What are the issues around the NIS2 implementation?
There are plenty of issues around the NIS2 implementation that will be addressed starting in September, such as:
- How will Belgium interpret the scope of the Directive? And how will Belgium organise the way organisations will register? Some 3000 entities might need to follow the regulations, compared to 100 entities for NIS1.
- We know there will be a national cyber security authority, but there is also the possibility of sectorial authorities. What will Belgium decide?
- How can an organisation prove that the security controls it is implementing comply with the law? We have informed Beltug members about the CyberFundamentals Framework, there is ISO27001 framework under NIS1, and sectorial frameworks offer a third option.
- As with NIS1, organisations must report incidents. How will Belgium organise this? And considering the need for reporting under the GDPR and in the future for the Cyber Resilience Act, how will Belgium avoid opening the gates to a flood of notifications?
The role of Beltug’s NIS2 sounding board
To take on these topics, and give our members the chance to exchange with peers and help shape the implementation of the NIS2 in Belgium, we set up the NIS2 sounding board. It will work to:
- Read and comment on the draft law
- Stay informed of the latest developments
- Actively solve issues around the implementation, and inform Beltug
- Join Beltug for discussions with policy makers and stakeholders (when relevant)
Lively meetings and discussions
The sounding board kicked off on 13 July 2023, with over 20 initial members. Many of them are responsible for implementing the NIS regulations in their organisation. They communicated their main interests, their main challenges and provided their first general input. Not too surprisingly, Beltug members are mostly interested in the measures to take, the oversight framework, notification of incidents and scope. But the national cyber security strategy is also of interest to them.
The first working meeting then took place on 4 August. Beltug provided the sounding board with an overview of the draft law, which set off a lively exchange on the interpretation of the liability of the board for cyber security.
The next meetings will take place on 8 September and 22 September, during which we will gradually work our way through the draft text, make comments, and pass that information to our policy makes, to ensure we end up with a workable and thus effective implementation of NIS2 in Belgium.
You can read the mission and scope of the NIS2 sounding board here.
You may also like:
Join Beltug’s new NIS2 Implementation Sounding Board
Help shape the implementation of NIS2! NIS2 is going to have a major impact on many organisations in Belgium: some 3000 entities might need to follow the regulations, compared to 100 entities for NIS1. And the...
Fast track your regulatory questions: AI, security of digital products, data and NIS2
For Beltug’s 2nd D-scover Regulatory session, we took on the ongoing EU-level discussions regarding the Artificial Intelligence Act and the Cyber Resilience Act on security for products with digital elements. Once approved, these regulations will apply...
Insight on the impact of upcoming legislation on digital technology
New legislation is changing the roles of CIOs and digital technology leaders. Beltug is taking action to help you get prepared, delivering key information and insights through initiatives such as our new ‘D-scover Regulatory’ series of...