Serbia leads the way in digital society policies within the Western Balkan region, with its information and communication technology (ICT) sector accounting for a robust 5.1% of the national GDP in 2021 (Statistical Office of the Republic of Serbia, 2024[2]). As the largest net exporter industry in the economy, the ICT sector employed over 95 000 individuals and witnessed a remarkable 45% year-on-year increase, exporting nearly EUR 2.7 billion in ICT services in 2022 (European Commission, 2023[3]) .The sector’s growth trajectory persisted in 2023, with projected ICT exports exceeding EUR 3.6 billion (RS, 2023[4]). In fact, the ICT sector has outpaced agriculture in its contribution to the nation's GDP for the first time. By the end of 2023, Russian nationals registered some 9 000 new businesses, operating mostly in the IT sector, which contributed to the ICT’s sector and exports’ growth. However, this remarkable growth can also be partially attributed to Serbia's performance in the artificial intelligence (AI) and biotechnology domains.

The economy has invested in expanding its high-speed optical backhaul network, bringing fibre broadband to 26.44% of all broadband connections in 2022. The government remains committed to digitalising public administration to drive innovation, competitiveness and growth.

However, despite efforts to increase the share of individuals with basic or above-basic digital skills in Serbia, there has been a concerning decline, from 41.3% in 2021 to 33.76% in 2023. This contrasts with the EU average, which increased from 53.92% in 2021 to 55.35% in 2023 (Eurostat, 2024[5]). These statistics highlight a notable disparity in digital skills development and emphasise the pressing need to reassess current policies and implement robust initiatives to enhance digital literacy.

Serbia has made substantial progress in enhancing its broadband infrastructure since 2021, notably extending fibre network access to rural and remote areas. According to Serbia’s telecoms regulator, more than 70% of fixed broadband Internet subscribers use connections faster than 30 Mbps (megabits per second), with over 50% exceeding 100 Mbps (RATEL, 2023[6]). The Statistical Office reports an increase in broadband connections for households in rural settlements, rising from 74.5% in 2021 to 79.8% in 2023. The government remains committed to the vision outlined in the Next Generation Networks Strategy, concluded in 2023, while currently preparing the new broadband policy framework towards a Gigabit Society by 2030. The Ministry of Information and Telecommunications (MIT) launched the EU and EBRD co-funded the Rural Broadband Rollout (RBB) project in December 2022.1 The project aims to construct fibre networks to provide high-speed broadband access to 706 rural settlements by the end of 2025. This infrastructure will connect 728 schools and public buildings with ultra-fast broadband speeds above 1 Gbps (gigabit per second), while over 118 000 households will gain access to 50 Mps connectivity that will gradually upgrade to at least 100 Mps by 2025. The project draws from private sector investments alongside mid-mile investments made by the government for the development of last-mile network connectivity. In early 2024, 161 rural settlements are already connected with high-speed Internet, reaching around 25 000 households, and nearly 70 000 inhabitants (RS, 2024[7]). Legislation on state aid rules for developing broadband infrastructure is not yet aligned with the revised EC Guidelines enforced in 2023,2 meaning that the project is currently developed on the pre-existing EC Guidelines from 2013.3 The revised guidelines adjust the threshold for public support to fixed networks according to the latest technological and market developments, introduce a new assessment framework for deploying 5G mobile networks, and simplify rules to incentivise the adoption of broadband services.

Despite positive developments in broadband access, challenges persist. Issues that slow down or even discourage further broadband network investments include restricted access for users and operators to infrastructure like optical fibres, ducts, public operators’ infrastructure, and dark fibres, alongside lingering constraints imposed by environmental and municipal planning legislation. Although a working group has identified and recommended measures to remove these obstacles, joint decisions among relevant institutions for their implementation are still pending. Furthermore, the draft Law on Broadband Development and subsequent regulations are not anticipated for adoption before the second quarter of 2024. These aim to align with the EU Broadband Cost Reduction Directive,4 effectively reducing costs and regulatory and administrative burdens for network infrastructure investors.

Serbia continues on the path of aligning its electronic communications regulatory framework with the EU acquis, and the recent enactment of the new Law on Electronic Communications in May 2023 marks a positive step toward compliance with the European Electronic Communications Code (European Commission, 2023[3]). The new Law encourages broader Internet connectivity and incentivises private sector investments, outlining mandatory obligations for broadband network operators and refining the approach to radio frequency spectrum and numbering for developing new services, fostering competitiveness. However, the regulatory reform remains incomplete without adopting the necessary accompanying regulations. The Regulatory Authority for Electronic Communications and Postal Services (RATEL) has yet to align voice termination rates across fixed/wireless networks with the EU’s Delegated Regulation5 and to update the analysis of product and service markets within the electronic communications sector in line with the updated EC Recommendation6 on relevant markets. The Law also reinforces the role of RATEL and aims to ensure its financial and operational independence, an aspect that remains subject to recurring scrutiny (European Commission, 2023[3]). RATEL is well staffed with 150 employees at the end of 2023, but staff retention faces challenges due to the imposed salary cap for RATEL personnel.

