On April 30, 2025, Presidential Resolution No. 153, titled “On Measures to Further Strengthen Activities to Combat Crimes Committed Using Information Technologies,” was signed in the Republic of Uzbekistan. The document outlines a comprehensive action plan encompassing regulatory, organizational, and preventive measures to ensure cybersecurity in the country.

Objectives and Context of the Resolution

Amid the rapid digitization of the economy and public life, Uzbekistan faces a surge in cybercrime. Fraudulent schemes, financial pyramids, the use of intermediaries (“droppers”), and other offenses involving information technologies pose significant challenges to the safety of citizens and the state. Presidential Resolution No. 153 addresses these threats, reflecting the authorities’ commitment to aligning legislation and state mechanisms with modern realities and advanced international practices.

The main objectives of the document are:

• Enhancing the regulatory framework for combating cybercrime.
• Strengthening accountability for banks, payment systems, and individuals for cybersecurity violations.
• Developing mechanisms for preventing and promptly investigating cybercrimes.
• Promoting cyber literacy among the population and fostering a culture of cyber hygiene.

Key Provisions of the Resolution

I. Enhancing the Regulatory Framework

A cornerstone of Presidential Resolution No. 153 is the development of a new law, “On Countering Crimes Committed Using Information Technologies.” The Ministry of Internal Affairs (MIA), in collaboration with other agencies, is tasked with drafting this law by the end of 2025, incorporating:

• Contemporary challenges and international best practices.
• Clear delineation of responsibilities among state bodies, banks, payment system operators, and payment organizations.
• Mechanisms for preventing and investigating cybercrimes.

Additionally, the MIA, State Security Service (SSS), General Prosecutor’s Office, and Central Bank proposed several measures, approved by the Resolution:

1. Introducing administrative and criminal liability for individuals providing their bank cards, SIM cards, or electronic wallets for cybercrime purposes (“droppers”).
2. Refining liability norms for non-compliance with cybersecurity requirements, including cases where no harm has occurred but violations pose potential risks.
3. Compensating material damages at the expense of banks and payment organizations if a cybercrime results from their failure to meet cybersecurity standards.
4. Strengthening penalties for crimes in the field of information technologies, including illicit fundraising and property acquisition.
5. Designating the use of information technologies as an aggravating circumstance in criminal offenses.

II. Mechanisms for Preventing Cybercrime

Presidential Resolution No. 153 introduces several preventive measures aimed at strengthening oversight and raising public awareness:

1. Publishing lists of violators. The MIA will monthly publish lists of banks and payment organizations where cybercrimes have occurred due to system vulnerabilities, increasing their accountability for cybersecurity compliance.
2. Transaction monitoring. The Central Bank will implement a system to monitor transactions of individuals and legal entities to detect signs of fraudulent schemes, such as financial pyramids, with prompt reporting to law enforcement.
3. Cyber literacy program. An annual comprehensive program to enhance public cyber culture, including cyber hygiene measures, will be approved, with strict oversight of its implementation.
4. Cyber Culture Month. November each year is designated as the “Cyber Culture Enhancement Month,” during which awareness campaigns will be conducted.
5. Targeted advertising. Targeted online and social media advertising campaigns will inform citizens about new cybercrime forms and methods.

III. Technical and Organizational Measures

The Central Bank and the Ministry of Digital Technologies are assigned tasks to be completed in 2025:

1. Data integration. By September 1, 2025, the Central Bank must complete the integration of transactions and other data from banks, payment system operators, and credit bureaus into a unified platform.
2. Anti-fraud systems. Centralized and localized anti-fraud systems, including session-based, transactional, and telecommunication solutions, will be implemented for banks and payment organizations.
3. Protection against fake calls. The Ministry of Digital Technologies will finalize the implementation of a system to restrict fraudulent calls by the end of 2025.
4. Control over minors’ accounts. The Central Bank will develop regulations for opening bank accounts and cards for minors and introduce a mechanism to notify parents of suspicious transactions involving their children.
5. Dropper registry. A registry of individuals providing their accounts for cybercrimes will be maintained.
6. Antivirus protection. Banks and payment organizations must integrate antivirus systems into their mobile applications and notify users of detected malicious software.

IV. Mechanisms for Investigating Cybercrimes

To ensure prompt responses to cybercrimes, Presidential Resolution No. 153 includes:

1. Blocking suspicious transactions. Within a month, the MIA and Central Bank will develop a system for swiftly blocking bank cards linked to suspicious transfers and sharing information with law enforcement.
2. Cybersecurity compliance checks. The state institution “Cybersecurity Center” will issue conclusions on cybersecurity compliance during investigations.
3. Specialized units. The General Prosecutor’s Office will establish a department to ensure legality in combating cybercrimes, with corresponding groups in regional prosecutor’s offices.

V. Scientific and Methodological Support

To enhance the effectiveness of cybercrime countermeasures, the Resolution provides for:

• Analyzing the causes and conditions of cybercrimes through the study of pre-investigation materials and criminal cases.
• Identifying challenges in cybercrime investigations and developing evidence-based recommendations to address them.
• Creating methodological materials to improve investigation efficiency and staff training.

VI. Oversight and Implementation

The Ministry of Internal Affairs and the Central Bank are responsible for implementing Presidential Resolution No. 153. Oversight is entrusted to the Government, the Security Council under the President, and the Presidential Administration.

Expected Outcomes

Presidential Resolution No. 153 is an ambitious plan designed to transform Uzbekistan’s approach to combating cybercrime. Expected outcomes include:

• A reduction in cybercrime through strengthened accountability and preventive measures.
• Increased public trust in digital services due to anti-fraud systems and transparent banking operations.
• Enhanced cyber culture among the population, minimizing fraud risks.
• Establishment of an effective coordination system among state bodies, banks, and law enforcement agencies.

Conclusion

Presidential Resolution No. 153, “On Measures to Further Strengthen Activities to Combat Crimes Committed Using Information Technologies,” underscores Uzbekistan’s commitment to addressing the challenges of the digital era. Its comprehensive approach, encompassing legislative, technical, and educational measures, aims to create a secure digital environment for citizens and businesses. Successful implementation will require coordinated efforts from all involved agencies and active public participation in improving cyber literacy. This step reaffirms Uzbekistan’s ambition to lead in cybersecurity within the region.

Source: National Database of Legislation of the Republic of Uzbekistan, https://lex.uz/ru/pdfs/7511168