NIS2 sounding board

1. Background

Belgium has until 17 October 2024 to implement the ‘Directive on measures for a high common level of cybersecurity’, better known as the NIS2. In order to ensure that our policy makers get input and that organisations are informed, Beltug has set up a NIS2 sounding board. Its mission is exchanging knowledge and shaping the implementation of the NIS2 in Belgium.
The Centre for Cybersecurity Belgium (CCB) is the coordinating entity for the implementation, and has been preparing the draft law. Our objectives are to exchange with the CCB and other relevant bodies, and to participate in the political process that will see the adoption of the law in the Belgian parliament.

2. Scope and mission

The scope of the NIS2 sounding board is discussion regarding the implementation of the directive. Some of the conversations can be centred around:

How will Belgium interpret the scope of the Directive? And how will Belgium organise the way organisations will register? Some 3000 entities might need to follow the regulations, compared to 100 entities for NIS1.
We know there will be a national cyber security authority, but there is also the possibility of sectorial authorities. What will Belgium decide?
How can an organisation prove that the security controls it is implementing comply with the law? We have informed Beltug members about the CyberFundamentals Framework, there is an ISO27001 framework under NIS1, and sectorial frameworks offer a third option.
As with NIS1, organisations must report incidents. How will Belgium organise this?

In concrete terms, the NIS2 implementation sounding board works to:

Read and comment on the draft law
Stay informed of the latest developments
Actively solve issues around the implementation, and inform Beltug
Join Beltug for discussions with policy makers and stakeholders (when relevant)

In essence, the sounding board provides a platform for the members to prepare the input from Beltug for the policy makers – positions, remarks and questions – and to exchange experiences and best practices. Beltug uses the findings and suggestions to inform its members, and to develop its position.
Beltug facilitates the sounding board, and ensures that decisions align with the interests and the effective functioning of the Beltug community.

3. Members: who can apply?

Interested Beltug members can apply at info@beltug.be.

Typically, the members are the people implementing the NIS2 in their own organisations. They are knowledgeable people with a high willingness to share their expertise, and may come from all areas of companies and organisations. NIS2 consultants or advisors who are Beltug members are also welcome, as they could bring additional input and cross-company insights.

The sounding board may invite other NIS2 consultants or advisors who are not Beltug members on an ad hoc basis, to give their input.

The NIS2 sounding board may not be used in any way for commercial purposes.

4. Participation

Participation in the NIS2 sounding board is a key component of its success. The sounding board convenes regularly; the frequency of meetings is determined collaboratively by its members. Active involvement is expected from all members, who are encouraged to share their experiences, propose focus areas and ways of working, and attend gatherings consistently.

Meetings are conducted through both online and in-person formats, providing flexibility for participants. Building trust among members is paramount to facilitate open information sharing, and regular attendance plays a vital role in establishing and strengthening these personal connections.

From time to time, the sounding board may extend invitations to non-member experts or individuals with specialised experience in specific topics, in order to contribute to the discussions and enrich the collective expertise of the group. This collaborative approach ensures that diverse perspectives are brought to the table for comprehensive insights and solutions.

5. Confidentiality

Confidentiality is of utmost importance, and the Chatham House Rule is strictly adhered to during meetings. This means that participants are free to utilise the information they receive, but they must not disclose the identity or affiliation of any speaker or participant. This rule fosters an atmosphere of trust and openness, encouraging meaningful discussions and knowledge exchange.

Furthermore, the sounding board employs the Traffic Light Protocol (TLP) when sharing sensitive information:

TLP RED indicates information that can only be shared within the sounding board and, in extreme cases, must be conveyed orally only. In such instances, the Chatham House Rule does not apply, emphasising the need for utmost discretion.
TLP AMBER designates information than can only be shared within the organisations of the sounding board members, and is restricted to relevant individuals on a need-to-know basis.
TLP GREEN allows information to be disseminated within the relevant community without publication.
TLP WHITE permits free distribution, subject to copyright limitations.

To ensure the effectiveness of these confidentiality measures, Beltug reserves the right to take appropriate actions, including the exclusion of any member found to be violating these rules. Maintaining confidentiality is critical to fostering a secure environment for open dialogue and the exchange of sensitive information, which ultimately benefits the entire Beltug community.

6. Potential conflicts of interest

In the NIS2 sounding board, maintaining ethical conduct and transparency is paramount. If a potential conflict of interest arises during discussions, the concerned member will proactively inform the sounding board. Subsequently, that member will not be involved in determining Beltug’s position on the particular issue.

This proactive disclosure ensures open communication, and helps identify any situations where personal or professional interests may influence decision-making. By excluding the involved member from the decision-making process on the specific issue, the sounding board preserves objectivity and impartiality in its recommendations.

Through this approach, the sounding board reinforces its commitment to the highest ethical standards and fosters an atmosphere of trust and collaboration. It ensures that Beltug’s positions are based on collective expertise and are in the best interests of the broader community. Transparency in addressing potential conflicts of interest enhances the credibility of the sounding board’s contributions, and strengthens its impact on the NIS2 transposition.

Cookie	Duration	Description
_wordpress_test_cookie, test_cookie	session	WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.
CONSENT	until you remove it	The cookie is set by the GDPR Cookie Consent WordPress plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. When Consent has been given the cookie is used to store the user consent for the cookies in the category 'Analytics'.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category 'Necessary'.
cookielawinfo-checkbox-third-party	1 year	This cookie is set by the GDPR Cookie Consent plugin to store the user consent for the cookies in the category "Third-Party".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
WordPress_clef_session, _wordpress_cleff_state	1 year	This WordPress cookie is necessary to use the administrator zone (only for administrators).
wp-settings-1, wp-settings-time-1	1 year	WordPress uses this cookie to customize your view of the admin interface, and possibly also the main site interface.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie that YouTube sets that measures your bandwidth to determine whether you get the new player interface or the old.
YSC	to be removed by you	Registers a unique ID to keep statistics of what videos from YouTube the user has seen. This cookie expires when you close your browser.
yt-remote-connected-devices	to be removed by you	Stores the user’s video player preferences using embedded YouTube video.
yt-remote-device-id	to be removed by you	Stores the user’s video player preferences using embedded YouTube video.

Cookie	Duration	Description
_pk_id.1.5b04	1 year 27 days	Used to store a few details about the user such as the unique visitor ID
_pk_ses.1.5b04	30 minutes	Short lived cookies used to temporarily store data for the visit