BEL FEB NIS2 Cybersecurity Demands


On Apr. 17, BEL FEB informed of NIS2 dir cybersecurity obligations.


  • BEL FEB explained what the NIS2 dir cybersecurity obligations mean for companies.
  • Follows EU CNCL Dec 2022 issued final NIS2 Dir 2022/2555 in the OJ, see #137905.
  • Main Points
  • Due to an extended scope, more companies from different sectors will fall under the directive's scope, for BEL the number of companies concerned was estimated at 3,000.
  • Extended obligations will include appropriate, proportionate technical, operational and organizational measures by companies to secure their network, information systems.
  • Companies will also need to monitor supply chain security for any significant risks.
  • Members of governing bodies should undergo training to identify and manage risks.
  • Strengthening of incident reporting requirements, enforcement, audit, liability, fines.
  • Cyberfundamentals Framework
  • While BEL GVT is preparing NIS2's transposition, BEL FEB urged firms not to wait.
  • The center for cyber security Belgium developed the cyberfundamentals framework.
  • It offers helpful ideas and depending on the size of the companies, very detailed and concrete measures are offered to protect data as well as significantly reduce the risk.
  • Re the most common cyberattacks and increase the organization's cyber resilience.
  • Apr. 2024 Bill Adopted
  • On Apr. 12, 2024, BEL PRL adopted bill 55K3862 establishing a framework for the cybersecurity of network, information systems of general interest for public security.
  • Like the NIS2 directive it transposed, the law will strengthen cybersecurity measures.
  • Data management incidents and supervision of entities providing services essential to maintaining critical social, economic activities and coordinates cybersecurity policies.
  • The provisions of the adopted bill on NIS2 dir will enter into force on Oct. 18, 2024.
  • BEL FEB offered an overview of the bill, on Apr. 10, 2024, which will apply to to entities established in Belgium and active in one of the 18 sectors listed in the dir's annexes.
  • These critical sectors are energy, transport, the banking sector and financial market infrastructures, health, drinking water, digital infrastructure and digital providers.
  • Public administration, postal and shipping services, manufacturing, production and distribution of chemicals, production, processing and distribution of food, research.
  • Targeted companies will have to implement various measures in order to correctly analyze the risks of cyber incidents and manage them correctly if they occur.
  • Ensuring business continuity, security of the supply chain, including relationships between each entity i.e. suppliers/direct service providers; internal training programs.
  • Internal training on cybersecurity will start with the training of company managers.
  • Options for compliance include certification according to the ISO 27001 standard.
  • Or under the Cyberfundamentals framework by the Center for Cybersecurity Belgium.
  • Apr. 2024 Adopted Text
  • On Apr. 19, 2024, BEL PRL issued text adopted by plenary session which is identical to the text adopted by the committee, of Apr. 18, 2024, and submitted for royal assent.
  • May 2024 Act Published
  • On May 17, 2024, BEL GVT issued Law establishing a framework for the cybersecurity of network and information systems of general interest for public security.
  • Law provides for implementation of NIS2 and is in force from Oct. 18, 2024.
  • Document dated May 17, 2024, was added on Jun. 24, 2024 due to editorial backfill.
  • Jun. 2024 Implementing Royal Decree
  • On Jun. 24, 2024, BEL GVT published Royal Decree of Jun. 9, 2024, implementing the Law of Apr. 26, 2024 establishing a framework for the cybersecurity of network and information systems of general interest for public security; designation of authorities.
  • The Center for Cybersecurity is designated as the national cybersecurity authority.
  • Designation of competent sectoral authorities; assessment of the entities' conformity.
  • In Sep. 2024, BEL GVT published Decree on digital sectoral authorities, see #227944.

Regulators BEL FEB; BEL PRL
Entity Types Corp
Reference OG 2024005260, 6/24/2024; Royal Decree 6/9/2024; OG 2024202344, 5/17/2024; Law 4/26/2024; PR, 4/19/2024; Bill 55K3862, PR, 4/12/2024; PR, 4/10/2024; PR, 4/17/2023; NIS2 Dir 2022/2555; DOC 55 3862/005, 4/18/2024; ESG
Functions BCS; Compliance; C-Suite; Cyber; HR; Privacy; Reporting; Risk; Technology; Training
Countries Belgium
Category
State
Products Corporate
Regions EMEA
Rule Type Final
Rule Date 4/17/2023
Effective Date 10/18/2024
Rule Id 169808
Linked to Rule :227944
Reg. Last Update 6/24/2024
Report Section EU

Last substantive update on 06/27/2024