It is increasingly likely that one of the agencies that constitute the intelligence community in Croatia, the Security-Intelligence Agency (SOA), will become a new domestic regulator, the Sunday issue of the Jutarnji List daily reports.

Under a bill on cyber security, which was put to public consultation and received more than 100 comments in the process, SOA would be in charge of supervising the online protection of critical state infrastructure.

Logical at first sight, however, upon closer examination, it becomes evident that the state will list as “critical infrastructure” a large number of private companies as well.

IT expert Marko Rakar, the most vocal critic of this provision, says that SOA will thus become not only a supervising body but a regulator as well.

“Even if we disregard the fact that the mandate SOA is given under this bill is not in line with its legal role, a much bigger problem is the fact that an intelligence agency is in charge of things that, given their nature, should be regulated through a public and open process,” Rakar says.

Cyber protection is more like primary health care or road safety than issues of crime and intelligence activity which SOA usually deals with, he said.

“This law will make SOA, as a closed and non-transparent organisation, communicate with and deal with issues specific to thousands of legal entities with which it normally does not communicate, in ways that are in direct contravention of the foundations of intelligence activity,” Rakar said in the interview with Jutarnji List.