The NIS Directive: what will be the impact on your organisation in Belgium? With the Centre for Cyber Security. (N-sight)

Location:Roularta Conference Center, Zellik


The NIS Directive (i.e. the European Directive on the security of network and information systems) has recently been transposed into Belgian law as the NIS Act.  This new law applies to eight specific sectors that cover a very broad range of activities:


  • energy (electricity, gas, oil)
  • transport (air transport, rail transport, water transport, road transport)
  • banking
  • financial market infrastructures
  • health
  • drinking water supply and distribution
  • digital infrastructures (IXP, DNS service providers, top-level domain name registries)
  • digital service providers (cloud computing services, online market places, online search engines).


Many of our members will thus be impacted, so we want to take a pragmatic approach to the issue, addressing your concrete questions and then trying to find answers.


In this session we have a close look at the ins and outs of the directive and the Belgian implementation, and we will learn about the implications for Belgian organisations.


Feel free to pass on this information to your colleagues from legal, security and compliance.


*Beltug is offering Crowdbeamer streaming at our events, so that every participant can get the most from our speakers' expertise. Just download the free app, and then during the presentation you can see the current slide on your mobile device and annotate notes!




Roularta Conference Centre
Z.1. Research Park 120
1731 Zellik



13:30 Welcome coffee


14:00 Introduction


Ann Guinée, Communication Manager, Beltug (English)


14:15 NIS requirements for ‘operators of essential services’ and ‘digital service providers’ in Belgium


The Belgian NIS Act and corresponding Royal Decree impose various obligations on operators designated as providing ‘essential services’ (OES - operator of essential services). These include implementing a security policy for their network and information systems, and engaging in incident notification, information exchange and audits. Large and medium-size digital service providers (DSP) must also follow security and incident notification requirements (harmonised at the European level). We’ll find out more about the obligations in this presentation.

Valéry Vander Geeten, Legal Officer, DPO and Project Manager NIS, Centre for Cyber Security Belgium (English)


14:45 Q&A: Your questions, your experience


15:00 Coffee break


15:15 The interaction between the NIS Act, the Critical Infrastructures Act and the GDPR


We will learn about the interaction between the NIS Act and the Critical Infrastructures Act on the one hand, and between the NIS Act and the GDPR on the other. In terms of critical infrastructures, the presentation will highlight the differences in scope and obligations. As regards data protection, the presentation will touch upon the interaction between the different legal instruments. How will the NIS Act impact the processing of personal data, and which steps need to be taken to implement the NIS in the overall GDPR governance?


Johan Vandendriessche, Partner, Affluo and Professor, UGent (English)


15:45 Q&A: Your questions, your experience


16:00 Security-as-a-Selling point? The impact of the NIS on IT providers


The NIS framework may encourage clients to increase their IT security budgets. But it will also have implications for IT suppliers, notably in terms of changing certification and audits from a ‘nice to have’ to an obligation (at least in the regulated sectors). IT suppliers should be aware of how they can reassure their clients and support them in reaching the next level of security and compliance.


Benjamin Docquir, Partner & Head of the IP, IT & Data Protection practice, Osborne Clarke (English)


16:30 Q&A: Your questions, your experience


16:45 Wrap up & Closing drink


17:30 End