Cabinet has approved a bill to establish the National Cyber Security Regulatory Authority (NCSRA), the Ministry of Digital Economy announced on Wednesday.
Secretary to the Ministry of Digital Economy Waruna Sri Dhanapala said the Ministry and the Sri Lanka Computer Emergency Readiness Team (SLCERT) are working with the Legal Draftsman’s Department to finalise the drafting. He said the bill is expected to be ready for Parliament within two to three months.
The new authority is intended to give Sri Lanka a dedicated regulator for cyber-security policy, incident response and compliance — functions currently spread across SLCERT, the TRCSL and individual agencies.
The push comes as a string of high-profile breaches has exposed gaps in the country’s cyber defences. The Rs. 743 million Treasury phishing fraud targeting a foreign sovereign debt repayment, the Public Administration Ministry cyberattack, and the Department for Registration of Persons “fake website” misdirecting national identity card applicants have all surfaced in recent weeks.
A separate Digital Trust Alliance letter earlier this month from industry bodies urged the government to accelerate cyber-security governance reform.
The Ministry has not released the draft text or details of NCSRA’s powers, registration regimes or sectoral coverage. Those are expected to be made public when the bill is gazetted ahead of its first reading.
