BiH’s information and communication technology (ICT) sector has consistently grown over the past three years. The gross value added by the ICT sector as a percentage of national GDP increased from 4.41% in 2021 to 4.56% in 2022 (BHAS, 2022[1]). According to the Development Strategy 2021-27 of the Federation of Bosnia and Herzegovina (FBiH), the information technology (IT) sector in the FBiH generates nearly six times higher profit (560%) than the economy average while using only half the resources (with business asset per employee amounting to 49% of the economy average) (FZZPR, 2021[2]). However, the industry’s growth is hindered by a lack of talent, as mismatches between ICT graduate skills and industry needs persist alongside ongoing brain drain, with no systematic measures introduced thus far to address these issues effectively.

In 2023, the share of households with Internet access increased to 81.6% from 75.9% in 2022 (BHAS, 2023[3]). This growth indicates that while Internet penetration is still trailing the EU average of 93.1% (Eurostat, 2024[4]), the gap is narrowing rapidly. However, despite increased Internet adoption and advancements in public administration digitalisation, BiH still lags behind in its digital transition. Within the economy’s complex institutional landscape, establishing a robust legislative framework for digital society development remains pending despite commitments to align with the EU acquis. Moreover, even in areas where legal frameworks have improved, such as digital government and digital business, implementation often falls short, failing to achieve the main objectives of the reforms.

Broadband infrastructure development in BiH has seen significant growth in the past three years, primarily driven by investments from telecommunication operators, with a general vision provided by the Electronic Communications Sector Policy 2017-21, which has yet to be updated. The Policy’s goals included the development of high-speed connectivity and rural broadband infrastructure to ensure access for the entire population. Fixed broadband subscriptions have increased from 24.4% in 2021 to 27.1% in 2022 (CRA, 2023[5]), marking the third-highest penetration rate in the Western Balkan region, following Montenegro (31.3%) and Serbia (29.3%) (ITU DataHub, 2023[6]), but are still behind the EU average of 34.90%. Moreover, fibre subscriptions accounted for 8.27% of total subscriptions in 2022 and rose to 12% in 2023 (BHAS, 2023[7]), which is slightly below the OECD average of 13.16% (OECD, 2024[8]). On the other hand, the delayed development of 4G networks, launched in April 2019, has negatively affected the share of mobile broadband subscriptions, which amounted to 64.44% in 2022 (CRA, 2023[5]), the lowest in the WB6 region and significantly below the EU (118.30%) and OECD (115.62%) averages (Figure 11.1). Nevertheless, there has been a strong positive trend, with mobile broadband penetration increasing by 14.6% since 2021 and 29.41% since 2020 (BHAS, 2023[9]).

The absence of an actionable nationwide broadband development plan has left broadband development primarily driven by commercial interests, resulting in underdeveloped rural network infrastructure in areas with insufficient demand to justify investment costs. Additionally, an outdated legal framework and a lack of measures at different government levels aimed at reducing administrative burdens and costs associated with construction permits further discourage network investments. The BiH Ministry of Communications and Transport has prepared a draft Broadband Development Framework Strategy in Bosnia and Herzegovina for 2023-27 with an Action Plan, which was discussed with competent ministries at the entity level. Although the strategy was published for public consultations in July 2023, it remains a draft document with no budgetary provisions and an uncertain adoption time frame. The strategy sets targets for improved high-speed fixed and ultra-fast broadband access for households, along with 4G/long-term evolution coverage for the entire territory and 5G coverage for most of the population and main travel routes within BiH. However, it does not outline gigabit connectivity targets for key socio-economic drivers, such as schools, universities, public buildings or hospitals. Furthermore, the strategy does not outline specific measures for increasing the resilience of broadband infrastructure. Nevertheless, it plans to release the 5G spectrum by October 2025 and implement broadband infrastructure mapping. Challenges remain in comprehensive broadband resource mapping, including the voluntary sharing of information from local administrations responsible for issuing construction permits and verifying works.

The communications regulatory framework in BiH, established in 2003, is outdated and has seen limited progress in adapting to the rapid evolution of electronic communications and associated challenges over the past three years. A draft of the new Law on Electronic Communications, aimed at aligning with the European Electronic Communications Code (EECC), is in its early stages of preparation, with an uncertain timeline for adoption. Significant reforms within the electronic communications regulatory framework will be required, including developing accompanying regulations for the new law and harmonising legacy legislation related to administrative procedures for construction works at the local government level. These reforms extend beyond the jurisdiction of the Communications Regulatory Agency of BiH (CRA) and state-level institutions, necessitating collaboration with entity-level governments and local administrations. Given the complexity of the government structure and jurisdictional issues in BiH, adopting legislation to mitigate administrative costs and streamline the issuance of permits for telecommunications network infrastructure construction is particularly challenging. This also explains the framework’s misalignment with the EU Broadband Cost Reduction Directive.2 Similar challenges delayed the launch of 4G services until 2019, making BiH the last economy in the Western Balkan region to allocate 4G spectrum licences. Currently assigned spectrum includes radio frequency (RF) band frequencies enabling operators to deploy 5G technologies; however, while operators have announced their intention to prepare rollout plans, this rollout is still pending.

