The Ministry of Justice of the Republic of Uzbekistan, in cooperation with the Central Bank, has officially registered regulations establishing minimum requirements for information security and cybersecurity in the provision of remote financial services to individuals by credit and payment organizations, as well as payment system operators.
The regulation was registered on January 21, 2026, under registration number 3759, and is aimed at strengthening the protection of citizens against fraud in the online lending sector.
Under the new rules, if an online loan is issued in a citizen’s name as a result of fraudulent activity, the credit institution is required to suspend the calculation of interest and the collection of the loan. This measure applies when the individual is officially recognized as a victim based on a decision by an investigator, prosecutor, or a court ruling.
At the same time, credit institutions are granted the right to recover the material damage caused by the fraud from the perpetrator through a recourse (regress) claim.
If a credit institution suspects a fraud case, it may file a complaint and initiate a review in accordance with procedures established by current legislation.
In cases where inquiry results, preliminary investigations, or court decisions confirm that no fraud has occurred, the credit institution is entitled to resume the calculation of interest and the collection of the online loan in the prescribed manner.