NIS2 sounding board
Belgium has until 17 October 2024 to implement the ‘Directive on measures for a high common level of cybersecurity’, better known as the NIS2. In order to ensure that our policy makers get input and that organisations are informed, Beltug has set up a NIS2 sounding board. Its mission is exchanging knowledge and shaping the implementation of the NIS2 in Belgium.
The Centre for Cybersecurity Belgium (CCB) is the coordinating entity for the implementation, and has been preparing the draft law. Our objectives are to exchange with the CCB and other relevant bodies, and to participate in the political process that will see the adoption of the law in the Belgian parliament.
2. Scope and mission
The scope of the NIS2 sounding board is discussion regarding the implementation of the directive. Some of the conversations can be centred around:
- How will Belgium interpret the scope of the Directive? And how will Belgium organise the way organisations will register? Some 3000 entities might need to follow the regulations, compared to 100 entities for NIS1.
- We know there will be a national cyber security authority, but there is also the possibility of sectorial authorities. What will Belgium decide?
- How can an organisation prove that the security controls it is implementing comply with the law? We have informed Beltug members about the CyberFundamentals Framework, there is an ISO27001 framework under NIS1, and sectorial frameworks offer a third option.
- As with NIS1, organisations must report incidents. How will Belgium organise this?
In concrete terms, the NIS2 implementation sounding board works to:
- Read and comment on the draft law
- Stay informed of the latest developments
- Actively solve issues around the implementation, and inform Beltug
- Join Beltug for discussions with policy makers and stakeholders (when relevant)
In essence, the sounding board provides a platform for the members to prepare the input from Beltug for the policy makers – positions, remarks and questions – and to exchange experiences and best practices. Beltug uses the findings and suggestions to inform its members, and to develop its position.
Beltug facilitates the sounding board, and ensures that decisions align with the interests and the effective functioning of the Beltug community.
3. Members: who can apply?
Interested Beltug members can apply at firstname.lastname@example.org.
Typically, the members are the people implementing the NIS2 in their own organisations. They are knowledgeable people with a high willingness to share their expertise, and may come from all areas of companies and organisations. NIS2 consultants or advisors who are Beltug members are also welcome, as they could bring additional input and cross-company insights.
The sounding board may invite other NIS2 consultants or advisors who are not Beltug members on an ad hoc basis, to give their input.
For certain profiles, such as lawyers or in-house consultants, Beltug will review the application on a case-by-case basis.
The NIS2 sounding board may not be used in any way for commercial purposes.
Participation in the NIS2 sounding board is a key component of its success. The sounding board convenes regularly; the frequency of meetings is determined collaboratively by its members. Active involvement is expected from all members, who are encouraged to share their experiences, propose focus areas and ways of working, and attend gatherings consistently.
Meetings are conducted through both online and in-person formats, providing flexibility for participants. Building trust among members is paramount to facilitate open information sharing, and regular attendance plays a vital role in establishing and strengthening these personal connections.
From time to time, the sounding board may extend invitations to non-member experts or individuals with specialised experience in specific topics, in order to contribute to the discussions and enrich the collective expertise of the group. This collaborative approach ensures that diverse perspectives are brought to the table for comprehensive insights and solutions.
Confidentiality is of utmost importance, and the Chatham House Rule is strictly adhered to during meetings. This means that participants are free to utilise the information they receive, but they must not disclose the identity or affiliation of any speaker or participant. This rule fosters an atmosphere of trust and openness, encouraging meaningful discussions and knowledge exchange.
Furthermore, the sounding board employs the Traffic Light Protocol (TLP) when sharing sensitive information:
- TLP RED indicates information that can only be shared within the sounding board and, in extreme cases, must be conveyed orally only. In such instances, the Chatham House Rule does not apply, emphasising the need for utmost discretion.
- TLP AMBER designates information than can only be shared within the organisations of the sounding board members, and is restricted to relevant individuals on a need-to-know basis.
- TLP GREEN allows information to be disseminated within the relevant community without publication.
- TLP WHITE permits free distribution, subject to copyright limitations.
To ensure the effectiveness of these confidentiality measures, Beltug reserves the right to take appropriate actions, including the exclusion of any member found to be violating these rules. Maintaining confidentiality is critical to fostering a secure environment for open dialogue and the exchange of sensitive information, which ultimately benefits the entire Beltug community.
6. Potential conflicts of interest
In the NIS2 sounding board, maintaining ethical conduct and transparency is paramount. If a potential conflict of interest arises during discussions, the concerned member will proactively inform the sounding board. Subsequently, that member will not be involved in determining Beltug’s position on the particular issue.
This proactive disclosure ensures open communication, and helps identify any situations where personal or professional interests may influence decision-making. By excluding the involved member from the decision-making process on the specific issue, the sounding board preserves objectivity and impartiality in its recommendations.
Through this approach, the sounding board reinforces its commitment to the highest ethical standards and fosters an atmosphere of trust and collaboration. It ensures that Beltug’s positions are based on collective expertise and are in the best interests of the broader community. Transparency in addressing potential conflicts of interest enhances the credibility of the sounding board’s contributions, and strengthens its impact on the NIS2 transposition.