Despite adopting the new Law on Electronic Communications, the development of 5G has suffered significant delays. Regulations for simplifying and accelerating 5G network installations, including specifications for small-area wireless access points (small antennas), are yet to be prepared. The Ministry is drafting the rulebook on minimal conditions for issuing individual permits for spectrum use, thereby holding back the public bidding procedure for the 5G radio frequency spectrum for 2024.

Serbia has made notable advancements in developing data accessibility in the past three years, primarily driven by data openness objectives in the e-Government Development Programme 2021-25 and supported by measures outlined in the Strategy for Public Administration Reform 2030 and the Artificial Intelligence Strategy 2020-25. While the existing legal framework enables data sharing and reuse through legislation on e-Government and e-Documents, and secondary regulations that delineate the format of published datasets, data governance, and the operation of the national open data portal, it is not fully aligned with the EU Open Data Directive7 or the EU Data Governance Act.8 This alignment will introduce rules for government-held data marketplaces, delineate the reuse of high-value datasets, boost the development of trustworthy data-sharing systems and facilitate the use of public sector data that cannot be made available as open data, such as health data. Efforts are under way to analyse and amend the Law on e-Government in line with EU legislation, encompassing the definition of high-value datasets, governance and accessibility. Serbia is the first Western Balkan (WB) economy to establish a geospatial data-space, GeoSrbija,9 curated by the Republic Geodetic Authority of Serbia, promoting the sharing and reuse of relevant data.

Serbia has developed its national open data portal10 into the most advanced platform of its kind in the WB region. As of early 2024, it offers more than 2 400 open datasets across various thematic topics, a significant increase from the 1 643 datasets available in 2021. The portal presents 42 use-case examples, demonstrating the practical application of open data reuse and stimulating interest in data innovation. Developers can access open datasets published in machine-readable formats through an application programming interface (API) that facilitates the development of innovative services. The Office for IT and e-Government (ITE) operates the portal and offers direct support to data publishers, including an API Guide to support holders of real-time or dynamic data. It further supports data‑ecosystem participants from the public and private sectors through the Open Data Hub11 (ODH). The ODH is a platform offering training on the open data portal, educational activities on data reuse, and various events and meet-ups (hackathons, datathons, Open Data Week) organised in the past three years. Serbia’s progress in developing data openness and accessibility is evident in the 2023 Open Data maturity report (Page et al., 2023[8]), where Serbia ranks 25^th among 35 countries with a 75% overall score across the four dimensions of open data maturity assessed.12 Although slightly below the EU average score of 79%, Serbia has significantly improved its score since 2022. This improvement primarily refers to the portal and quality dimensions and stems directly from the creation of guidelines, active assistance to data providers in publishing high-quality metadata, a higher number of automatically sourced datasets, and the availability of more datasets with open licences in a structured format.

Serbia stands at the forefront of digital government development in the WB region, maintaining a strong performance in digitalising public administration and services over the past three years. The European Commission’s 2023 eGovernment benchmark report, monitoring Europe’s progress in digitalising public services (Capgemini, Sogeti, IDC and Politecnico di Milano, 2023[9]) reveals that Serbia made significant progress in digitalising public services compared to 2022. Serbia is approaching the EU average in user centricity, transparency and key enablers such as eID, e-Documents, pre-filled forms and digital post, although it still lags behind in developing cross-border services. Additionally, Serbia reported the highest percentage of individuals that used the Internet to interact with public authorities (51.1%), compared to WB economies and the EU average (50.65%) in 2022 (Eurostat, 2024[10]). These positive results in digital government development were underpinned by the Strategy for Public Administration Reform (PAR) 2021-30 and the Programme for Simplifying Administrative Procedures and Regulations "e-PAPER". Moreover, they are currently boosted by the e-Government Development Programme with its 2023-25 action plan. Implementing these policies, driven by the pandemic, the ITE Office was mandated to prioritise and accelerate the introduction of citizen-centric digital services. Those services are well grounded on a legal framework that aligns with the EU acquis, comprising the Law on e‑Government and complementary regulations. The national eID scheme aligns with the eIDAS13 regulation, and the eID system, complete with mobile eID, is seamlessly integrated into the e‑government portal and the population register. Currently, many databases are connected to the government information system, and approximately 340 services are available on the national e‑government portal. 80% of these enable submission of forms and e-payment, although in some cases, a visit to the counter might still be required to complete the service (MPALSG, 2023[11]). The uptake of the eID system is rapidly increasing, with over 830 000 eIDs activated so far.