Relevant 5G regulations from the CRA are also pending, including guidelines for electromagnetic field (EMF) limit levels (ITU, 2023[13]). The CRA continues to regulate the existing telecommunications market through annual and mid-term regulatory policy work plans, monitoring market development, collecting data and publishing relevant reports. Additionally, it is implementing a technical assistance programme with support from the International Telecommunication Union (ITU) for the establishment and management of a national broadband mapping system (ITU, 2023[13]). However, the CRA’s political and financial independence is yet to be ensured, with the members of its Council operating without a renewed mandate since 2018. Furthermore, as of early 2024, the CRA has not yet published its annual report of activities for 2022 on its official website, unlike previous years. The application of Regulatory Impact Assessments also remains inconsistent (SIGMA, 2022[14]).

BiH is in the nascent stages of data accessibility and openness, with policy implementation showing little progress over the past three years. As of early 2024, the economy lacks an open data portal at any level of the government, and only a limited amount of public sector data is sporadically published on individual institutions' websites. In 2023, the EU Open Data Maturity report ranked BiH last among 35 monitored countries, with particularly low scores in open data governance, quality, and portal development. Most concerning was the significant decrease in BiH’s score compared to the 2022 report (Page M., 2023[15]). Despite the adoption of the Strategic Framework for Public Administration Reform in BiH 2018-22 and its Action Plan by all levels of the government of BiH in December 2020 – aimed at fostering transparency and accountability, access to public sector data, and government openness – implementation has faltered due to the lack of political will.

The BiH Open Government Partnership (OGP) Action Plans also include commitments to data openness. The 2022-24 Action Plan outlines the development of an open data portal, building on activities from the previous Action Plan. However, these commitments only target state-level institutions, as entity-level governments operate autonomously. Unfortunately, the political crisis in 2022 further hindered progress, affecting the adoption of the 2022-24 Action Plan (OGP, 2023[16]). Similarly, the government of the Republika Srpska (RS) entity has included proactive data publishing in its e‑Government strategy. Still, the lack of budget allocation for specific activities leaves those initiatives promoting data openness heavily reliant on external donors. On the other hand, the General Secretariat of the FBiH Government started to prepare a draft document on an open government initiative that included the establishment of an entity-level open data portal, which is still pending. Moreover, the legal framework for data accessibility is not aligned with EU legislation, including the Open Data Directive3 and the Data Governance Act.4 Proactive transparency is not mandated by law, and no regulations outline specific obligations for public sector institutions to publish their data in open, machine-readable formats with suitable licences to promote data reuse for new applications. Additionally, BiH lacks uniform legislation on data governance applicable to all public sector institutions.

BiH has made limited progress in digital government development since 2021. Despite adopting the Strategic Framework for Public Administration Reform (PAR) in BiH 2018-22 and its Action Plan, the development of seamless e-government services for citizens and businesses across the entire territory has stagnated. Although the Interoperability Framework of BiH was adopted in 2018, alignment with the EU Interoperability Framework and establishing a national interoperability platform for nationwide data exchange among public sector institutions are still pending. The absence of this platform presents significant challenges for implementing the envisaged “once only” principle in digital service delivery. Moreover, complete alignment with the EU electronic Identification, Authentication and Trust Services (eIDAS)5 Regulation on e-identification and trust services has yet to be achieved, as BiH has not established a single supervisory body for the entire territory (European Commission, 2023[17]). Since April 2022, the Agency for Identification Documents, Registers and Data Exchange of BiH (IDDEEA) has been qualified to issue eIDAS-compliant (Electronic Identification, Authentication and Trust Services) electronic signatures for legal transactions in BiH state-level institutions and abroad (GIZ, 2024[18]).6 On the other hand, the RS Government has also established a service in the line ministry7 for issuing qualified electronic certificates (e‑signatures) based on smart cards. However, the application and use of e-signatures and e-documents in BiH remain very limited due to legacy legislation and lack of legal harmonisation across different levels of administration. The absence of a functional nationwide digital identity scheme hampers the development of high-quality, fully transactional e-services and limits the efficiency of government functions. It also impedes the development of cross-border digital services in collaboration with neighbouring economies and EU Member States.

