Bastiaan Bruyndonckx
Information Communication Technology
Information Governance & Data Protection
Telecommunications, Media & Technology
Commercial law
Dispute Resolution
Intellectual Property (IP)
bastiaan.bruyndonckx@lydian.be
On 18 October 2024, the Belgian Act of 26 April 2024 establishing a framework for the cybersecurity of networks and information systems of general interest for public security (the NIS2 Act) transposing Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union (the NIS2 Directive) will enter into force.
The NIS2 Act updates the Belgian Act of 7 April 2019, establishing a framework for cybersecurity in networks and information systems related to public security (NIS1 Act). A Royal Decree on 9 June 2024 further implements this by appointing the Centre for Cybersecurity Belgium (CCB) as the national cybersecurity authority.
The NIS2 Directive and the Belgian NIS2 Act are major advances in combating cyber threats. Aiming to secure essential service providers from cyber attacks and disruptions, the NIS2 Act enforces stricter security measures like cybersecurity risk management, incident response, supply chain security, and incident reporting.
By implementing the NIS2 Directive, Belgium faces the task of further strengthening its cybersecurity legal framework and ensuring that both private and public sectors comply with the new requirements.
The key aspects of the Belgian NIS2 Act can be summarized as follows:
While the original NIS1 Act focused on a limited number of sectors, NIS2 Act covers a broader range of critical sectors. These include energy, transport, financial services, health, digital infrastructure, and public administration.
In Belgium, all entities covered by the NIS2 Act must register with the CCB using the Safeonweb@Work portal within five months of the Act's start date. Since it takes effect on 18 October 2024, registration is due by 18 March 2025. Entities in the digital sector (like DNS service providers, cloud computing services, and online marketplaces) have only two months to register, with a deadline of 18 December 2024.
The enactment of the NIS2 Act in Belgium represents a significant advancement in bolstering the nation's cybersecurity measures amid a rapidly digitizing and interconnected landscape. This Act introduces an expanded scope, more stringent cybersecurity requirements, and enhanced enforcement mechanisms, compelling Belgian organizations to elevate their cybersecurity priorities. Although challenges such as compliance and associated costs exist, the enduring benefits of a more secure and resilient cybersecurity infrastructure far exceed these initial obstacles.
Our ICT team stands prepared to support you in meeting the stringent cybersecurity demands imposed by the NIS2 Act.
Information Communication Technology
Information Governance & Data Protection
Telecommunications, Media & Technology
Commercial law
Dispute Resolution
Intellectual Property (IP)
bastiaan.bruyndonckx@lydian.be
Intellectual Property (IP)
Commercial law
Information Communication Technology
Information Governance & Data Protection
Product compliance, product safety and product liability
Telecommunications, Media & Technology
francoise.billen@lydian.be