Digital Infrastructure Projects in Ukraine

Digital Infrastructure Projects in Ukraine

Ukraineʼs digital infrastructure — from data transmission networks and e-government platforms to smart city systems and data processing facilities — is both a reconstruction priority and an investment opportunity. For international investors, lenders, and operators, the legal pathway to digital infrastructure projects in Ukraine involves three interconnected areas that require careful structuring from the outset: critical infrastructure designation and its legal implications, PPP and concession frameworks for digital assets, and project financing structures that satisfy the requirements of international lenders.

We advise international investors, lenders, development institutions, and their counsel on the Ukrainian law dimension of digital infrastructure projects — drawing on our experience in aviation and transport infrastructure (→ Airport Infrastructure), structured finance, and regulatory compliance to bring practical, transaction-tested legal support to digital infrastructure mandates.

Legal and regulatory framework

Digital infrastructure in Ukraine operates under a layered regulatory framework:

  • Critical infrastructure — the Law on Critical Infrastructure No. 1882-IX establishes designation criteria, ownership obligations, and security requirements, including for categories of digital and communications infrastructure
  • PPP and concession — the Law on Public-Private Partnership No. 2404-VI and the Law on Concession No. 155-IX provide the primary basis for private investment in state and municipal digital assets
  • Project financing — the Civil Code of Ukraine, security interest legislation on pledge and encumbrances with applicable registration requirements, and the NBU framework for cross-border capital flows
  • EU accessionNIS2 Directive implementation, Cyber Resilience Act alignment, and Digital Single Market convergence are introducing new obligations for operators of critical and digital infrastructure

NIS2 expressly covers digital infrastructure — cloud service providers, data centre operators, content delivery networks, trust service providers, and providers of public electronic communications networks. Its obligations reach further than a compliance checklist: risk management measures proportionate to the risk; a 24-hour early warning and 72-hour incident notification with a final report within one month; supply chain security, making the operator responsible for its direct suppliers; management accountability, with governing bodies personally exposed for non-compliance; and registration with the competent national authority.

For investors and lenders, the practical consequence is that NIS2 alignment is not a post-closing operational matter — it affects the diligence scope, the representations and warranties, the allocation of compliance cost and liability between the parties, and the covenant package in financing documentation. We structure projects so that these obligations are identified, allocated, and priced at the outset rather than discovered after closing.

This page covers critical infrastructure designation, PPP and concession structures, and project financing for digital infrastructure. For IT contract structuring in digital infrastructure projects → IT Contracts and Software Transactions. For data protection obligations of digital infrastructure operators → Data Protection and Digital Compliance.

Choosing the structure — PPP, concession, or direct investment

Investors frequently approach a Ukrainian digital infrastructure opportunity with a preferred structure already in mind, only to find that the ownership status of the asset or the role envisaged for the private party rules it out. The three routes differ in ways that are decisive for both the commercial return and the financing.

ElementPPPConcessionDirect investment
Governing lawLaw on PPP No. 2404-VILaw on Concession No. 155-IXCivil Code; Law on Investment Activity; sectoral regulation
Asset ownershipRemains with the state or municipalityRemains with the grantor; operator holds a right of usePrivate ownership of the asset or the project company
Typical term5 to 50 years5 to 50 yearsIndefinite; determined by the investor
Selection procedureCompetitive tender; feasibility study and PPP decision requiredCompetitive concession tender; concession decision requiredNo public procurement route; ordinary corporate acquisition
Revenue mechanicsAvailability payments, user charges, or a combination; state support possiblePredominantly user charges; state may pay for availabilityFully commercial; investor bears demand risk
State obligationsDefined in the PPP agreement; state support and guarantees possibleDefined in the concession agreement; compensation on early terminationNone beyond general investment protection
Security over the assetLimited; typically over project company shares, receivables, and agreement rightsSame limitation; concession rights pledgeable subject to grantor consentFull security package available over the asset itself
BankabilityDepends on the state payment obligation and step-in rightsDepends on demand risk allocation and termination compensationStrongest, subject to critical infrastructure restrictions
ExitTransfer of the private partnerʼs rights requires state consentConcession transfer requires grantor consentShare or asset sale; regulatory approval if designated critical