BiH lacks a national e-government services portal, and service digitalisation is slow and uneven among state and entity-level institutions. Although some progress has been made in customs and tax services, challenges still need to be addressed due to the low integration of digital technologies in the public sector and insufficient digital skills among public servants to manage digital transformation and e-service delivery (SIGMA, 2022[14]). Despite the appointment of PAR Co-ordinators in 2021, the implementation of the PAR has encountered significant challenges, with only 14% of outlined activities implemented since its adoption in December 2020 (European Commission, 2023[17]). Most public registers are not digitalised, and public sector information systems are underdeveloped. Additionally, digital government infrastructure, such as an e-payments system, a national Data Centre or a national government cloud infrastructure, has yet to be established. BiH institutions offer some scattered e-services of an informative nature, and the Council of Ministers of BiH publishes a catalogue of these services. Notable progress has been made in the development of the public e-Procurement portal.8

At the entity level, RS is implementing its own e-Government Development Strategy 2019-22 through annual activity plans with numerous ongoing projects, some of which are co-financed by the international donor community. The eSrpska, the entity’s e-government portal, provides only informative services, with "e-baby" being the first service of its kind developed according to the life-event approach. Additionally, the RS Government established the Academy for Digital Transformation to strengthen the capacities of public sector officials and civil servants engaged in digital transformation projects. On the other hand, the government of FBiH has adopted a decision on implementing the interoperability framework and a Development Strategy of FBiH for 2021-27, outlining measures for government digitalisation, including establishing an e-government portal. However, interoperability and the use of electronic documents are significantly hindered by legacy legislation at the different administrative levels of FBiH, which urgently requires harmonisation with digital government legislation.

BiH’s progress in digital business development across different levels of administration is uneven. In general, SMEs are unaware of the benefits of digitalisation and face challenges with funding investment in digitalisation (ITU, 2023[13]). At the state level, despite the vision outlined in the Policy of the Information Society Development 2017-21 aiming to establish a digital single market, actionable measures have not been outlined. The economy has not adopted a nationwide programme to support e-business and e-commerce or provide financial support for digitalisation. Despite limited institutional support, companies’ engagement in online sales,9 propelled by the COVID-19 pandemic, has grown from 23.5% in 2021 (BHAS, 2022[19]) to 27.0% in 2022 (BHAS, 2023[20]), positioning BiH as a high performer among Western Balkan economies. In 2022, 88.5% of enterprises connected to the Internet with speeds of at least 30 Mbps (megabits per second) and 32.3% with speeds above 100 Mbps (BHAS, 2022[21]). Notably, in 2023, 20.7% of enterprises utilised cloud services, only 6.6% engaged in extensive data analysis, and 5.4% utilised AI technology (BHAS, 2023[20]). Furthermore, according to the Statistical Agency of BiH, the share of enterprises employing ICT experts rose from 13.4% in 2021 to 17.6% in 2022 (BHAS, 2023[20]). Additionally, over half of all enterprises provided IT expert training to their employees, indicating a significant disparity between workforce skills and labour market needs. Electronic business registration is only possible in RS and the Brčko District; it lacks interoperability with registers beyond their territorial jurisdiction. This lack hampers service delivery and negatively impacts businesses operating across the territory of BiH. The digitalisation of businesses and workforce capacity building relies heavily on international donor financing,10 EU-funded projects, and initiatives from Chambers of Commerce and business associations. One such association is the BIT Alliance, which supports the development of the IT industry. Digital Innovation Hubs are slowly emerging in BiH with donor support11 to facilitate the digital transformation of businesses and could benefit from successful examples in the region (Box 11.1).

The RS Government has supported business digitalisation through programmes co‑financing SME adoption of Information and Communication Technologies (ICTs) since 2021. However, the allocated funds for these programmes are relatively modest, resulting in fewer SME beneficiaries. Additionally, the RS Government has adopted legislation incentivising direct investments in new technologies and the ICT sector, recognising it as an industry of particular importance. Further support to SMEs is provided by the RS Chamber of Commerce and Industry through workshops, donor-funded projects and educational activities, including the Digitalisation Centre for consulting services. However, no assessments are conducted to review the extent to which these initiatives have achieved any measurable impact. In terms of supporting SMEs’ innovation activities and start-ups in RS, support is provided by the Innovation Centre Banja Luka and its IDEMO [“Let’s Go”] Digital Innovation Hub. In the FBiH, programmes financing SME digitalisation have yet to be planned by the entity’s government. The ICT sector benefits from the INTERA (Foundation for Innovation and Technology Development) Technology Park in Mostar and the BIT Centar in Tuzla, an ICT start-up incubator and ICT training centre that helps SMEs grow and innovate.

