23 Nov '21
Since the DigiNotar hack in 2011, the Dutch Government has been thinking about the digital protection of vital sectors of Dutch society. Since 1 January 2012, the National Cyber Security Centre (NCSC) has had the task of guarding the cyber security of vital parts of society. These tasks were then laid down in the Cyber Security Act and subsequently expanded in its successor, the Network and Information Systems Security Act (Wbni). For an outline of this Act, see this article.
This overview will show how the rest of the corporate and industrial companies in the Netherlands are protected by the Dutch government.
What does the Dutch government do about digital threats and threats to businesses? And with that, the question is when does the government share threat information with Dutch businesses, and when does the Dutch government come to the rescue, in case of a concrete threat?
The Digital Trust Center (DTC) has a role to play here. The DTC was established in 2018 as a result of a motion passed in the House of representatives. The House of representatives expressed the need for the establishment of a centre (DTC) that:
"can inform and advise companies and social organisations about, as well as offer concrete help and support in improving their cyber security and repelling hacker attacks". (Parliamentary Papers II, 26 642, no. 474 - Motion Hijink/Tellegen).
The DTC falls under the Ministry of Economic Affairs and Climate (EZK).
At the end of 2021, there is still no legal basis that specifically provides for the Ministry of Economic Affairs to receive, process and share personal data. And that is important because personal data is often part of concrete and specific threat information. Without a legal basis to provide personal data, it is therefore often not possible to exchange threat information.
That is why there is now a bill entitled 'Act to Promote Digital Resilience in Businesses'. A very important point of this bill is that it aims to provide a legal basis for the sharing of personal data as part of threat intelligence.
The bill lays down the tasks of the DTC. The two main tasks of the DTC are i) to inform and advise, and ii) to facilitate cooperation between private parties.
At the moment, it is therefore not easy for Dutch companies to inform themselves, or have themselves informed, of concrete threats. Moreover, the government has already indicated in the Explanatory Memorandum that it is not the intention that the government will act as a 'digital fire brigade'. So there is certainly a considerable challenge for businesses in the Netherlands to obtain the right information on cyber threats on time.
In September 2021, the DTC did receive the Objectively Recognisable Task (OKTT) status from the National Cyber Security Centre (NCSC). This means that the DTC can already receive concrete threat information from the NCSC. It is therefore not only important to be well informed about the legal possibilities, but also certainly to follow news events closely.
At Ploum, we are happy to help you and your company find the right information to protect your company against cyber security incidents. For example, we can perform a Quick Scan to provide an overview of the possibilities for your company and the rules that apply to your company in the field of cyber security.
Contact
11 Nov 24
14 Oct 24
13 Oct 24
07 Oct 24
13 Aug 24
13 Aug 24
04 Jun 24
13 May 24
02 May 24
08 Apr 24
04 Apr 24
21 Mar 24
Met uw inschrijving blijft u op de hoogte van de laatste juridische ontwikkelingen op dit gebied. Vul hieronder uw gegevens in om per e-mail op te hoogte te blijven.
Stay up to date with the latest legal developments in your sector. Fill in your personal details below to receive invitations to events and legal updates that matches your interest.
Follow what you find interesting
Receive recommendations based on your interests
{phrase:advantage_3}
{phrase:advantage_4}
We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.
A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.