Despite these developments, several challenges persist. While progress has been made in establishing a robust technical framework and ICT infrastructure – ensuring interoperability and further integration of electronic registers – maximising the utilisation of digital government infrastructure and raising awareness of the benefits of digitalisation require further attention. The ex post assessment of the e‑Government Programme for 2020-22, conducted in March 2022, identified inadequate co-ordination among public authorities due to a lack of well-developed strategic management of e-Government reforms (Mysun En Natour, 2022[12]). Moreover, the mid-term implementation report of the PAR strategy up to June 2023, although positive in terms of implementation progress, highlighted the need to strengthen monitoring of service provision quality and user satisfaction, and to adopt a centralised approach with clear co-ordination mechanisms for service provision (MPALSG, 2023[11]). Furthermore, the same report unveiled persisting impediments to digitalisation, including a lack of pro-digitalisation culture among public sector officials, a shortage of digital skills among civil servants, and challenges in recruiting and retaining professional IT staff. In response, an electronic platform14 for constant visibility and monitoring of planned activities in public administration reform and public finance was established, to support informed decision making and improved results.

Serbia has made progress in supporting digital business development in the current assessment period. However, the impact of implemented activities remains limited due to the insufficient allocation of financial resources. Various policy documents come together to form a framework supporting enterprises, with a particular emphasis on small and medium-sized enterprises (SMEs), in digitalising their business operations and engaging in technological innovation. The Industrial Policy Strategy 2021‑30 and the Strategy for the Development of Information Society and Information Security 2021-26 delineate measures aimed at micro-SMEs digitalisation, e-business development, and enhancing digital skills for citizens and employees. Despite establishing the Council for Development of Digital Economy in 2021 to strengthen horizontal co-ordination, inadequate monitoring of the implementation of policy initiatives and programmes and the complete absence of impact assessments in this field necessitate immediate action.

The Centre for Digital Transformation (CDT) of the Chamber of Commerce and Industry successfully implemented the SME Digital Transformation Support Program in 2023, building on the accomplishments of the preceding SPEED 1.0 and SPEED 2.0 programmes in 2021 and 2022. These initiatives have provided valuable support to SMEs across sectors, facilitating equipment and software purchases and offering consulting services for digitalisation and engagement in digital innovation. Over the six years of its operation, more than 4 500 companies have applied for CDT programmes (Serbia Monthly, 2023[13]), indicating significant demand in similar initiatives. However, the allocation of financial resources falls short of meeting the industry’s demand. The Ministry of Information and Telecommunications (MIT), overseeing Information Society policy implementation, reported that 447 businesses applied for consulting services in the framework of the micro-SME Digital Transformation programme in 2022, and 272 projects received funding (MIT, 2022[14]). Additionally, the Digital Academy of the CDT, through its Fundamentals of Digital Transformation programme, offers free-of-charge digital skills training to managers and SME owners, contributing to a more digitally adept business landscape. Serbian businesses are also at the forefront of e-commerce engagement compared to the Western Balkan region, with 28.9% of enterprises with more than ten employees selling on line. This figure surpasses the EU average of 22.9% in 2023 (Eurostat, 2024[15]).

Serbia boasts a strong ICT industry with a dynamic IT ecosystem. The landscape includes 4 Science Technology Parks, 23 start-up centres, 5 IT clusters and more than 20 co-working hubs. The policy framework nurtures ICT industry growth, emphasising innovation, internationalisation, and Intellectual Property Rights (IPR) management. In 2022, 24 events were organised by competent authorities abroad to support businesses’ internationalisation, while 17 domestic events were organised to promote participation in business delegations abroad (MIT, 2022[14]). The Innovation Fund stands out as a pivotal instrument, notably supporting start-ups and SMEs, with ICT SMEs constituting most of its beneficiaries (51% of the total in 2022). The government has adopted the Strategy for the Development of Information Society and Information Security 2021-26 to support digital transformation of SMEs and electronic business development. Nevertheless, the challenges facing the ICT sector remain. The predominant constraint for ICT companies lies in the scarcity of IT professionals and the misalignment of ICT graduates' skills with labour market needs (Matijević and Šolaja, 2022[16]). Addressing this gap, the government is implementing key initiatives aimed at increasing the capacities of technical faculties in universities, enhancing programming in high schools, and implementing IT Retraining15 for the employed and unemployed according to surveyed industry needs, which has already trained 2 200 participants in two successful rounds completed so far.

