Armenia: TMT

The definition of “technology” is not specified in Armenian legislation. Nor is there any specific legislation regulating “technology” as such (in general or particular). At the same time, specific areas of human interaction where technology is used are regulated, including some areas requiring a license or a permit to operate. This include, for example, the Law on electronic document and digital electronic signature that regulates the interaction with the state whenever an e-signature is to be used, including which ones will be permissible for the state.

In 2019 the Ministry of Communications and Transport was reorganised into the “Ministry of High-Tech Industry” (the Ministry). The Ministry’s main activities cover electronic communications, informatisation, information technology and information security, the post, cyber security, and others. The Ministry is tasked with implementing the policies in those sectors, including where necessary, by developing draft legislation and adopting sub-legislation.

In addition to that, regulatory bodies (including the Public Services Regulatory Commission, the Commission on Television and Radio, Central Bank, Civil Aviation Commission and others within their activities do regulate specific areas of technology (primarily electronic communications, use of radio frequency, as well as the use of technology in sector).

The Law “On Electronic Communication” from July 8, 2015 (the Law) regulates the owning and managing the communications networks (with emphasis on public telecommunications networks) and providing electronic communications services. The scope of regulation of the Law includes:

• the rights, duties and responsibilities of end users, operators of public electronic communications networks, providers of public electronic communications services, operators of private electronic communications networks and government bodies concerning the regulation of the electronic communications sector, as well as the creation, development, operation of electronic communications networks and the provision of electronic communications services,
• government supervision and control over the allocation and use of such limited resources as radio frequencies, satellite orbit segments and numbers.

The regulation of the Law covers the relations related to the public electronic communication network and activities in that network. At the same time, the Law curves out the private communications networks and networks operated by the Government.

The Law on audiovisual media regulates the provision of television and radio services and the ownership and use of relevant networks, radiofrequency, and tv slots, including the licensing of the private multiplex operators.

Relations with public electronic communication networks and public electronic communication services are regulated within the framework of the Law.

The Law differentiates between owning and operating the Public Electronic Communications Network (for which a license is necessary) and between providing Public Electronic Communications Network (without owning and operating its own network) for which a notification procedure is established.

Owning and using the public electronic communication network (the Network) is possible in the presence of a license. Relations related to the granting of the network usage license are regulated by the Law and the Law of August 8, 2001 “On Licensing”.

The Law defines an electronic communication network as a transmission system, and in appropriate cases, also connecting-disconnecting or routing equipment and other resources that allow transmitting signals (signals) by cable, radio, optical or other electromagnetic means, including satellite network, fixed network and terrestrial mobile communication network, electric power line systems so that they are used for the transmission of signals, regardless of the type of information transmitted. The Law further clarifies that the network will be public if it is used to provide services to a broader public, practically undefined group of individuals or companies (the definition of Public Electronic Communications Service is below in this question).

The Public Services Regulatory Commission of the Republic of Armenia (the PSRC) is the regulatory body issuing the license to use the Network. The public electronic communication network owner is obliged to operate that network.

It is possible to obtain a license to use the network in two procedures, without public bidding (where no limited resources are used) and with public bidding.

The application is submitted to the regulatory body applying for a license to use the network: the business plan, the technical project of the public electronic communication network developed by the applicant or the licensee, and the document certifying the payment of the application fee are also attached to the application. The data presented in the application is public, except for cases where the applicant justifies that some information is a commercial secret, in which case the specified information is not published.

Applications for a license to use the network are approved or rejected by the PSRC within 23 working days after applying.

To obtain a Network license through public bidding, the Regulatory body publishes the requirements for the application, and applications and applications are accepted within 90 days from the date of publication of the said rules.

Within ten days after the deadline for submission of bids, the Regulatory body is obliged to publish preliminary data about the highest bid and qualified applicant who won the license and/or permit according to the initial data.

The regulatory body is obliged to give unsuccessful applicants the opportunity to appeal the initial decision on selecting the winner within four weeks. As a result of examining the submitted complaints, the Regulatory body may alter the initial decision on selecting the winner. The regulatory body is obliged to grant the final license and/or permit after the selected winner has paid the amount specified in the application within six weeks of announcing the preliminary decision. If the selected winner does not pay the amount specified in the initial bid, then the Regulatory body is obliged to declare the selected winner to the bidder who submitted the next highest bid.