BiH has yet to establish a framework governing emerging digital technologies, including artificial intelligence (AI), blockchain, the Internet of Things and possibly other technologies. However, entity-level governments have begun integrating AI and other emerging digital technologies into their policy documents. The FBiH Government has adopted the Development Strategy 2021-27, which identifies AI technology as a tool for the digitalisation of the economy. The Strategy outlines a development for AI, identifying the areas with the strongest potential for its innovative application, including pubic administration, while considering its effect on social and societal issues. The strategy also foresees establishing an institute that promotes AI development and creates a relevant ecosystem in FBiH. Additionally, the RS Government has included some preliminary considerations in its draft Science & Technology, Higher Education and Information Society Development Strategy 2023-29 under preparation, encouraging the use of technologies like AI, big data and cloud technologies for business digitalisation, and also highlighting the need to monitor the degree of their application by companies in all sectors.

BiH has yet to prioritise measures to ensure digital inclusion for the vulnerable. Despite the Policy for Information Society Development 2017-21 emphasising the importance of developing digital skills, tangible action to improve digital literacy and access to digital technologies has been lacking at all levels of government. Instead, there has been a heavy reliance on donor initiatives. Furthermore, the BiH Government has not updated its non-obligatory guidelines for the websites of BiH state institutions since 2009 to ensure compliance with the relevant EU Directive12 and international standards on web content accessibility. Regulations for website accessibility are also lacking at the entity level. Nevertheless, BiH state government websites comply well with the Web Content Accessibility Guidelines 2.0 standard. (SIGMA, 2022[14]). Similarly, integrating accessibility requirements for ICT products and services into public procurement processes has yet to be realised.

Information society challenges for BiH include inequalities in online engagement and ICT utilisation due to age, gender, location and ethnicity. This marginalises people with disabilities, senior citizens, Roma populations, people in rural areas, and women. In 2023, only 30.08% of individuals in BiH reported having basic digital skills or higher, which is significantly lower than the EU average of 55.56%. However, it ranks third-highest in the WB6 region after Montenegro (52.02%) and Serbia (33.61%) (Eurostat, 2024[23]). However, within the age group 55-74, only 6.91% of men and 3.91% of women have basic digital skills or higher, highlighting significant age and gender disparities. Although Internet usage was gender-balanced in 2022 (80.8% of men and 77% of women), it decreased significantly with age, with only 31.9% of men and 33.2% of women aged 65-74 using the Internet (BHAS, 2022[21]).

Moreover, despite a decrease in individuals who never used the Internet – a drop from 20.3% in 2021 to 14.28% in 2023 – this figure remains higher than in most WB6 economies and the EU average of 5.97% (BHAS, 2021[24]; Eurostat, 2024[25]). It is also alarming that 30.24% of schools13 in BiH territory lack Internet connection, affecting nearly 14 000 children (UNICEF, 2023[26]). Additionally, women represent only 23% of those employed in the IT sector, despite rapid IT industry growth and increasing digitalisation trends. In response to these challenges, civil society and the private sector in BiH are leading initiatives to mitigate the risk of digital exclusion for vulnerable groups. Four UN agencies (United Nations Development Programme (UNDP), the United Nations Children’s Fund (UNICEF), UN Women, and the United Nations Population Fund) launched the IT Girls initiative in BiH, aimed at bridging the digital gender gap and promoting equal opportunities in the marketplace, workplace, and community through high-quality digital skills training. By the end of 2023, IT Girls had partnered with seven Ministries of Education across both entities and the Department of Education of Brčko District, reaching 22 primary and 28 secondary schools and empowering more than 2 000 girls and young women. Additionally, Bit Alliance, an IT industry association, has organised CoderDojo free programming schools at 16 locations in 11 cities, training over 700 elementary and high school students.

BiH has yet to adopt specific policies to foster the development of green digital technologies. Initiatives to promote a green digital sector and draw from its advantages for the green transition are still nascent. However, it is noteworthy that the Agency of Statistics of BiH has begun collecting and publishing data on the environmentally friendly use of ICTs by companies and individuals, which aligns with the European Green Deal policies. According to this data, enterprises are aware of the environmental impact of ICTs, and efforts have been made to address it. In 2022, 61.5% of enterprises applied measures to reduce the environmental impact stemming from the energy consumption of ICTs (BHAS, 2022[21]). Additionally, 42.8% of enterprises consider the environmental impact of ICT services and equipment when purchasing. Furthermore, 40.3% of enterprises recycle ICT equipment no longer in use, while 51.6% store it in the enterprise (e.g., for spare parts) and 19.8% donate it. However, regarding individuals, the data on recycling habits for unused ICT equipment paint a less encouraging picture, indicating a lack of public awareness regarding the environmental impact. In 2022, 19.3% of individuals disposed of their old laptops or tablets without recycling them, significantly surpassing the EU average of 1.44% (BHAS, 2022[21]). Similarly, 12.9% discarded their old smartphones without recycling, again exceeding the EU average of 2.13% (Eurostat, 2024[27]).

