Uzbekistan Approves Minimum Cybersecurity Requirements for Credit Bureaus

Tashkent, Uzbekistan (UzDaily.com) — The Ministry of Justice has registered the Regulation on Minimum Information Security and Cybersecurity Requirements for Credit Bureaus (registration number 3679, registered on 23 September 2025).

The document establishes mandatory minimum standards for information protection and cybersecurity within the information systems of credit bureaus. In particular, credit bureaus are required to establish a specialized service responsible for information security and cyber defense, as well as to develop an internal policy in this area, coordinated with the Central Bank.

The Central Bank maintains an information system rating that evaluates the level of information security and cybersecurity compliance in the operations of credit bureaus.

The regulation also mandates the implementation of a DLP (Data Loss Prevention) system to prevent unauthorized transfer and dissemination of data from information systems.