The Government Decree lays down the procedures for how information resources and copies of data will have to operate in cases of martial law, state of emergency, emergency situations or other crises.
Over the coming years, the State will categorise data into highly critical, critical, critical medium and low criticality, and diversify its storage in public and private data centres.
"State data must be protected in the same way as airspace, national borders or coastlines. From now on, we can not only strengthen the security of data, but also diversify where it is stored. This does not mean that, without these changes, data in Lithuania has been insecure until now. But in order to have a fully functioning digital state, it was necessary to specify that data should not only be stored, but that it should be accessible. This means that if unforeseen circumstances occur in a country, the digital state continues to function, digital services continue to function, and we are able to manage websites and provide services," says Aušrinė Armonaitė, the Minister of the Economy and Innovation.
According to her, Lithuania is one of the first countries in Europe to adopt amendments to the Law on Management of State Information Resources in May, thus introducing mandatory diversification of state-stored data. For example, the Estonian government has signed a "Digital Embassy" agreement, but its full functioning is still hampered by internal legal restrictions.
According to the Minister, the issue of data retention has become particularly acute since Russia attacked Ukraine, and is increasingly being discussed in other EU countries. For example, Poland has initiated a discussion on the issue of making the "Digital Embassy" mandatory at European level, with the participation of Lithuania and other supportive countries.
This requires a lot of preparation and human resources, as well as complex technical issues, both within ministries and subordinate bodies, which need to be resolved in order to be adequately prepared for the use of advanced technologies. Last year, only 21 institutions had consolidated their data, compared to 83 now, but it is estimated that there are still over 300 institutions whose infrastructure needs to be consolidated.
The model chosen is a hybrid one, i.e. some of the data will be stored in public data centres, but copies will be compulsorily stored outside the territory of Lithuania, at a safe distance, and will be the most sensitive data. State data centres may be operated by state-owned companies that meet certain national security requirements. The rest - less sensitive data - will be able to reside in private data centres or in the cloud.