Despite these challenges, BiH has made strides in establishing a framework for managing Waste of Electrical and Electronic Equipment (WEEE), or e-waste. In the FBiH, targeted regulations were adopted in 2022, setting forth fees for end-of-life products categorised as e-waste. Furthermore, secondary legislation on e-waste management based on the Extended Producer Responsibility (EPR) principle was enacted in March 2023. Under these regulations, manufacturers, distributors and importers of such products must report to the Federal Ministry of Environment and Tourism of BiH and the FBiH Environmental Protection Fund regarding the quantity, mass and type of equipment placed on the market. Similarly, the RS Government introduced unique waste streams, including e-waste, in its Law on waste management in 2020. However, RS does not yet have accompanying regulations governing e-waste management and relevant EPR measures. Environmental inspectors oversee waste management and enforcement activities at both the state and entity levels.

BiH's privacy and personal data protection have shown little progress over the past three years. Despite assumed obligations towards EU accession, there is limited advancement in aligning the legal framework with the EU acquis, such as the EU General Data Protection Regulation (GDPR)14 and EU Police Directive15 (European Commission, 2023[17]). Although the Council of Europe Convention 108+ (ETS 223/2018) on personal data protection was ratified in July 2022, necessary regulations to harmonise domestic legislation have yet to be adopted. Moreover, the existing Law on personal data protection fails to address digital privacy concerns adequately. Significant harmonisation is required to better balance privacy protection and the broader public interest. Institutions have utilised this framework to deny citizens access to information and documents and hampers automated data exchange between public institutions for efficient public service delivery, contradicting the “once only” principle (AZLP.BA, 2023[28]). The Agency for Personal Data Protection operates on inadequate human, financial and technical resources, lacking initiatives to strengthen its independence (European Commission, 2023[17]). Despite a growing number of complaints, the Agency has only 11 staff members assigned to supervise the Law on personal data protection. In 2022, 75 direct inspections were conducted in both the public and private sectors, with many complaints left unprocessed or referred to the justice system (AZLP.BA, 2023[28]). Most complaints in 2022 were related to personal data processing through video surveillance cameras, indicating a significant public protection gap. Furthermore, the Agency’s capacity-building and public awareness efforts are severely limited, as evident from the organisation’s one training session in 2022. Its jurisdiction for supervision and inspection is restricted to institutions of the BiH state. While the BiH Parliament must consult the Agency on legal proposals, other assemblies at the various administrative levels of BiH are not mandated to seek the Agency’s opinion on legislative proposals regarding personal data processing. Although data controllers and processors, particularly in public authorities, are not required to appoint a personal data protection officer (DPO), the Agency has appointed its own DPO and established a register of data protection officers for BiH. In its annual reports, the Agency consistently stresses the need for legal harmonisation with EU legislation to enhance BiH's privacy and personal data protection standards.

BiH is in the early stages of developing consumer protection in e-commerce. Currently, there is no policy or programme specifically addressing consumer protection of online consumers. The existing BiH Consumer Protection Act is outdated and does not align with the EU framework on consumer rights. Although the Act includes some consideration of distance contracts, it lacks provisions for addressing the rapidly changing digital markets. Responsibility for legal harmonisation in consumer protection lies with the Market Surveillance sector of the Ministry of Foreign Trade and Economic Relations of BiH. Individual inspection laws are enacted at the entity level in FBiH, RS and the Brčko District. The Institution of the Ombudsman for Consumer Protection in BiH is crucial in promoting effective consumer protection policies, including e-commerce transactions. It advocates for establishing efficient out-of-court settlement mechanisms, such as alternative dispute resolution. It emphasises the need for legal reforms to enable collective lawsuits and collective compensation for consumers. Presently, consumers in BiH must resort to the court system to address misleading or fraudulent e-commerce practices. This process is often time-consuming, financially burdensome, and impractical for minor disputes. Moreover, consumers in BiH face unequal protection across entities, as legislation and inspection processes vary. While RS updated its legal framework on e-commerce in 2016 and consumer protection in 2017, alignment with the EU acquis remains incomplete. Law enforcement and inspections in e‑commerce are lacking. Similarly, in the FBiH, the Federal Inspectorate’s annual activity reports show no inspection activity in e-commerce. Moreover, in both entities, data collection regarding consumer complaints related to e-commerce is absent. Unfortunately, there are no noteworthy government initiatives at any administrative level to raise awareness about consumer rights and how to exercise them in e-commerce transactions. Some awareness activities are conducted by the eCommerce Association in BiH.16 Despite this lack of online consumer education, e-commerce uptake is increasing, with 41.31% of Internet users making online purchases in the past 12 months in 2023. However, it is still notably lower than the EU average of 75.14% (Eurostat, 2024[29]).