As indicated above, for the provision of public electronic communications services without owning a network, a notification procedure is in place. Public electronic communication service is a service provided for compensation, which consists in whole or in part of the transmission of signals through electronic communication networks, and in appropriate cases, the direction of signals, but does not include the services providing or implementing editorial control over the content transmitted through electronic communication networks (the electronic communications service), which is offered to the public or to such groups of end-users as to make it essentially directly available to the public.

Before providing public electronic communication services, the person is obliged to notify the Regulatory body in writing about the start of the activity if the provision of services by him does not require possession and operation of electronic communication. The activity can begin five working days after the notification is submitted to the Regulatory body. The notification must include information about the person submitting the notification, in particular, the state registration number or registration number and location, a brief description of the type of services according to the classification adopted by the Regulatory body, the geographical area of activity, the planned date of starting the activity.

If it is necessary to use a limited resource to provide public electronic communication services, then the activity can be carried out after the authorisation for the limited resource has become effective, and the notification has been implemented. Radio frequencies, satellite orbit segments and numbers are considered limited resources. Authorisation for the use of radio frequencies is granted by the Regulatory body.

In addition to the abovementioned regulations, the provision of services in the audiovisual sector (effectively Television and Radio) sector is regulated by the Law “On Audiovisual Media”.

The Law “On Audiovisual Media” regulates the status of audiovisual media service providers and operators and governs the procedure of authorisation, licensing, and submitting notifications.

The scope of the Law “On Audiovisual Media” shall extend to (1) audiovisual media service providers; (2) operators; (3) audiovisual program distributors; (4) state regulatory body; (5) body ensuring regulation of the activities of and exercising control over the audiovisual media service providers in the Republic of Armenia.

This Law “On Audiovisual Media” shall not extend (except for the activities of network operators (including OTT operators)) to additional audiovisual or textual information (interactive television) broadcast in parallel with audiovisual products or as part of audiovisual products or available through audiovisual products.

Within the meaning of the Law “On Audiovisual Media”, an audiovisual media service provider is considered to be an organisation founded by the Republic of Armenia or a natural or legal person authorised by the state regulatory body, which prepares audiovisual information and presents it to the consumer and bears editorial responsibility for the content of audiovisual products.

Let’s provide some additional information separately about authorisation, licensing and notices.

To obtain the status of a broadcaster (authorisation), a person submits an application to the Commission on Television and Radio (the Commission). The Commission shall approve the application within ten days after receiving it if all the information mentioned in the application (applicant’s name, registration/registration number, address, telephone number, email, name of the audiovisual program, date of submission of the application and signature) are filled.

Broadcasters participate in the tender announced by the Commission for the use of the public multiplex slot. A competition is announced in the event of a free or new slot. It is possible to get a slot in a public multiplex and carry out the broadcast in the territory of the republic, capital or region. The license is granted for a period of seven years.

In case of a free frequency in a private multiplex, the Commission announces a tender. Applications are accepted within six months. After the expiration of the term, the submitted committee sends the project of creating a multiplex network for examination. If a conclusion is not provided within two months, it is considered that a positive conclusion has been issued. Based on the expert group’s conclusion, within a month, the Commission decides on the issue of issuing a license.

A person submits an application to the Commission for the licensing of network operator activity. The Commission makes a decision on issuing a license within thirty days after receiving the application.

The Law on Audiovisual Media defines cases that do not require licensing. In particular, this activity includes (1) Network broadcasting limited to the building and territory belonging to the natural persons and legal entity, (2) The activities of non-linear broadcasters, i.e. the activities in which the provision of the opportunity to watch at the time chosen by the consumer according to the demand of the individual consumer, (3) From the moment of carrying out activities of the distributor, if the distributor notifies the Commission about carrying out such activities.

The regulation of communication-related services is carried out by the RA Government’s authorised state government body, the RA Ministry of High-Tech Industry (Competent body) and the RA Public Services Regulatory Commission (Regulator). In relation to audiovisual media, the authorised body is the Commission on Television and Radio.

