What are the issues around the NIS2 implementation?

There are plenty of issues around the NIS2 implementation that will be addressed starting in September, such as:

  • How will Belgium interpret the scope of the Directive? And how will Belgium organise the way organisations will register? Some 3000 entities might need to follow the regulations, compared to 100 entities for NIS1.
  • We know there will be a national cyber security authority, but there is also the possibility of sectorial authorities. What will Belgium decide?
  • How can an organisation prove that the security controls it is implementing comply with the law? We have informed Beltug members about the CyberFundamentals Framework, there is ISO27001 framework under NIS1, and sectorial frameworks offer a third option.
  • As with NIS1, organisations must report incidents. How will Belgium organise this? And considering the need for reporting under the GDPR and in the future for the Cyber Resilience Act, how will Belgium avoid opening the gates to a flood of notifications?
The role of Beltug’s NIS2 sounding board

To take on these topics, and give our members the chance to exchange with peers and help shape the implementation of the NIS2 in Belgium, we set up the NIS2 sounding board. It will work to:

  • Read and comment on the draft law
  • Stay informed of the latest developments
  • Actively solve issues around the implementation, and inform Beltug
  • Join Beltug for discussions with policy makers and stakeholders (when relevant)
Lively meetings and discussions

The sounding board kicked off on 13 July 2023, with over 20 initial members. Many of them are responsible for implementing the NIS regulations in their organisation. They communicated their main interests, their main challenges and provided their first general input. Not too surprisingly, Beltug members are mostly interested in the measures to take, the oversight framework, notification of incidents and scope. But the national cyber security strategy is also of interest to them.

The first working meeting then took place on 4 August. Beltug provided the sounding board with an overview of the draft law, which set off a lively exchange on the interpretation of the liability of the board for cyber security.

The next meetings will take place on 8 September and 22 September, during which we will gradually work our way through the draft text, make comments, and  pass that information to our policy makes, to ensure we end up with a workable and thus effective implementation of NIS2 in Belgium.

You can read the mission and scope of the NIS2 sounding board here.