Office (Samadov) shall, by July 1, 2025, take measures to train employees of the newly created cybercrime legality units (within the prosecution structure, as outlined in this Decree) through retraining courses at the Law Enforcement Academy.
16. The Ministry of Internal Affairs (Tashpulatov) shall:
(a) By September 1, 2025, launch a platform for electronic data exchange between the Ministry of Internal Affairs, the Prosecutor General’s Office, and the Central Bank, to ensure the prompt transfer of data and urgent action on incoming cybercrime-related reports;
(b) In cooperation with the Ministry of Foreign Affairs (Saidov), organize official business trips for cybersecurity unit staff to foreign countries to study international best practices and enhance their qualifications.
17. The Ministry of Foreign Affairs (Saidov), together with interested ministries and agencies, shall create an Interdepartmental Working Group and, within three months, ensure a comprehensive study of the issue of acceding to the European Union’s Budapest Convention on Cybercrime under defined conditions, and shall submit well-grounded proposals in this regard in accordance with the established procedure.
V. Scientific Approaches to Combating Cybercrime
18. To establish a Center for Assistance in Digital Investigations and the Fight Against Cybercrime within the structure of the Scientific Research Institute of Digital Forensics at the Law Enforcement Academy, with the following main areas of activity:
(a) Development of scientifically-based recommendations through the study of preliminary investigation documents, administrative offense cases, and criminal cases, and their implementation in legal practice to identify the causes and conditions leading to cybercrime;
(b) Development of scientifically-based proposals for identifying and resolving problems in the practice of solving and investigating cybercrimes;
(c) Providing scientific and methodological support to improve the effectiveness of investigative activities and the educational process in the area of cybercrime.
(a) Development of scientifically-based recommendations through the study of preliminary investigation documents, administrative offense cases, and criminal cases, and their implementation in legal practice to identify the causes and conditions leading to cybercrime;
(b) Development of scientifically-based proposals for identifying and resolving problems in the practice of solving and investigating cybercrimes;
(c) Providing scientific and methodological support to improve the effectiveness of investigative activities and the educational process in the area of cybercrime.
VI. Organization, Support, and Monitoring of Decree Implementation
19. To assign personal responsibility for the effective implementation of this Decree to Minister of Internal Affairs A.A. Tashpulatov and Chairman of the Central Bank T.A. Ishmetov.
20. To assign oversight of the implementation of this Decree to the Prime Minister of the Republic of Uzbekistan A.N. Aripov, the Secretary of the Security Council under the President of the Republic of Uzbekistan V.V. Makhmudov, and Advisor to the President of the Republic of Uzbekistan D.B. Kadirov.
20. To assign oversight of the implementation of this Decree to the Prime Minister of the Republic of Uzbekistan A.N. Aripov, the Secretary of the Security Council under the President of the Republic of Uzbekistan V.V. Makhmudov, and Advisor to the President of the Republic of Uzbekistan D.B. Kadirov.
President
of the Republic of Uzbekistan
Sh. Mirziyoyev
of the Republic of Uzbekistan
Sh. Mirziyoyev
National Legal Database (www.lex.uz), May 6, 2025 Translated by chatgpt