CoE Framework Convention signatory
This content is for informational and educational purposes only and does not constitute legal advice.
On 6 October 2025, the Decision No. 573 establishing an audio-visual content regulatory code, including fair marketing and advertising practice requirement, entered into force. The code applies to all television and radio broadcasters, video-on-demand platforms, and video-sharing services under Romanian jurisdiction. The code establishes advertising restrictions across multiple categories and mandates that alcohol advertising is prohibited between 6 am and 10 pm and that all alcohol advertisements must end with the warning "Excessive alcohol consumption is seriously harmful to health." The code also provides that medicine advertising requiring prescriptions is banned entirely, and permitted medicine promotion must include an audible warning to read the leaflet carefully and include additional written warnings. It also provides that endorsements of medicines, medical treatments, homoeopathic products, medical devices, and food supplements are prohibited in programs for minors. The code mandates specific awareness messages covering autism screening, vaccination, and addiction prevention.
On 20 August 2025, the National Cyber Security Directorate (DNSC) Order No. 2/2025 for the approval of the Criteria and thresholds for determining the degree of service disruption and the methodology for assessing the risk level of entities enters into force. The order was issued pursuant to Government Emergency Ordinance No. 155/2024 on establishing a framework for the cybersecurity of networks and information systems in the national civil cyberspace, as amended by Law No. 124/2025, and Government Emergency Ordinance No. 104/2021 on the establishment of the DNSC, as amended by Law No. 11/2022. The Government Emergency Ordinance transposes into national legislation the European Union Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive). The Order defines service disruption as interruption or impairment of confidentiality or functionality and requires entities not classified as essential or important to evaluate disruption levels across all services listed in Annexes 1 and 2 of Government Emergency Ordinance No. 155/2024. It establishes three impact categories, high, medium, and low, based on consequences for fundamental rights, the national economy, health and life, financial stability, defence, public order, national security, and trans sectoral or cross-border impact within the European Union. Thresholds include compromise of personal data affecting more than one million individuals, economic damage exceeding 0.1% of GDP, or health effects on more than 115'000 persons. The Methodology requires the calculation of a baseline risk score using sectoral values, entity size, impact and probability parameters, and typologies of cyberattacks by common- and extended-capability actors, with recalculation every three years or when disruption thresholds are exceeded.
On 20 August 2025, the National Cyber Security Directorate (DNSC) Order No. 1/2025 for the approval of the requirements regarding the notification process for the registration of essential and important entities and the method of transmitting information entered into force. The order was adopted on the basis of Government Emergency Ordinance No. 155/2024 on establishing a framework for the cybersecurity of networks and information systems in the national civil cyberspace, approved with amendments by Law No. 124/2025, and Government Emergency Ordinance No. 104/2021 on the establishment of the National Cyber Security Directorate, approved with amendments by Law No. 11/2022, with subsequent amendments. The Government Emergency Ordinance transposes into national legislation the European Union Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive). The requirements proceduralise and standardise the notification process for registration in the register of entities identified as essential or important, establish the method of transmitting information, introduce the NIS2 Tool and the NIS2 Platform as mechanisms for evaluation and notification, and provide the structure of the notification form covering general data, specific data, specific situations, attached documents, preliminary assessment, and entity representation.
On 11 August 2025, the National Cyber Security Directorate (DNSC) adopted Order No. 2/2025 for the approval of the Criteria and thresholds for determining the degree of service disruption and the methodology for assessing the risk level of entities. The order was issued pursuant to Government Emergency Ordinance No. 155/2024 on establishing a framework for the cybersecurity of networks and information systems in the national civil cyberspace, as amended by Law No. 124/2025, and Government Emergency Ordinance No. 104/2021 on the establishment of the DNSC, as amended by Law No. 11/2022. The Government Emergency Ordinance transposes into national legislation the European Union Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive). The Order defines service disruption as interruption or impairment of confidentiality or functionality and requires entities not classified as essential or important to evaluate disruption levels across all services listed in Annexes 1 and 2 of Government Emergency Ordinance No. 155/2024. It establishes three impact categories, high, medium, and low, based on consequences for fundamental rights, the national economy, health and life, financial stability, defence, public order, national security, and trans sectoral or cross-border impact within the European Union. Thresholds include compromise of personal data affecting more than one million individuals, economic damage exceeding 0.1% of GDP, or health effects on more than 115'000 persons. The Methodology requires the calculation of a baseline risk score using sectoral values, entity size, impact and probability parameters, and typologies of cyberattacks by common- and extended-capability actors, with recalculation every three years or when disruption thresholds are exceeded.
