The Directive on security of network and information systems (NIS directive) should be transposed into Belgian law by May 2018. The draft law was approved by the Council of Ministers on Friday 30 March, and will be introduced to Parliament at end-April.
The NIS provides legal measures to boost the overall level of cybersecurity in the EU. All sectors that are vital for our economy and also rely heavily on ICT - such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure - will need to take appropriate security measures. Key digital service providers (such as search engines, cloud computing services and online marketplaces) will also have to be in compliance. Digital service providers will be subject to the rules in the NIS and the Commission Implementing Regulation (EU) 2018/151.
The following timelines for ‘essential services’ operators to implement the security measures have been provided to Beltug, to share with our members:
Beltug is involved
Beltug called on the authorities to not go further than stipulated in the Directive when transposing the requirements into law. A draft Royal Decree will be submitted to the Council of Ministers regarding notification formats and a shared platform, after the law has been passed. For Beltug, this is an important issue as we also called for a single notification of serious security breaches, via a shared platform. We will offer to give our input to this Royal Decree to ensure the approach is practical for our members. More information is available in Dutch and French.