TITLE: Ukraine Shifts to Proactive Cyber Defence Strategy with Legislative and Infrastructure Expansion
BODY:
On February 20, 2026, Oleksandr Potii, Chairman of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP), outlined Ukraine's strategic cybersecurity roadmap during a meeting of Cybersecurity Directors in Munich. The announcement marks a transition from reactive incident management to proactive risk mitigation across the country's digital infrastructure.
The SSSCIP has identified three strategic priorities for 2026. First, it will complete legislative reform by finalising 20 additional regulatory acts, building on Law No. 4336-IX and 13 government regulations adopted in 2025. This effort aims to increase Ukraine's implementation of the European Union's Network and Information Systems Directive 2 (NIS2 Directive) from 76 percent to 90 percent. Second, the Service will deploy a network of regional cyber protection centres within its territorial units. Two pilot centres are already operational, with each hub integrating a Computer Security Incident Response Team (CSIRT), a Security Operations Centre (SOC), and a training facility. A national threat data exchange platform will establish a "single-window" mechanism for information sharing. The SSSCIP has also launched a pilot national Domain Name System (DNS), enabling real-time oversight of domestic cyberspace. Third, the Service will enhance professional development through its CISO Campus, providing annual training for more than 500 executives and specialists, and its Qualification Centre, which will certify at least 300 professionals annually against official professional standards.
These initiatives reflect Ukraine's commitment to establishing a unified national cybersecurity architecture applicable to government agencies and critical infrastructure operators. The legislative and infrastructure developments will strengthen the country's defensive posture and standardise cybersecurity practices across all stakeholders.