Serbia has positioned itself as a pioneer in supporting emerging digital technologies in the Western Balkans, not only adopting a comprehensive policy framework for artificial intelligence (AI) development but also advocating ethical guidelines to ensure the responsible and reliable use of this transformative technology. Serbia ranks 57th out of 172 countries on the Government AI Readiness Index 2023, which is the best ranking in the Western Balkans (Oxford Insights, 2023[17]). The government adopted the Strategy for the Development of Artificial Intelligence 2020-25 to harness the potential benefits of AI for the economy’s advancement. The strategy encompasses over 30 projects, investing EUR 5 million in grants and equity for AI start-ups in Serbia. It also promotes the introduction of AI masters and Ph.D. programmes and boosts AI talent by retraining workers in AI skills. In 2021, the government took a significant step forward in establishing Serbia's Research and Development Institute for Artificial Intelligence. This institute serves as a catalyst for collaboration between public and private sector organisations, functioning as an incubator for AI start-ups. Actively engaging with international AI development events, the AI Institute plays a crucial role in raising awareness about diverse AI applications and building further on the skills of the existing IT talent pool in Serbia. Simultaneously, the Innovation Fund is pivotal in advancing the AI landscape by financing the GovTech programme, among other initiatives. This initiative is geared towards applying disruptive technologies to tackle public sector challenges, fostering collaboration between public and private entities, and ultimately fostering increased digitalisation. Through these efforts, Serbia is shaping a cohesive and forward-looking narrative for AI development and deployment. In December 2020, Serbia adopted the Law on Digital Assets to empower its innovative ecosystem and foster a welcoming business environment. This law recognises virtual currency and digital tokens as legal digital assets, paving the way for emerging opportunities in blockchain technology and creating new financing options for Serbian start-ups.

Serbia has yet to yield significant tangible outcomes in its efforts toward digital inclusion, despite embedding measures to mitigate digital exclusion risks in various strategic documents. While the policy framework generally addresses digital inclusion challenges through activities implemented by different institutions, horizontal co-ordination and monitoring mechanisms for these activities are absent. Although social inclusion policies and action plans are monitored by the Public Policy Secretariat (RSJP), neither this body nor any other public institution is tasked with monitoring digital inclusion and performing relevant impact assessments. It is positive that the government has acknowledged the importance of enhancing digital literacy for vulnerable groups; it has outlined digital skills development initiatives in digital society policies, such as the Strategy for the Development of the Information Society and Information Security 2021-26 and the Strategy on the Development of Digital Skills for 2020-24. Additionally, measures contributing to digital inclusiveness are integrated into other strategic documents fostering equitable access for persons with disabilities, universal access to high-speed communications, child safety online, and access to e-government services for all citizens. Tangible results of policy implementation include the Ministry of Information and Telecommunications (MIT) allocating RSD 14 million (around EUR 120 000) to associations for the implementation of programmes aimed at raising the level of digital literacy and digital competencies of women in rural areas, training 1 530 women in the period 2021-22 (MIT, 2022[14]). However, no other vulnerable groups have had access to similar widespread training initiatives. Measures are planned but to be implemented to support groups at risk of digital exclusion, with financial subsidies for acquiring digital technologies; digital coupons for purchasing PCs, laptops or tablets; and free-of-charge digital skills training programmes.

Moreover, while Serbia has adopted EU guidelines16 on e-accessibility since 2018, implementation is still lagging. Although some e-accessibility elements are embedded in the national e-government portal, the website of the Serbian Government17 and the Office for IT and e-Government (ITE), full compliance with international standards such as the Web Content Accessibility Guidelines (WCAG) 2.0 is yet to be achieved in all public sector websites and applications. Furthermore, the legal framework lacks certification schemes for accessibility of ICT products and services, and public procurements have yet to embed such accessibility requirements. Notably, Internet usage has been increasing across age groups in the period 2021-23, according to the Statistical Office of Serbia. In 2023, 85.4% of individuals in Serbia used the Internet in the last three months, compared to the EU average of 91.41% (Figure 11.1). Additionally, while Internet users in the 65-74 age group marked the most significant increase, from 33.9% in 2021 to 49% in 2023, they are still behind the EU average in 2023 (72.07%).

Serbia currently lacks policies to ensure the integration of green digital technologies and environmentally sustainable practices into the digitalisation process. Programmes and policy initiatives designed to foster a green digital sector and harness its benefits for the green transition have yet to be developed. Existing digital society policies overlook the environmental impact of the ICT sector and the effect of the growing use of digital technologies on climate change. The current perspective on digitalisation primarily positions it to achieve eco-friendly outcomes. The government’s Green.gov.rs concept illustrates this approach, featuring an online platform for measuring the environmental benefits derived from the digitalisation of public administration and the adoption of e-government services. Policies and programmes, such as the Circular Economy Programme 2022-24 and Innovation Fund initiatives, are promoting the use of technological innovations, including ICTs, to improve the environmental footprint of existing public administration and industrial processes. On a different note, Serbia has adopted a Waste Management Programme for the period 2022-31 aimed at gradually establishing a waste management system in alignment with the EU acquis, including waste electrical and electronic equipment (e-waste). According to the Environmental Protection Agency, municipal e-waste accounted for 5.7% of the total waste streams in Serbia in 2020. Moreover, e-waste management infrastructure has yet to be fully developed or, in rural areas, is entirely absent (Marinković T., 2022[20]). The Programme acknowledges that household e-waste collection remains insufficient, and the government has initiated establishing a relevant system. Currently, waste electrical and electronic equipment management is addressed in the Law on Waste Management, which was last amended in April 2023 and reflects the two main principles of Extended Producer Responsibility (EPR) for managing special waste streams. However, these principles have yet to be fully implemented in e-waste streams.