On 11 August 2025, the National Cyber Security Directorate (DNSC) adopted Order No. 1/2025 for the approval of the requirements regarding the notification process for the registration of essential and important entities and the method of transmitting information. The order was adopted on the basis of Government Emergency Ordinance No. 155/2024 on establishing a framework for the cybersecurity of networks and information systems in the national civil cyberspace, approved with amendments by Law No. 124/2025, and Government Emergency Ordinance No. 104/2021 on the establishment of the National Cyber Security Directorate, approved with amendments by Law No. 11/2022, with subsequent amendments. The Government Emergency Ordinance transposes into national legislation the European Union Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive). The requirements proceduralise and standardise the notification process for registration in the register of entities identified as essential or important, establish the method of transmitting information, introduce the NIS2 Tool and the NIS2 Platform as mechanisms for evaluation and notification, and provide the structure of the notification form covering general data, specific data, specific situations, attached documents, preliminary assessment, and entity representation.
On 7 August 2025, the Decision No. 573 establishing an audio-visual content regulatory code, including age verification requirements, entered into force. The code applies to all television and radio broadcasters, video-on-demand platforms, and video-sharing services under Romanian jurisdiction. It imposes minor protection rules requiring consent and age-based programme classification with visual warnings and time-slot restrictions. It provides that minors under 14 require written parental consent for program participation except for cultural events and sports competitions. Minors over 16 need explicit consent with identification elements removed upon request. The classification system creates five categories, including unrestricted programs, programs requiring parental consent for children under the age of 12, programs prohibited for children under 12, programs prohibited for children under 15, programs prohibited for children under 18, and 18+ pornographic programs banned entirely for Romanian providers. The code provides that each category requires permanent visual warning signs using white circles with appropriate symbols and minimum font sizes. Programs containing violence, sexual content, or degrading situations are banned between 6.00 pm to 11.30 pm, except for fiction films and documentaries under conditional access. It also mandates that on-demand services must use parental control systems and traditional broadcasters must use conditional access systems to restrict minor access to harmful content.
On 7 August 2025, Decision No. 573 establishing an audio-visual content regulatory code, including user rights, entered into force. The code applies to all television and radio broadcasters, video-on-demand platforms, and video-sharing services under Romanian jurisdiction. The code establishes accessibility requirements for disabled viewers, mandating that broadcasters ensure at least 10% of broadcasting time includes programs accessible to people with visual or hearing impairments in 2025, increasing to 20% in 2026, 35% in 2027, and maintaining 35% from 2028 onwards. The code also provides that on-demand audio-visual media service providers must meet the same percentage targets for audio-visual programs available in their catalogues. The code specifies that accessibility should be achieved through sign language, subtitling, audio description and other technical modalities that will be offered by digital technology.
On 7 August 2025, the Decision No. 573 establishing an audio-visual content regulatory code, including local content requirements, entered into force. The code applies to all television and radio broadcasters, video-on-demand platforms, and video-sharing services under Romanian jurisdiction. The code mandates a minimum of 50% of broadcasting time for European works, excluding time devoted to information, sports events, games, advertising, teletext and teleshopping services. Additionally, they must reserve at least 10% of broadcasting time or 10% of their programming budget for European works created by independent producers, with the same exclusions. For on-demand services, the code requires promotion of European works by highlighting them through specially dedicated sections accessible from the home page, search tools, or ensuring a minimum percentage of European works are promoted from their catalogue.
On 7 August 2025, the Decision No. 573, establishing an audio-visual content regulatory code, including content moderation regulation, entered into force. The regulation applies to all television and radio broadcasters, video-on-demand platforms, and video-sharing services under Romanian jurisdiction. The code establishes content restrictions and removal obligations across multiple categories. The code prohibits broadcasting any form of incitement to national, racial or religious hatred, discrimination, genocide, war crimes, racist, anti-Semitic or xenophobic manifestations. Statements that are intimidating, hostile, degrading, defamatory, humiliating or offensive to groups defined by sex, gender, race, ethnicity, religion, disability, age, sexual orientation or disease are banned. The regulation prohibits apologetic presentation, denial or ridicule of totalitarian, Nazi and communist regimes and their crimes. Violence restrictions include banning programs containing gratuitous violence, repeated physical, psychological or verbal violence, and cruelty to animals outside of fiction and documentaries. Drug-related content promoting drug use is prohibited, with detailed drug use presentations banned in news and reports. The code requires providers of video-sharing platforms to take appropriate measures to protect minors from harmful content, including pornography and gratuitous violence.
Last updated: 06/10/2025