The practical point: the structure is not freely chosen. Where the asset is state or municipal property, PPP or concession is the only available route, and the question becomes which of the two the public authority is prepared to run and which produces a financeable risk allocation. Where the asset is or can be privately held, direct investment offers a materially stronger security package — but critical infrastructure designation can reintroduce restrictions on ownership, control, and exit that resemble the constraints of a concession. We assess the available structures against the assetʼs actual legal status before any commercial position is taken.

Scope of services

Critical infrastructure designation

  • Designation criteria — whether a specific digital asset meets the threshold
  • Legal implications — ownership restrictions, security obligations, regulatory interaction
  • Foreign ownership and control analysis for designated assets
  • Investment structuring — shareholding, governance, control arrangements
  • Interaction with the National Coordination Centre for Cybersecurity and sector regulators
  • Exit structuring for investments in designated assets

PPP and concession structures

  • PPP framework analysis — applicable law and available models
  • Concession agreement structuring — scope, term, investment obligations, revenue mechanics
  • Allocation of regulatory and permitting responsibilities
  • Bankability analysis from the perspective of international lenders
  • Procurement compliance and negotiation support with state counterparties
  • Investment protection — BIT coverage and stabilization provisions
  • Heads of terms, draft agreements, and ancillary instruments

Project financing — Ukrainian law input

  • Ukrainian law legal opinions for digital infrastructure financing
  • Security interest creation, registration, and enforceability
  • Project company structuring — corporate, tax, regulatory
  • Regulatory risk — permits, licences, approvals for operation
  • Force majeure, change of law, and compensation provisions
  • Interaction between financing documentation and PPP or concession terms
  • Conditions precedent and pre-closing regulatory steps
  • Enforcement analysis — practical recovery options for lenders

NIS2 and cybersecurity compliance

  • Scoping — whether the operator falls within NIS2 categories
  • Risk management measures — gap assessment against the directive
  • Incident reporting — 24-hour and 72-hour obligations built into procedures
  • Supply chain security — flow-down into procurement and IT contracts
  • Management accountability — governance and board exposure
  • Allocation of compliance cost and liability in transaction documents

Work algorithm

Step 1 — Project and asset assessment. We review the proposed project, the assetʼs regulatory status, and the parties involved — identifying the key Ukrainian law issues from the outset, including whether critical infrastructure designation applies or is likely.

Step 2 — Regulatory and ownership mapping. We map the applicable regulatory framework, ownership and control restrictions, licensing requirements, and any security or reporting obligations that attach to the asset or its operator.

Step 3 — Structure design. We develop a legal structure for the investment or financing that is compatible with Ukrainian administrative and regulatory requirements, bankable for international lenders, and aligned with the clientʼs commercial objectives.

Step 4 — PPP or concession framework assessment. Where the project involves a state or municipal asset, we assess the applicable framework, advise on the procurement pathway, and identify the key commercial and legal issues for negotiation.

Step 5 — Financing structure analysis. We analyse the proposed financing from a Ukrainian law perspective — security interests, enforceability, regulatory risk, conditions precedent — and provide the legal opinions required by international lenders.

Step 6 — Documentation. We draft, review, and negotiate the project documentation — PPP or concession agreements, financing agreements, security documents, and ancillary instruments — ensuring alignment with both Ukrainian law and international standards.

Step 7 — Regulatory execution and implementation support. We manage the regulatory track, support the client through licensing and permitting, and provide ongoing legal advice as the project develops.

Who we work with

We act as Ukrainian Local Counsel for international parties involved in digital infrastructure investment, development, and financing.