Serbia has significantly enhanced privacy and data protection since 2021, improving alignment with the EU acquis, enhancing implementation of the framework, and investing in civil servant training and awareness-raising campaigns. Nevertheless, while the situation regarding the protection of individuals’ rights has improved compared to previous years, it is not yet entirely satisfactory. The new Personal Data Protection (PDP) law, adopted in August 2023, is aligned with the EU GDPR,18 and accompanying regulations complete the alignment. While the Law is in the initial phase of implementation across the public and the private sectors, harmonisation of legacy legislation with the new law is pending. Additionally, challenges regarding law enforcement in personal data protection include the small size of imposed fines, unlike the GDPR, and the significant number of exceptions to the application of the Law, discouraging data practitioners’ compliance efforts. The Commissioner for Information of Public Importance and Protection of Personal Data has prepared a strategy for personal data protection until 2030, adopted in August 2023. This strategy emphasises the need for legal harmonisation, identifies the shortcomings of the current law, and outlines priority areas requiring attention due to rapid digitalisation, such as video and audio surveillance, biometrics, genetic personal data and artificial intelligence. The Commissioner’s Office employs 115 individuals for both fields of competence, empowering the authority to exercise its investigative and corrective powers within the Law. In 2022, the Commissioner reported a significant increase in PDP cases, attributed to heightened online activity and digitalisation, as well as increased awareness of personal data protection issues (Poverenik, 2022[21]). The Commissioner’s office actively provides training for diverse groups, supports personal data handlers in implementing the Law, and assists citizens in exercising their rights. In 2023 alone, the Commissioner’s office organised 38 PDP training sessions across Serbia, with over 1 450 participants from public authorities, civil society organisations, business associations, private sector actors, and university students and school pupils.

Public authorities have demonstrated improved compliance with the obligation to consult the Commissioner on relevant issues, submit draft legislation for review, and implement the Commissioner’s decisions. However, the Commissioner flags public authorities’ careless or untimely response and submission of evidence in relevant procedures (Poverenik, 2022[21]). A public opinion survey conducted in May 2023 for the Commissioner’s Office revealed that the majority of respondents are not familiar with their rights to personal data protection, and 80% consider the risk of personal data abuse to be high. Citizens are increasingly cautious toward private companies, but there is also a noticeable decline in trust in many public institutions regarding the lawful use of personal data. Almost half of the respondents (47.6%) are familiar with the work of the Commissioner, and 78.4% of those express confidence in the level of protection provided by the Commissioner’s Office (KANTAR, 2023[22]).

Serbia has made significant strides in consumer protection in e-commerce in the current assessment period, focusing on modernising its consumer protection framework, improving access to alternative dispute resolution (ADR) systems, and enhancing consumer education. Recognising the growing challenges in consumer protection and the increasing trend of e-commerce, Serbia’s Strategy for Consumer Protection 2019-24 outlined a comprehensive initiative to update consumer protection rules and enhance education for both consumers and traders regarding their rights and obligations in online transactions. As of early 2024, the legal framework on consumer protection, effective since March 2022, aligns significantly with the EU acquis, incorporating provisions from 14 key EU Directives in this area. The Consumer Protection Law has improved the ADR mechanism, imposed restrictions on direct advertising, enhanced the involvement of consumer protection associations in awareness campaigns and emphasised public sector capacity building to implement EU standards, including in e-commerce. To encourage consumers to seek redress through the courts if their issues are not resolved otherwise, the government waved court fees for filing a claim and rendered judgements. Additionally, the establishment of the National Consumer Protection Portal19 aims to provide educational resources for consumers and traders and facilitate the submission of complaints and requests for ADR. However, despite these reforms improving consumers’ ability to exercise their rights including in e-commerce transactions, further actions are needed to complete the alignment with consumer protection practices in EU Member States. Challenges include the non-binding character of recommendations issued by impartial ADR bodies, weakening the effectiveness of ADR mechanisms, and the absence of mechanisms for class action lawsuits, which proved particularly effective in EU Member States and internationally. The Strategy’s Action Plan for 2023-24 includes activities to draft amendments to the consumer protection law by the end of 2024, anticipated to address some of the existing shortcomings.