The Law separates the functions of the Competent body and the Regulator. The functions of the Regulator are aimed at the regulation of the sector, creation of competitive conditions, provision of certain conformity of the provided services in terms of quality and other requirements, etc. The function of the Competent Authority is the development of state policies and their implementation and the implementation of other functions aimed at ensuring the implementation of state functions.

The Commission on Television and Radio ensures the freedom, independence and diversity of mass media being broadcast, supervises over the activities of broadcasters, operators and audiovisual programming distributors.

The Competent body, the RA Ministry of High-Tech Industry, is an authorised body of the RA government and operates within the structure of the RA government and is part of the Government. However, their functions within the regulatory framework are limited but still present (they are responsible for policy development; however, they are also engaged in Radiofrequency management/distribution and merger and takeover control procedures).

The Regulatory body, the RA Public Services Regulatory Commission, is an autonomous state body established based on the RA law “On the Public Services Regulatory Body”, with quasi-constitutional status. The regulatory body is independent in exercising its powers. The regulatory body adopts the decisions made by it on the basis of the principle of independence with a collegial structure. The independence of the regulatory body is ensured by establishing a number of legislative guarantees: independence and autonomy of the position of the commission member, exclusion of responsibility due to the exercise of powers by the commission member (except for an act with elements of criminal or administrative responsibility), immunity of the commission member, obligation to implement the decision made by the Commission, etc.

The Commission on Television and Radio is an independent state body; the basic principles of its formation and operation are defined by the Constitution of RA. The Commission is independent in exercising its powers. The Commission shall carry out its activities on the basis of the principles of legitimacy, democracy, equality, impartiality, independence, collegiality and publicity.

The Law “On Audiovisual Media” covers the activities relating to the OTT operator. As such, the activities of OTT operators are regulated by the Law “On Audiovisual Media”, and the regulations related to the activities of operators are applicable to the OTT operators. As such OTT operators are considered to be audiovisual information distributors who make these distributions through infrastructures of network operators or the Internet.

No. The Law “On Audiovisual Media” applies to operators operating in the Republic of Armenia. Within the meaning of the Law “On Audiovisual Media”, an operator shall be considered to be operating in the Republic of Armenia where it uses a station located in the territory of the Republic of Armenia for satellite signal, frequencies under the disposal of the Republic of Armenia or an Internet connection being provided in the territory of the Republic of Armenia.

No, Armenian legislation does not expressly provide that only Armenian Companies may be authorised for the provision of telecommunication networks or services.

No. Under the RA legislation there are no foreign ownership restrictions with regard to telecom operators. Moreover, according to the RA Law on Electronic Communications, the Regulator may not refuse an applicant qualified for granting a licence or authorisation solely on the ground that the latter is wholly or partially owned by a national of a foreign state or by an undertaking created under the laws of a foreign state. As a matter of principle, foreign entities that provide telecom services in RA need to follow the same authorisation procedures provided for Armenian entities.

Yes, interconnection between operators is regulated by Chapter 6 of the RA Law on Electronic Communications. According to the Article 33(1) of the Law each operator shall be obliged to interconnect, upon request, its public electronic communications network with the public electronic communications network of another operator. The Law also defines the principles upon which the interconnection must be granted. In particular, according to the Article 33(2) of the Law the operator shall be obliged to grant interconnection in accordance with the following principles:

1. “any-to-any” interconnection must be granted in such a manner so as to enable all customers of each public electronic communications network to communicate with all 27 customers of other public electronic communications networks or to obtain services from  other networks;
2. “point-to-point” interconnection must be maintained in such a manner so as to enable the delivery of public electronic communications services to any customer of one network by the operator of another network;
3. interconnecting operators shall be equally liable for the provision of interconnection in reasonable time limits.

In the meaning of the RA Law on Electronic Communications the Dominant operator is an operator identified by the Regulator as occupying a dominant position in the operation of public electronic communications networks.