Our clients include:

  • International investors and infrastructure funds assessing post-war digital infrastructure opportunities
  • International lenders and development finance institutions financing digital infrastructure projects
  • International law firms advising foreign clients on digital infrastructure investment and PPP structures
  • Technology companies and platform operators investing in or operating Ukrainian digital infrastructure assets
  • Development institutions and IFIs — EBRD, IFC, EIB — requiring Ukrainian law input on project structures

Typical situations we handle:

  • An investor evaluating a PPP opportunity involving a state-owned digital asset — legal and regulatory assessment of the available models
  • A lender financing a digital infrastructure project — Ukrainian law opinions on security enforceability and regulatory risk
  • A technology company that acquired a digital asset — implications of critical infrastructure designation for ownership and operations
  • An IFI structuring a grant or loan facility — local law input on the project company structure and financing conditions
  • An international law firm advising on a digital infrastructure investment — Local Counsel for regulatory and transaction support

Key experts

Anna Tsirat

Anna Tsirat

Doctor of Laws — Infrastructure project structuring, PPP and concession arrangements, project financing legal opinions, regulatory risk analysis

Kateryna Tsirat

Kateryna Tsirat

PhD — Regulatory compliance, digital law, administrative proceedings, licensing for technology and infrastructure businesses

Dmytro Salatiuk

Dmytro Salatiuk

Procurement dispute resolution, challenge proceedings, enforcement of infrastructure contracts in Ukrainian administrative and commercial courts

FAQ: Digital Infrastructure Projects in Ukraine

What legal framework governs PPP arrangements for digital infrastructure in Ukraine?

PPP arrangements are governed primarily by the Law on Public-Private Partnership and the Law on Concession. These provide the legal basis for private investment in state and municipal assets through long-term partnership agreements. The applicable framework depends on the ownership structure of the asset, the nature of the private partyʼs role, and sector-specific regulatory requirements. We assess the most appropriate model for the specific asset and advise on the legal pathway to implementation.

What are the legal consequences of critical infrastructure designation for a digital asset?

Designation triggers a range of obligations: enhanced cybersecurity requirements, mandatory incident reporting to state authorities, restrictions on the transfer of ownership or control without regulatory approval, and potential limitations on foreign ownership of controlling interests. For investors, these implications affect investment structuring, financing conditions, and exit options. We assess the designation status of specific assets and advise on structuring arrangements that manage these implications.

Can foreign investors own and operate designated critical digital infrastructure in Ukraine?

Foreign investors can participate, but the ownership and control structure requires careful analysis and structuring. Restrictions on foreign control of designated critical infrastructure vary by sector and asset category. Investment structuring — shareholding arrangements, governance mechanisms, security arrangements — must comply with applicable restrictions while protecting the investorʼs commercial interests and remaining bankable for international lenders.

What security interests can international lenders take over digital infrastructure assets in Ukraine?

Lenders can take security over a range of assets — shares in the project company, movable assets, receivables, and rights under project agreements. Creation, registration, and enforcement under Ukrainian security interest legislation requires compliance with specific formal requirements. For PPP and concession arrangements, the interaction between security over project assets and the terms of the underlying state agreement requires careful analysis. We provide enforceability opinions and structure security packages that satisfy lender requirements.

How does Ukraineʼs EU accession process affect digital infrastructure regulation?

Accession is introducing significant changes — alignment with NIS2 cybersecurity requirements, the EU Cyber Resilience Act, and the broader Digital Single Market framework. NIS2 in particular expands the range of covered operators and imposes defined risk management measures, a 24-hour early warning and 72-hour incident notification timeline, supply chain security obligations, and management accountability. These changes affect operator obligations and the regulatory risk profile of infrastructure investments.

How does digital infrastructure project financing interact with Ukrainian currency control?

Cross-border financing flows are subject to NBU currency control regulations — registration of foreign loans, limitations on interest rate terms, and mandatory reporting of cross-border capital flows. These requirements interact with the financing documentation and affect the structuring of loan agreements, security arrangements, and distributions to foreign investors. We advise on NBU compliance as an integrated element of project financing structuring.

Ready to proceed?

We will assess your digital infrastructure project and advise on the most effective legal path forward.

📧 kyiv@jvs.law 📞 +38 (093) 002-82-50