The Ministry of Internal and Foreign Trade, Department of Consumer Protection, has engaged in efforts to strengthen collaboration with consumer associations and local self-government and increase consumer awareness about the challenges posed by expanding e-commerce. In 2023, the ministry received nine competitive applications to finance consumer protection association programmes. In the first quarter of 2022, consumers in Serbia conducted 9.6 million e-commerce transactions with payment cards, a 31.2% increase year-over-year (RS, 2022[23]). According to the National Register of Consumer Complaints, despite the positive e-commerce trend, consumer complaints about online shopping decreased from 1 877 in 2020 to 1 673 in 2021, with only 7% of total consumer complaints in 2021 related to online shopping. This decline suggests that trust in e-commerce and online consumer protection in Serbia is gradually increasing.

Serbia has gradually advanced its cybersecurity capacity, albeit gradually, with a primary focus on strengthening the policy and legal framework and expanding capacity-building initiatives. Despite these efforts, challenges persist, particularly due to inadequate resources allocated to cybersecurity. The government is currently implementing two key strategies: the Strategy for the Development of Information Society and Information Security 2021-26 and the Strategy for the Fight Against Cybercrime for the period 2019-23, with an emphasis on aligning the framework with EU legislation. The government has improved inspection and incident reporting, leading to increased transparency in the cybersecurity domain. However, there is a need to enhance systematic approaches and transparency in monitoring policy implementation, particularly in conducting thorough analyses and impact assessments. The existing information security law defines critical information infrastructure, mandating operators of ICT systems of special importance to implement protective measures and strengthen systems’ resilience. While the law aligns with the EU Networks and Information Security (NIS) Directive,20 Serbia’s cybersecurity preparedness is not at the level commonly adopted by EU Member States. In response, an amendment is under way to facilitate alignment with the updated EU NIS legislation (the NIS2 Directive21) and the EU Cybersecurity Act.22 Establishing the Agency for Security of Networks and Information Systems and Digital Transformation, anticipated in 2025, is crucial for strengthening collaboration and information exchange with NIS authorities in EU Member States. Additionally, cybersecurity certification for ICT products, services and processes has yet to be adopted, and reforms consistent with the EU Toolbox for 5G Cybersecurity23 are pending to ensure secure development of forthcoming 5G implementations.

Despite policy commitments and legislative reforms, Serbia’s cybersecurity system is hampered by insufficient human and financial resources. However, the country's potential to nurture cybersecurity expertise is significant, supported by a growing ICT industry and academic discussions on expanding graduate and undergraduate cybersecurity programmes. Retaining cybersecurity professionals poses a challenge for the government due to the high demand in the industry. The Sector for Information Society and Information Security, within the Ministry of Information and Telecommunications, operates with ten staff members and the national CERT operates with seven employees as a unit of RATEL, the electronic communications regulator. Nonetheless, collaborative efforts are evident, with regular meetings and data exchange occurring between the national CERT and computer emergency response teams from the public and private sectors, including the Governmental CERT operating as a unit of the Office for IT and e-Government (ITE). Notably, the government exceeded the original targets outlined in the Information Security strategy regarding cybersecurity training volume. The National Academy for Public Administration (NAPA) conducted 134 training sessions under the General Civil Servant Training Programme for 2022, training 6 338 public administration and local self-government employees on cybersecurity and digital skills (MIT, 2022[14]). Moreover, the Ministry of Public Administration, RATEL and NAPA trained 340 individuals in ICT systems of special importance, in addition to 44 individuals from public and private CERTs. The government also developed a guide for SMEs, offering practical instructions on implementing simple and affordable cybersecurity measures based on proved good practice examples.

Serbia’s progress in implementing Competitiveness Outlook 2021 Recommendations has been varied. The economy has made strong advances in promoting open data innovation and personal data protection. However, it has only moderately addressed recommendations regarding the electronic communications sector and the systematisation of digital government monitoring. On the contrary, there has been stagnation regarding digital inclusion initiatives. Table 11.2 shows the economy’s progress in implementing past recommendations for developing a digital society.

Considering the level of the previous recommendations’ implementation, there are still areas in which Serbia could enhance the digital society policy framework and further improve aspects of access to electronic communications and public data, digitalisation of government and businesses, inclusiveness of the digital society, and trust in digital technologies. As such, policy makers may wish to:

• Undertake comprehensive legal and regulatory reforms to foster private sector investments in high-speed communications networks. Necessary reforms include the long-delayed adoption of the Law on Broadband Infrastructure to align with the EU Broadband Cost Reduction Directive and consideration of the 2023 revised EC Guidelines on state aid rules for developing broadband infrastructure. The electronic communications regulator should accelerate the adoption of regulations accompanying the new law on electronic communications in line with the EU Delegated Act to eliminate roaming charges with EU Member States, and the updated EC Recommendation on relevant markets. Serbia should actively consider and integrate the EU Connectivity Toolbox and expedite 5G spectrum auctions, eagerly anticipated by market investors, to facilitate the rollout of commercial 5G services.