In addition to general requirements for interconnections the RA Law on Electronic Communications (Article 36) provides for specific obligations for operators having significant market power. In particular, the dominant operators have the following additional obligations:

• Requirement of non-discrimination in relation to interconnection and/or access.
• Requirement of transparency in regard to technical conditions of interconnection as well as the  number and location of interconnection points;
• Price-control and cost accounting obligation;
• Obligations to meet reasonable requests from the Regulator for access and use of the network.

RA Law on Electronic Communications provides a number of key principles for consumers of telecom services, such as provision of services without discrimination, the principle of data anonymisation, etc. Also, according to the Law in case of service interruption caused by an operator or service provider, such operator or service provider shall be obliged to restore the service provided to a subscriber within two days after the elimination of the cause of interruption. In addition, every operator or service provider shall be obliged to maintain and staff at least one operational office in each geographic area defined by the Regulator, where it operates a public electronic communications network or provides public electronic communications services, so as such offices provide information relating to services and tariffs, accept and grant applications for service, explain charges on customer bills and adjust charges accrued with errors. Copies of tariffs as well as maps showing geographical zones and the tariffs applicable thereto shall be accessible at any operational office of a dominant operator or dominant service provider.

As a principle of consumer protection the Law also provides that tariffs for a public electronic communications service shall be just and reasonable. Any tariff that is unjust or unreasonable shall be deemed unlawful.

In RA legislation computer software is protected through the regime of copyrights. Therefore, the protections granted to creators of computer software are those of copyright law. RA legislation distinguishes property and personal non-property rights of the author/developer of intellectual property. RA legislation vested the author with the following personal non-property rights over the work: (1) the right to be declared as the author of the work (right of authorship); (2) the right to use or permit such use of the work under his or her name, fictitious name, or anonymously (right to the author’s name); (3) the right to protect the work from possible distortions, amendments or other encroachments impairing reputation or dignity of the author (right of an author to reputation and dignity); (4) the right of initial publication in any form of the work or reservation of that right to another person (right to publication). It is important to highlight that only property rights of the author/developer are transferable and can be subject to licenses and assignments. In RA, protection over creative works as software is granted since the moment of the creation, and registration is not required for its protection.

In RA legislation databases are considered to be an intellectual property and are eligible for protection under RA copyright law.

The protection of personal data is recognised as a fundamental right under Article 34 of the Constitution of the Republic of Armenia. RA Law on Protection of Personal Law the main legislative instrument that specifies the principles and procedures concerning the processing and protection of personal data. Under the Law of Armenia on protection of personal data a processor must:

• Provide the data subject or Personal Data Protection Agency (PDPA) with information about the personal data processing on request;
• Carry out necessary operations for making personal data complete, keeping up to date, rectifying or deleting incomplete, inaccurate, outdated, or unlawfully obtained personal data or data that is unnecessary to achieve the processing’s purposes;
• Delete or block personal data that is not necessary for achieving the processing’s legitimate purposes;
• Use encryption keys and other appropriate technical and organisational measures,
• Prevent unauthorised access to processing technologies and ensure that only lawful users access processed data;
• Maintain the confidentiality of personal data processed to perform official or employment duties, including after processing is complete;
• Block personal data until control activities are complete, if the data subject or the PDPA challenge the processing’s reliability or lawfulness;
• Correct personal data and unblock it in accordance with information the data subject or PDPA submits, if it is confirmed that personal data is inaccurate;
• Address and correct data protection rule violations if unlawful processing operations are revealed or delete unlawfully processed personal data if it is impossible to correct violations,
• Terminate personal data processing when the processing’s purpose is achieved, unless otherwise required by Law.

RA Law on the protection of Personal Data allows processors to transfer personal data to third countries where either:

• The data subject has consented to the transfer.
• The transfer is necessary to implement the processing’s purpose, for example, to perform a contract with the data subject. (Article 27(1), Data Protection Law.)

To transfer personal data to a third country, the processor must obtain the Personal Data Protection Agency’s (PDPA’s) permission. The PDPA will grant permission if it considers the data transfer agreement to ensure an adequate protection of personal data. (Article 27(3), Data Protection Law.) The PDPA’s permission is not required if a processor transfers personal data to a country that ensures an adequate level of protection of personal data. An adequate level of protection is presumed where personal data is transferred either:

• In compliance with international agreements.
• To a country included in a list (in Armenian) officially published by the PDPA. (Article 27(4) and (5), Data Protection Law.)