BiH is yet to bolster its cybersecurity capacities despite facing a significant cyberattack in September 2022 that disrupted the functioning of key institutions such as the Parliament of BiH and the Council of Ministers of BiH for two weeks. A nationwide cybersecurity strategy remains elusive, as do efforts to enhance the resilience of critical infrastructure and ensure adequate investment in capacities and co-operation to combat the growing challenges of cybercrime. Moreover, there is a lack of political agreement on adopting a legal framework for cybersecurity and establishing a Cybersecurity Council or Authority to serve as the Unique National Focal Point, as outlined in the EU Directive on Security of Network and Information Systems (NIS1 and NIS2). Although the BiH Ministry of Security has drafted the Law on Information Security, Networks Security and Security of Information Systems, its adoption is pending. RS has enacted its own legislation on information security and critical infrastructure, but these laws are not yet aligned with the EU framework.

Moreover, progress in establishing Computer Emergency Response Teams (CERTs) and co-operating with international CERT networks to combat cybercrime has been limited. Although BiH has adopted a strategy to develop a national CERT, no consensus on its implementation has been reached. Currently, state and entity governments are striving for political agreement on CERT jurisdiction and functions to create a domestic network of co-operating CERTs. While RS has established the RS-CERT as a unit of the competent Ministry, a CERT for FBiH is not yet in place. However, the Ministry of Security of BiH has set up the Military CERT with financial and technical support from NATO. It plans to establish the BH‑CERT for the institutions of the Council of Ministers. Similarly, the FBiH intends to establish the FBIH-CERT with support from UNDP. The University of Sarajevo has also established an Academic CERT since August 2022. However, despite these initial efforts and plans, co-ordination and collaboration between existing CERTs remains deficient, negatively impacting the economy’s cybersecurity capacity. Supported by the international donor community, an assessment of BiH’s cybersecurity resilience and readiness is ongoing,17 along with public awareness campaigns (ITU, 2023[13]).

BiH’s progress on implementing CO 2021 Recommendations has been mixed. The economy has made moderate advances in digital government development, yet progress in electronic communications, business digitalisation, ICT sector support and cybersecurity has been limited. There has been no notable progress in advancing personal data protection or rural broadband development. Table 11.2 The information below shows the economy’s progress in implementing past recommendations for developing a digital society.

Considering the level of the previous recommendations’ implementation, there are still areas in which BiH could enhance the digital society policy framework and further improve aspects of inclusive broadband development, data openness, interoperable digital transformation of public administration, and development of trust in digital technologies. As such, policy makers may wish to:

• Agree on a nationwide broadband development plan and expedite legal and regulatory reforms to facilitate high-speed network infrastructure development investments. To address the growing digital divide and accelerate rural development, BiH must prioritise adopting a broadband development policy with a comprehensive action plan. Drawing inspiration from neighbouring economies like Albania, which have successfully leveraged donor support for similar initiatives, BiH can implement strategies to enhance high-speed Internet access. All levels of the government must collaborate in streamlining administrative processes and reducing costs associated with network infrastructure investments aligning with the EU Broadband Cost Reduction Directive. Harmonising legacy legislation at the entity and local administration levels on construction permits and providing essential information for comprehensive broadband infrastructure mapping will be instrumental in achieving this goal.

• Establish a legal framework and an open data portal to foster data sharing and reuse and facilitate data innovation partnerships. To promote data sharing and drive innovation, BiH must prioritise establishing a robust legal framework and an open data portal aligned with the EU Open Data and Data Governance Directives. Harmonising legacy laws at the entity and local administration levels is essential to ensure smooth implementation. Adopting mandatory guidelines on proactive data transparency, licensing and formats, and identifying high-value datasets will facilitate data reuse for developing new applications. Partnering with the private sector will further enhance data-driven solutions for the benefit of citizens and businesses.

• Adopt a nationwide action plan for the digital transformation of public administration spreading across all levels of government, fostering interoperability. BiH must secure political agreement across entities and administration levels to enact a government digitalisation action plan. This plan should target obstacles to interoperability, enabling data exchanges among public institutions, interconnection of public registers, and mutual recognition of digital identity systems (Box 11.2). Emphasis should be placed on developing high-quality, user-friendly, interoperable services that seamlessly serve all citizens and businesses across BiH territory. An intergovernmental group with decision-making powers should oversee the plan's co-ordination and monitoring, focusing on legal harmonisation to streamline administrative procedures and digitalisation efforts.

