Access Alert: Belgian Public Consultation on the Implementation of the EU NIS2 Directive

Access Alert: Belgian Public Consultation on the Implementation of the EU NIS2 Directive

The Belgian Center for Cybersecurity (CCB) has launched a public consultation on a preliminary draft Law Establishing a Framework for the Cybersecurity of Networks and Information Systems of General Interest for Public Security (“Belgian NIS2 Law”), as well as on the draft Royal Decree implementing it.

The preliminary draft Law and the draft Royal Decree aim to transpose domestically Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 concerning measures intended to ensure a common high level of cybersecurity in the Union (“NIS2 Directive”). EU Member States must adopt and publish the measures necessary to comply with the NIS 2 Directive by 17 October 2024.

The Belgian NIS2 Law sets, on the one hand, obligations with regard to national cybersecurity policies and, on the other hand, imposes requirements for certain entities (essential entities and important entities) in terms of management of cybersecurity risks and incident reporting.

NIS2 eliminates the distinction between operators of essential services and digital service providers – entities would now be classified based on their importance and divided into two categories: essential and important entities. The following services are considered of high criticality:

  • Digital infrastructure (internet exchange points; DNS service providers; TLD name registries; cloud computing service providers; data centre service providers; content delivery networks; trust service providers; providers of public electronic communications networks and publicly available electronic communications services);
  • ICT service management (managed service providers and managed security service providers);
  • Public administration; and
  • Space

Essential and important entities must take appropriate and proportionate measures to manage risks that threaten the security of the networks and information systems that these entities use in the course of their activities or the provision of their services, as well as to eliminate or reduce the consequences of incidents on the recipients of their services and on other services. Within those, digital infrastructure, public administration, and space are essential entities, while digital providers are considered as important entities.

Essential entities will be required to meet supervisory requirements as of the introduction of NIS2, while the important entities will be subject to ex-post supervision, whereby authorities can take action once they receive evidence of non-compliance.

The Belgian Center for Cybersecurity has invited stakeholders to provide comments on the proposed measures by 21 December 2023.

Cyber-attacks are among the fastest-growing form of crime worldwide in terms of scale, cost, and sophistication. Organisations should start preparing by defining their compliance roadmap and optimising their cybersecurity awareness. If you are interested in learning more about Belgian legislation or require support in sending comments to CCB, please contact Chrystel Erotokritou, Compliance Manager, at [email protected] or Juliana Ramirez, Senior Manager, at [email protected].

Related Articles

AI for All in Thailand: Building an AI-ready economy with Google

AI for All in Thailand: Building an AI-ready economy with Google

อ่านบทความนี้เป็นภาษาไทย A doctor in Bangkok analyzes medical images with AI, leading to a faster, more accurate diagnosis for her patient....

19 Dec 2024 AI Policy Lab
The Role of Earth Observation in Combating Desertification in Middle Eastern Countries

The Role of Earth Observation in Combating Desertification in Middle Eastern Countries

This month’s UNCCD COP16 in Riyadh marked a pivotal moment in combating global land degradation and drought, with outcomes including...

13 Dec 2024 Opinion
Access Alert: Enhancing Efficiency in India’s Logistics Through AI and Digital Integration

Access Alert: Enhancing Efficiency in India’s Logistics Through AI and Digital Integration

A recent panel discussion at the Bengaluru Tech Summit 2024 on 20 November 2024 focused on the transformative role of...

29 Nov 2024 Opinion
Access Alert: How Will Deepfake Regulations in APAC Impact Your Business?

Access Alert: How Will Deepfake Regulations in APAC Impact Your Business?

The rise of deepfakes – AI-generated content that manipulates audio, video, or images to create realistic but false representations –...

29 Nov 2024 Opinion