Due to an extended scope, more companies from different sectors will fall under the directive's scope, for BEL the number of companies concerned was estimated at 3,000.
Extended obligations will include appropriate, proportionate technical, operational and organizational measures by companies to secure their network, information systems.
Companies will also need to monitor supply chain security for any significant risks.
Members of governing bodies should undergo training to identify and manage risks.
Strengthening of incident reporting requirements, enforcement, audit, liability, fines.
Cyberfundamentals Framework
While BEL GVT is preparing NIS2's transposition, BEL FEB urged firms not to wait.
It offers helpful ideas and depending on the size of the companies, very detailed and concrete measures are offered to protect data as well as significantly reduce the risk.
Re the most common cyberattacks and increase the organization's cyber resilience.
Apr. 2024 Bill Adopted
On Apr. 12, 2024, BEL PRL adopted bill 55K3862 establishing a framework for the cybersecurity of network, information systems of general interest for public security.
Like the NIS2 directive it transposed, the law will strengthen cybersecurity measures.
Data management incidents and supervision of entities providing services essential to maintaining critical social, economic activities and coordinates cybersecurity policies.
The provisions of the adopted bill on NIS2 dir will enter into force on Oct. 18, 2024.
BEL FEB offered an overview of the bill, on Apr. 10, 2024, which will apply to to entities established in Belgium and active in one of the 18 sectors listed in the dir's annexes.
These critical sectors are energy, transport, the banking sector and financial market infrastructures, health, drinking water, digital infrastructure and digital providers.
Public administration, postal and shipping services, manufacturing, production and distribution of chemicals, production, processing and distribution of food, research.
Targeted companies will have to implement various measures in order to correctly analyze the risks of cyber incidents and manage them correctly if they occur.
Ensuring business continuity, security of the supply chain, including relationships between each entity i.e. suppliers/direct service providers; internal training programs.
Internal training on cybersecurity will start with the training of company managers.
Options for compliance include certification according to the ISO 27001 standard.
Or under the Cyberfundamentals framework by the Center for Cybersecurity Belgium.
Apr. 2024 Adopted Text
On Apr. 19, 2024, BEL PRL issued text adopted by plenary session which is identical to the text adopted by the committee, of Apr. 18, 2024, and submitted for royal assent.
May 2024 Act Published
On May 17, 2024, BEL GVT issued Law establishing a framework for the cybersecurity of network and information systems of general interest for public security.
Law provides for implementation of NIS2 and is in force from Oct. 18, 2024.
Document dated May 17, 2024, was added on Jun. 24, 2024 due to editorial backfill.
Jun. 2024 Implementing Royal Decree
On Jun. 24, 2024, BEL GVT published Royal Decree of Jun. 9, 2024, implementing the Law of Apr. 26, 2024 establishing a framework for the cybersecurity of network and information systems of general interest for public security; designation of authorities.
The Center for Cybersecurity is designated as the national cybersecurity authority.
Designation of competent sectoral authorities; assessment of the entities' conformity.
In Sep. 2024, BEL GVT published Decree on digital sectoral authorities, see #227944.
Regulators
BEL FEB; BEL PRL
Entity Types
Corp
Reference
OG 2024005260, 6/24/2024; Royal Decree 6/9/2024; OG 2024202344, 5/17/2024; Law 4/26/2024; PR, 4/19/2024; Bill 55K3862, PR, 4/12/2024; PR, 4/10/2024; PR, 4/17/2023; NIS2 Dir 2022/2555; DOC 55 3862/005, 4/18/2024; ESG
Functions
BCS; Compliance; C-Suite; Cyber; HR; Privacy; Reporting; Risk; Technology; Training