The Data Protection Law does not distinguish between cross-border data transfers within the same group of companies or to a third company. Therefore, the above rules apply in both scenarios. Personal data held by state bodies can be transferred to foreign state bodies only under interstate agreements. Transfers to foreign non-state bodies must comply with the above rules. (Article 27(6), Data Protection Law).

Non-compliance with data protection laws may lead to either:

• Administrative sanctions for infringements that are not subject to criminal liability. Fines vary depending on the rule violated. The highest fine is AMD500,000 for violating the rules on destroying or blocking personal data.
• Criminal sanctions, including:
  • monetary penalties from AMD200,000 to AMD500,000;
  • or imprisonment for one to two months.

The RA Law “On Protection of Personal Data” with its principles and regulations is a reflection of the GDPR. There are no regulations in the Law that are over the regulations and principles of the GDPR.

Currently, no specific restrictions apply to cloud-based services. In the absence of a specific legislative framework, the provisions of RA Law on Protection of Personal Data will govern cloud-related practices.

Relations related to electronic signatures are regulated by the Law of December 14, 2004 “On Electronic Document and Electronic Digital Signature”.

There is no separate requirement for the validity of the electronic signature as such. However, the authenticity of the digital signature is verified by the signature certificate issued by the certification center. If the verification data of the electronic digital signature does not match the data of the certificate, the document with that signature is not accepted. With the certificate, they check the identity of the signer, the authenticity of the signature, belonging to the signer.

No. Such transfer is not automatic. They should be provided and regulated by the respective outsourcing agreement.

As such, there is no separate provision on the responsibility of artificial intelligence, there is still no approach to what artificial intelligence is. object, subject or other of civil Law. The computer program is the subject of copyright and is protected by copyright. The right holder is responsible in relation to the computer program.

As a general rule, damage caused to the person or property of a citizen, as well as to the property of a legal entity, is fully subject to compensation by the person who caused it. In other words, responsibility is borne by the subjects of civil Law.

In matters related to responsibility related to computer programs, we believe that the subject of assessment will be the fact that it is reflected in any object or not. If the computer program is used in the machine, then the regulations related to the source of the risk will be applied in matters related to liability and compensation of damage, if in the product, then the regulations related to the damage caused by the products. In other situations, the issue of the responsible entity is also not clearly settled. The seller, the right holder, and the author can act as such.

(a) obligations as to the maintenance of cybersecurity

Cybersecurity as a means of protection against digital attacks does not have a separate legal regulation. Relations related to data protection of civil law subjects are regulated by various legal acts. For example, the RA Law “On Protection of Personal Data” is applicable to the relations related to the protection of personal data, the protection of the data of clients of electronic services is carried out by the RA Law “On Electronic Communication”, etc. However, ensuring cybersecurity is one of the measures of the RA defense organisation.

Cyber​​security is one of the fundamental conditions of digitalisation according to the decision of the RA government on February 11, 2021 N-183-L on approving the digitalisation strategy of Armenia, the program of strategy measures and the result indicators.

(b) the criminality of hacking/DDOS attacks?

The RA Criminal Code adopted on May 5, 2021 and entered into force on July 1, 2022 criminalised a number of acts. A separate chapter (Chapter 38) criminalised crimes against computer system and computer data security. Computer theft (Article 257 of the Criminal Code), which was included in the “thefts” chapter, is not included in the mentioned chapter. The following acts were criminalised under the heading of crimes against computer system and computer data security: Penetrating a computer, computer system or computer network – Article 359 of the Criminal Code,  Changing computer data – Article 360 of the Criminal Code, Computer sabotage – Article 361 of the Criminal Code, Illegal interception or possession of computer data – Article 362 of the Criminal Code, Illegal circulation of special software or tools – Article 363 of the Criminal Code, Computer fraud – Article 364 of the Criminal Code, Violating the rules or requirements for operating a computer, computer system or computer network – Article 365 of the Criminal Code.