NIS directive on security of network and information systems is transposed into Belgian law

The law to transpose the Directive on security of network and information systems (NIS directive) into Belgian law has been approved, on 21 March 2019.  The NIS directive provides legal measures to boost the overall level of cybersecurity in the EU.


The transposition will impact many Beltug members, and we are therefore keeping a careful eye on developments. To address the questions of our members we have several steps planned:




All sectors that are vital for our economy and that rely heavily on ICT - such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure - will be required to take ‘appropriate’ security measures.


Key digital service providers (such as search engines, cloud computing services and online marketplaces) will also have to be in compliance. The digital service providers will be subject to both the NIS rules and the Commission Implementing Regulation (EU) 2018/151.


Among other requirement, the providers of essential services must comply with the notification obligations. This specifies that they must report any cyber-attacks to a central body. A digital platform for reporting is being set up. The goal is to enable better collaboration and the identification of threats.


Within the first six months after the transposed law enters into force, and is published in the Belgian Monitor, the authorities will contact a first group of operators, and identify them as providers of essential services.