• Align legislation on privacy and personal data protection with the EU framework and enhance the resources of the Agency for Personal Data Protection. BiH must adopt new legislation that aligns with the EU GDPR on personal data protection and the EU Police Directive, as well as legislation incorporating digital privacy principles aligned with the EU Privacy Directive. Ensuring the independence of the Agency for Personal Data Protection and providing sufficient financial, human, and technical resources for its operations is crucial. The Agency must be empowered to fulfil its responsibilities effectively, including significant capacity-building and awareness initiatives. Mandating institutions at all administrative levels to seek and respect the Agency's opinion on legal and regulatory proposals before adoption is essential to strengthen data protection measures.

• Adopt a comprehensive legal framework for cybersecurity across all government levels to align with the EU cybersecurity framework. BiH must establish a robust legal framework for cybersecurity that mirrors EU standards. Strong co-ordination among state and entity-level governments is essential to create a unified approach in tackling cybersecurity challenges. Collaboration is key in combating cybercrime effectively and enhancing the cyber resilience of critical information infrastructures, particularly those shared or interconnected between entities. Recognising that cybersecurity is only as strong as its weakest link, it is imperative to establish a national focal point or cybersecurity authority. This authority should foster direct collaboration with NIS authorities from EU Member States, facilitating the exchange of knowledge and best practices. Moreover, legislation for cybersecurity certification of ICT products, services and processes, in line with the EU Cybersecurity Act,18 should be promptly enacted to ensure that the highest level of cybersecurity standards is met.

[11] ARKEP (2023), A Summary of the Main Indicators of Electronic Communications, https://www.arkep-rks.org/desk/inc/media/9946608d-8146-4ce3-9859-c7af61e7fd77.pdf.

[28] AZLP.BA (2023), Report About the Protection of Personal Data in Bosnia and Herzegovina for 2022, Agency for Personal Data Protection of Bosnia and Herzegovina, http://www.azlp.ba/publikacije/?id=3970.

[7] BHAS (2023), Electronic Communications 2023, Agency for Statistics of Bosnia and Herzegovina, https://bhas.gov.ba/Calendar/Category/29 (accessed on 14 June 2024).

[9] BHAS (2023), Telecommunications Equipment, Network and Services BiH, Agency for Statistics of Bosnia and Herzegovina, https://bhas.gov.ba/data/Publikacije/Saopstenja/2023/IKT_03_2022_Y1_1_BS.pdf (accessed on 14 June 2024).

[20] BHAS (2023), Usage of Information and Communication Technologies in Enterprises, 2023, First Results, Agency for Statistics of the Bosnia and Herzegovina, https://bhas.gov.ba/data/Publikacije/Bilteni/2023/IKT_00_2022_TB_1_BS.pdf (accessed on 14 June 2024).

[3] BHAS (2023), Usage of Information and Communication Technologies in Households and Individuals 2023, First Results, Agency for Statistics of Bosnia and Herzegovina, https://bhas.gov.ba/data/Publikacije/Saopstenja/2023/IKT_05_2023_Y1_1_BS.pdf.

[1] BHAS (2022), Gross Domestic Product by Production, Income and Expenditure Approach, Agency for Statistics of Bosnia and Herzegovina, https://bhas.gov.ba/data/Publikacije/Bilteni/2023/NAC_00_2022_TB_1_BS.pdf (accessed on 14 June 2024).

[19] BHAS (2022), Usage of Information and Communication Technologies in Enterprises, 2022, First Results, https://bhas.gov.ba/data/Publikacije/Saopstenja/2022/IKT_04_2022_Y1_0_BS.pdf.

[21] BHAS (2022), Use of Information and Communication Technology in Bosnia and Herzegovina 2022, Agency for Statistics of Bosnia and Herzegovina, https://bhas.gov.ba/data/Publikacije/Bilteni/2023/IKT_00_2022_TB_1_BS.pdf.

[24] BHAS (2021), Use of Information and Communication Technology in Bosnia and Herzegovina 2021, Agency for Statistics of Bosnia and Herzegovina, https://bhas.gov.ba/data/Publikacije/Bilteni/2022/IKT_00_2021_TB_1_BS.pdf.

[22] BioSense Institute (2023), BioSense Institute, https://biosens.rs/en (accessed on 1 March 2024).