• Prioritise adopting updated legislation on reusing public sector information and take measures to enhance the development of trustworthy data-sharing systems. Ensure complete alignment with the EU Open Data Directive and amend existing legislation following the EU Data Governance Act to introduce rules for trustworthy data intermediary services. These reforms will facilitate data sharing across sectors and borders and ensure the reuse of public sector data, including those that cannot be made available as open data, such as health data. The government should specifically focus on establishing real-time, linked, interoperable Data Spaces that function as data marketplaces. This initiative aligns with the Common European Data Spaces concept, boosting the data economy and capitalising on the momentum building up in the domestic open data ecosystem.

• Increase cross-border interoperability in the government's digitalisation and introduce cross-border e-services. As Serbia progresses towards EU Accession, the government could consider streamlining its national eID scheme to ensure interoperability with EU Member States by applying common standards and requirements for electronic identification and trust services. Serbia is well positioned to follow developments regarding the forthcoming European Digital Identity Wallet introduction. These reforms will foster collaborations with EU Member States and facilitate the effective deployment of cross-border services (Box 11.1).

• Strengthen horizontal co-ordination and oversight of digital inclusion initiatives and introduce accessibility criteria for ICT products and services in public procurement. Despite ongoing efforts to cultivate an inclusive information society through various policies and programmes addressing digital skills, e-government services and broadband infrastructure, there is a need for more effective collaboration among state bodies implementing measures that impact digital inclusion development. The government should assign a dedicated body to coordinate relevant activities with implementing institutions horizontally, ensuring cohesive data collection to facilitate impact assessments and evaluation of measures’ efficacy. This entity could also spearhead the development of future digital inclusion policies or initiatives and ensure the application of accessibility requirements for ICT products and services in public procurement processes based on established accessibility standards.

• Increase human and financial resources for cybersecurity and introduce cybersecurity certification requirements for ICT products and services. While alignment of the information security law with the EU Directive on measures for a high common level of cybersecurity across the Union (NIS2) is under way, current staff and financial resources earmarked for cybersecurity are insufficient to combat cybercrime effectively. The government should prioritise the substantial enhancement of operational capacities for both the national CERT and the forthcoming Cybersecurity Agency, empowering them to elevate Serbia’s cyber-resilience and foster increased collaboration and information sharing with competent authorities abroad (see Box 11.2). Additionally, a key focus should be the timely introduction of cybersecurity certification for ICT products, services, and systems, which should align with the EU Cybersecurity Certification Framework and the EU Cybersecurity Act. In preparation for the 5G spectrum auctions in 2024, the government is advised to implement the EC Recommendations on Cybersecurity of 5G Networks.

[9] Capgemini, Sogeti, IDC and Politecnico di Milano (2023), The eGovernment Benchmark 2023, European Commission, Directorate-General for Communications Networks, Content and Technology, https://digital-strategy.ec.europa.eu/en/library/egovernment-benchmark-2023.

[3] European Commission (2023), Serbia 2023 Report, Directorate-General for Neighbourhood and Enlargement Negotiations, Brussels, https://neighbourhood-enlargement.ec.europa.eu/document/download/9198cd1a-c8c9-4973-90ac-b6ba6bd72b53_en?filename=SWD_2023_695_Ser.

[15] Eurostat (2024), “E-commerce sales of enterprises by size class of enterprise”, Enterprises with E-Commerce Sales, https://ec.europa.eu/eurostat/databrowser/view/isoc_ec_esels/default/table?lang=en&category=isoc.isoc_e.isoc_ec. (accessed on 15 May 2024).

[10] Eurostat (2024), “E-government activities of individuals via websites”, Internet Use Obtaining Information from Public Authorities Web Sites (last 12 months), https://ec.europa.eu/eurostat/databrowser/view/isoc_ciegi_ac/default/table?lang=en (accessed on 15 May 2024).

[18] Eurostat (2024), “Individuals- internet use”, Last Internet Use in the Last 3 Months, https://ec.europa.eu/eurostat/databrowser/view/isoc_ci_ifp_iu/default/table (accessed on 15 May 2024).

[5] Eurostat (2024), Individuals’ Level of Digital Skills (from 2021 onwards), https://ec.europa.eu/eurostat/databrowser/view/isoc_sk_dskl_i21__custom_9882830/bookmark/table?lang=en&bookmarkId=ca727989-dcca-4872-9a11-051d8950f01e (accessed on 15 May 2024).

[24] Government of the Grand Duchy of Luxembourg (2024), Guichet.lu, https://guichet.public.lu/en/citoyens/actualites/2022/decembre/05-services-publics-depuis-autre-pays-europeen.html (accessed on 15 May 2024).

