07 Jan '22
Recently, we informed you about European developments regarding cybersecurity and cybercrime.
We indicated that in 2016 the NIS-Directive (EU 2016/1148) entered into force. This Directive contains a number of obligations for a number of sectors and companies. The Directive is implemented in Dutch legislation via the ‘Wet beveiliging netwerk- en informatiesystemen’.
The NIS-Directive will be replaced by the NIS2-Directive, which will contain even more obligations for a larger number of sectors and companies. More information regarding the NIS2-Directive can be found on the website of the European Commission.
Additionally, the European Commission is working on a European Cyber Resilience Act, which will contain common cybersecurity standards for products. This is also important in relation to the climate target (reducing emissions by at least 55 percent by 2030). To achieve that goal, the Commission
“will propose an action plan for an accelerated digital transformation of the sector, which is needed to ensure the shift towards renewables, connected mobility, smart buildings, and a more integrated energy system with consumers at its core. The wide-scale energy disruptions in the US and the EU over the past year show the need for resilient and cyber-secure energy.” (We refer to this page).
The Dutch authorities have welcomed the initiative. On January 4th, 2022 a so called ‘non-paper’ has been published that describes the Netherlands’ additional ideas regarding such a Cyber Resilience Act. The non-paper concludes that
“The Cyber Resilience Act should be an essential building block in a European and holistic approach to the cybersecurity of digital products and services in which a mandatory horizontal approach is complementary to sectoral regulation in specialized domains. Specifically, the Cyber Resilience Act should function as a horizontal regulation containing a lex specialis application with regard to sectoral and harmonised rules. The focus of the Cyber Resilience Act should be on setting cybersecurity requirements that cover all forms of both digital products and services, irrespective if they are offered for consumer or business/industrial purposes and irrespective if they are linked to a physical product. It should cover the entire lifecycle of digital products, processes and services and target the manufacturers and providers of ICT products, processes and services through a duty of care based on the latest state of technology.”
The proposal on a European Cybersecurity Resilience Act will be published in Q3 of 2022. We will continue to inform you about European and national developments regarding cybersecurity and cybercrime.
Contact
11 Nov 24
14 Oct 24
13 Oct 24
07 Oct 24
13 Aug 24
13 Aug 24
04 Jun 24
13 May 24
02 May 24
08 Apr 24
04 Apr 24
21 Mar 24
Met uw inschrijving blijft u op de hoogte van de laatste juridische ontwikkelingen op dit gebied. Vul hieronder uw gegevens in om per e-mail op te hoogte te blijven.
Stay up to date with the latest legal developments in your sector. Fill in your personal details below to receive invitations to events and legal updates that matches your interest.
Follow what you find interesting
Receive recommendations based on your interests
{phrase:advantage_3}
{phrase:advantage_4}
We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.
A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.