[5] CRA (2023), Telecommunications Indicators of Bosnia and Herzegovina for 2022, Communications Regulatory Agency, https://docs.rak.ba/documents/d86c1957-09ce-454b-b0f4-ba4cf6b6867a.pdf (accessed on 14 June 2024).

[10] CRA (2022), Elecommunications Indicators of Bosnia and Herzegovina for 2021, https://rak.ba/bs-Latn-BA/telecom-market-analysis (accessed on 1 March 2024).

[31] e-Estonia (2023), X-Road – Interoperability Services, https://e-estonia.com/solutions/x-road-interoperability-services/x-road/ (accessed on 1 March 2024).

[17] European Commission (2023), Bosnia and Herzegovina 2023 Report, Commission Staff Working Document, SWD(2023) 691 final, European Commission, https://op.europa.eu/en/publication-detail/-/publication/6c4aedce-7eee-11ee-99ba-01aa75ed71a1/language-en.

[29] Eurostat (2024), Internet Purchases by Individuals - Last Online Purchase: in the 12 Months, https://doi.org/10.2908/ISOC_EC_IB20 (accessed on 12 March 2024).

[25] Eurostat (2024), “Individuals- internet use”, Last Internet Use in the Last 3 Months, https://ec.europa.eu/eurostat/databrowser/view/isoc_ci_ifp_iu/default/table (accessed on 15 March 2024).

[27] Eurostat (2024), Destination of ICT Devices No Longer in Use, https://doi.org/10.2908/ISOC_ECO_DD (accessed on 11 March 2024).

[4] Eurostat (2024), Households - Level of Internet Access, https://doi.org/10.2908/ISOC_CI_IN_H (accessed on 19 July 2024).

[23] Eurostat (2024), Individuals’ Level of Digital Skills (from 2021 onwards), https://ec.europa.eu/eurostat/databrowser/view/isoc_sk_dskl_i21__custom_9882830/bookmark/table?lang=en&bookmarkId=ca727989-dcca-4872-9a11-051d8950f01e (accessed on 19 July 2024).

[2] FZZPR (2021), Development Strategy of FBiH 2021-2027, Government of the Federation of Bosnia and Herzegovina, https://www.fzzpr.gov.ba/files/Strategic%20documents%20of%20FBiH/Development%20Strategy%20of%20the%20FBiH%202021-2027-summary_ENG.pdf.

[18] GIZ (2024), “GIZ and the Agency for Identification Documents, Records and Exchange in BiH (IDDEEA) Established Cooperation for the Development of a Digital Identity Platform”, https://eu4digitalsme.ba/novosti/giz-i-agencija-za-identifikacione-dokumente-evidenciju-i-razmjenu-u-bih-iddeea-ozvanicili-saradnju-za-razvoj-platforme-digitalnog-identiteta/.

[13] ITU (2023), Bosnia and Herzegovina – Digital Development Country Profile, International Telecommunications Union, Office for Europe, https://www.itu.int/en/ITU-D/Regional-Presence/Europe/Documents/Publications/2023/Digital%20Development%20Country%20Profile%20Bosnia%20and%20Herzegovina%20%5Bfinal-%20March%202023%5D.pdf.

[6] ITU DataHub (2023), Fixed and Mobile Subscriptions, https://datahub.itu.int/dashboards/?id=2 (accessed on 19 July 2024).

[30] Nortal (2022), “X-Road: Estonia’s Digital Backbone”, https://nortal.com/insights/x-road-estonias-digital-backbone.

[8] OECD (2024), OECD Broadband Portal, Fixed Broadband - Fibre/LAN Subscriptions per 100 Inhabitants, https://www.oecd.org/digital/broadband/broadband-statistics. (accessed on 19 July 2024).

[12] OECD (2023), “Broadband Portal”, https://www.oecd.org/digital/broadband/broadband-statistics.

[16] OGP (2023), Independent Reporting Mechanism (IRM) Action Plan Review: Bosnia and Herzegovina 2022-2024, https://www.opengovpartnership.org/documents/bosnia-and-herzegovina-action-plan-review-2022-2024-for-public-comment.

[15] Page M., H. (2023), 2023 Open Data Maturity Report, Publications Office of the European Commission, https://data.europa.eu/sites/default/files/odm2023_report.pdf.

[14] SIGMA (2022), Monitoring Report- The Principles of Public Administration: Bosnia and Herzegovina, May 2022, OECD, https://www.sigmaweb.org/publications/Monitoring-Report-Bosnia-and-Herzegovina-May-2022.pdf.

[26] UNICEF (2023), “By Connecting Schools in Bosnia and Herzegovina to the Internet, Enable Education of the 21st Century”, https://www.unicef.org/bih/en/press-releases/connecting-schools-bosnia-and-herzegovina-internet-enable-education-21st-century.