[25] Government of the United Kingdom (2019), Gov.UK, https://www.gov.uk/government/publications/cyber-security-skills-strategy/initial-national-cyber-security-skills-strategy-increasing-the-uks-cyber-security-capability-a-call-for-views-executive-summary (accessed on  April 2024).

[22] KANTAR (2023), Citizens’ Perception of Personal - Public Opiniion Research, Kantar Serbia, TMG Insights, https://www.poverenik.rs/images/stories/dokumentacija-nova/Publikacije/Prezentacija_rezultati_istra%C5%BEivanja_OEBS-Poverenik-Kantar/041223_Report_Citizens_Perception_of_Personal_Data_Protection_050723.pdf.

[20] Marinković T., B. (2022), Challenges in Applying Extended Producer Responsibility Policies in Developing Countries: A Case Study in e-Waste Management in Serbia, Conference: 9th International ConferenceonSustainable Solid WasteManagementAt: Corfu, Greece, https://www.researchgate.net/publication/369377340_Challenges_in_applying_extended_producer_responsibility_policies_in_developing_countries_A_case_study_in_e-waste_management_in_Serbia.

[16] Matijević, M. and M. Šolaja (2022), ICT in Serbia - At a Glance, Vojvodina ICT Cluster, https://vojvodinaictcluster.org/wp-content/uploads/2022/12/ICT-in-Serbia-At-a-Glance-2022.pdf.

[14] MIT (2022), 2022 Annual Report of the Action Plan for the Implementation of the Strategy for Information Society Development and Information Security for the Period from 2021-2023, https://www.mit.gov.rs/tekst/702/sektor-za-informaciono-drustvo-i-informacionu-bezbednost.php.

[11] MPALSG (2023), Mid-Term Review and Evaluation of the Impact of the Action Plan (2021-2025) for the Implementation of the Public Administration Reform Strategy in the Republic of Serbia (2021-2030) - Evaluation Period: January 2021 - June 2023, http://mduls.gov.rs/wp-content/uploads/Mid-Term-evaluation-AP-PARS-Final-Report_ENG-FINAL.docx.

[12] Mysun En Natour, A. (2022), Ex-post Analysis of the Electronic Government Development Programme in the Republic of Serbia for the Period 2020-2022, project: EuropeAid/137928/DH/SER/RS, http://mduls.gov.rs/wp-content/uploads/External-ex-post-analysis-E_Gov-Program-2020_2022_ENG.docx.

[1] OECD (2021), Competitiveness in South East Europe 2021: A Policy Outlook, Competitiveness and Private Sector Development, OECD Publishing, Paris, https://doi.org/10.1787/dcbc2ea9-en.

[17] Oxford Insights (2023), Government AI Readiness Index, https://oxfordinsights.com/wp-content/uploads/2023/12/2023-Government-AI-Readiness-Index-2.pdf.

[8] Page, M. et al. (2023), 2023 Open Data Maturity Report, Publications Office of the European Union, https://doi.org/10.2830/384422.

[21] Poverenik (2022), Annual Report, Commissioner for information of public importance and protection of personal data, https://www.poverenik.rs/images/stories/dokumentacija-nova/izvestajiPoverenika/2022/Godi%C5%A1nji_izve%C5%A1taj_2022_-_16_03_2023.pdf.

[6] RATEL (2023), Overview of the Electronic Communications Market in the Republic of Serbia - Third Quarter of 2023, Regulatory Body for Electronic Communications and Postal Services (RATEL), https://ratel.rs/cyr/page/cyr-kvartalni-podaci-elektronske-komunikacije.

[7] RS (2024), By the End of 2025, Every Place in Serbia will Have High-Speed Internet, https://www.srbija.gov.rs/vest/en/219369/by-the-end-of-2025-every-place-in-serbia-will-have-high-speed-internet.php.

[4] RS (2023), Serbia One of Leaders in Development of Artificial Intelligence, https://www.srbija.gov.rs/vest/en/217170/serbia-one-of-leaders-in-development-of-artificial-intelligence.php.

[23] RS (2022), Economic Reform Programme 2022-2024, Government of the Republic of Serbia, https://rsjp.gov.rs/wp-content/uploads/Economic-Reform-Programme-2022-2024.pdf.

[13] Serbia Monthly (2023), New The Innovation Hub of the Center for Digital Transformation (CDT) Opened in December, https://serbiamonthly.com/new-the-innovation-hub-of-the-center-for-digital-transformation-cdt-opened-in-december/ (accessed on 10 July 2024).

[2] Statistical Office of the Republic of Serbia (2024), Gross Value Added by Activities, NACE Rev. 2 (% of GDP), https://data.stat.gov.rs/?caller=SDDB&languageCode=en-US (accessed on 15 May 2024).

[19] Statistical Office of the Republic of Serbia (2024), STAT Database, https://data.stat.gov.rs/?languageCode=en-US (accessed on 15 May  2024).