A roundtable in Almaty on cryptographic protection of personal data in Kazakhstan brought together key industry representatives to discuss the user experience of available cryptographic solutions in the country. The event, titled "Cryptography and Personal Data: Advanced Practices and the Development of Local Solutions," was organized by the QAZTECH Alliance in collaboration with experts in information security and cryptographic data protection.
Participants included representatives from the Information Security Committee of the Ministry of Digital Development, Innovations and Aerospace Industry (MDDIAI RK), the National Bank of Kazakhstan (NBRK), the Agency for Regulation and Development of the Financial Market (ARDFM), and various financial organizations. Discussions focused on cybersecurity in the financial sector, advancements in cryptographic technologies, and the challenges of legislative regulation.
Key discussion points:
Particular emphasis was placed on cryptographic methods for securing information.
Evgeny Pitolin, co-chair of the Steering Committee for Information Security of QAZTECH Alliance, highlighted the importance of encryption:
"When a company uses encryption to protect its data, the risks associated with a potential data breach can be significantly reduced. Encrypted data leaks typically do not result in the same severe consequences as unprotected data, since attackers cannot access it without the decryption key. This reduces the likelihood of major fines and reputational damage for the company."
However, challenges remain. Vladimir Degtyarev, an independent cybersecurity expert, pointed out the high costs associated with encryption and data protection:
"Development challenges remain significant, as encryption continues to be a highly costly process for both businesses and the government."
Roundtable participants had divided views on current legislation. Some voiced concerns in the plenary discussion about negative user experiences with existing market offerings and legal gaps that hinder wider adoption of solutions, including international ones. Bankers who rely on international solutions emphasized their advantages—such as the expertise of major companies, their technological edge, and well-established methodologies based on global standards, which offer valuable practical insights. Meanwhile, other participants see the current regulations as transparent, well-defined, and comprehensive. They attribute the lack of available solutions in the market to insufficient investment in industry development and a pessimistic outlook from potential market players.
Experts agreed that without incentives for developing domestic technologies and stronger support for the scientific and technical base, innovation will progress slowly. Moreover, they emphasized that cybersecurity effectiveness depends not only on legal regulations but also on the quality of their administration. The market expects all industry players — from regulators to developers, to foster local expertise, improve awareness, and strengthen the practical skills of cryptography specialists in Kazakhstan.
Participants included representatives from the Information Security Committee of the Ministry of Digital Development, Innovations and Aerospace Industry (MDDIAI RK), the National Bank of Kazakhstan (NBRK), the Agency for Regulation and Development of the Financial Market (ARDFM), and various financial organizations. Discussions focused on cybersecurity in the financial sector, advancements in cryptographic technologies, and the challenges of legislative regulation.
Key discussion points:
- Fintech and regulatory sandboxes: Kazakhstan’s financial technology sector is evolving rapidly, supported by specialized regulatory sandboxes that allow for experimentation within unique legal frameworks;
- Information security: The fintech industry already operates under a reinforced security system, including FinCERT, its own industry-specific CIS, and additional government oversight. However, the burden on market players is increasing, as requirements for personal data protection and fraud prevention continue to tighten;
- Establishing a universal approach: Participants emphasized the need for consistent information security standards across all industries, not just fintech;
- Anticipated legislative initiatives: Two major initiatives - a law on digital activities and a digital code are expected to be adopted soon, helping to shape a modern legal framework for the digital economy, including fintech and personal data protection.
Particular emphasis was placed on cryptographic methods for securing information.
Evgeny Pitolin, co-chair of the Steering Committee for Information Security of QAZTECH Alliance, highlighted the importance of encryption:
"When a company uses encryption to protect its data, the risks associated with a potential data breach can be significantly reduced. Encrypted data leaks typically do not result in the same severe consequences as unprotected data, since attackers cannot access it without the decryption key. This reduces the likelihood of major fines and reputational damage for the company."
However, challenges remain. Vladimir Degtyarev, an independent cybersecurity expert, pointed out the high costs associated with encryption and data protection:
"Development challenges remain significant, as encryption continues to be a highly costly process for both businesses and the government."
Roundtable participants had divided views on current legislation. Some voiced concerns in the plenary discussion about negative user experiences with existing market offerings and legal gaps that hinder wider adoption of solutions, including international ones. Bankers who rely on international solutions emphasized their advantages—such as the expertise of major companies, their technological edge, and well-established methodologies based on global standards, which offer valuable practical insights. Meanwhile, other participants see the current regulations as transparent, well-defined, and comprehensive. They attribute the lack of available solutions in the market to insufficient investment in industry development and a pessimistic outlook from potential market players.
Experts agreed that without incentives for developing domestic technologies and stronger support for the scientific and technical base, innovation will progress slowly. Moreover, they emphasized that cybersecurity effectiveness depends not only on legal regulations but also on the quality of their administration. The market expects all industry players — from regulators to developers, to foster local expertise, improve awareness, and strengthen the practical skills of cryptography specialists in Kazakhstan.