AmCham acknowledges and welcomes the Government of Albania’s efforts and public investments in the digitalization of public services, including the development of e-Albania, as an important step toward modernizing public administration and improving service delivery. However, as government digital systems manage highly sensitive data, the absence of continuous auditing, security, and compliance with international standards poses serious risks to economic stability, business continuity, operational integrity, and national security.
AmCham is particularly concerned by consistent feedback received from its members following recent developments related to AKSHI. According to member reports, several e-Albania services are currently operating erratically and do not meet the operational needs of businesses, nor for citizens. These concerns include service outages, delays, limited accessibility during peak hours, and unpredictable system performance, all of which directly disrupt normal business operations. Such interruptions have a tangible and immediate negative impact on companies’ ability to comply with regulatory obligations, serve customers, and conduct day-to-day operations.
This is of particular importance to us, as AmCham represents substantial number of member companies operating within the Information Communication Technologies (ICT) ecosystem, and other ICT-related sectors. Many of these members internationally certified, comply with high security and regulatory standards, and some are fully vetted and authorized to provide services to the United States Government. Despite this strong domestic and international expertise, along with the issues mentioned above, AmCham members also report persistent concerns regarding public procurement processes and transparency in the ICT sector. These concerns affect, fair competition, and the effective use of public funds, while increasing risks related to the management and protection of highly sensitive data. Such data include information related to public institutions, businesses, citizens’ personal and property records, as well as other information of critical importance to the functioning of the state and the economy.
By comparison, in the United States and other advanced economies, companies involved in government ICT and sensitive systems are subject to strict vetting, security clearance requirements, and financial controls, including limitations on profit margins to ensure transparency, efficiency, and the protection of taxpayers’ money.
AmCham therefore urges the Government to take immediate corrective measures to ensure the uninterrupted, stable, and reliable functioning of all e-Albania services, with particular attention to services critical for business operations and procurement.
In the short term, AmCham proposes the following immediate actions:
- AmCham proposes the establishment of a legally mandated framework for periodic and independent IT and cybersecurity audits of all critical e-Government platforms, conducted in accordance with international standards and EU best practices, including ISO/IEC 27001, ISO/IEC 22301, NIST, SOC 2, and ENISA guidelines, with executive summaries made available to relevant stakeholders.
- Security Clearance, Vetting, and Access Controls: AmCham suggests strengthening the effectiveness and maturity of existing mechanisms for security authorization, vetting, and access control within government ICT systems, in line with the current legal framework on information security, state database management, classified procurement, and public procurement law. Acknowledging AKSHI’s established practices, AmCham recommends assessing and further enhancing these measures, including role-based access control, in alignment with the EU NIS2 Directive and best practices of EU Member States.
- High-Availability, Resilience, and Continuity Standards: Define and enforce minimum service-level requirements (SLAs) for uptime, recovery time, and performance for all critical systems, including redundancy, disaster recovery, and business continuity capabilities, in line with ISO/IEC 22301 and the EU’s Digital Operational Resilience principles.
- AmCham suggests enhancing the effectiveness and maturity of existing ICT procurement procedures, in line with the current legal framework on information security, state database management, classified procurement, and public procurement law. Acknowledging AKSHI’s existing practices, AmCham recommends strengthening merit-based evaluation through clearer weighting of technical criteria, certifications, experience, and security posture, in accordance with EU Public Procurement Directives.
- Structured Communication and Mandatory Incident Disclosure: Establish formal mechanisms to notify businesses and citizens of planned maintenance, incidents, and service disruptions, including estimated resolution times and post-incident reports, consistent with NIS2 incident reporting obligations.
- Regulated System Integration Framework: Create a secure and regulated framework enabling authorized private-sector systems to integrate with e-Government platforms where appropriate, under strict compliance with the EU General Data Protection Regulation (GDPR), eIDAS / eIDAS2, cybersecurity standards, and defined access-control rules, to support automation and reduce administrative burden.
AmCham stands ready to cooperate with the Government by providing technical expertise and sharing international best practices, particularly those applied in the United States, to help strengthen governance, minimize corruption risks, protect sensitive data, and enhance national and economic security.