bestuur

New cybersecurity notification obligation for providers of vital infrastructure

01 January 2018
In the run-up to the full implementation of the EU Network and Information Security (NIS) Directive into Dutch law, the Netherlands adopted its first Cybersecurity Act
(Wet gegevensverwerking en meldplicht cybersecurity) in October 2017. On 1 January 2018, its provisions on the notification of cybersecurity incidents came into effect. This means that certain providers of vital infrastructure are obliged to notify the Dutch National Cyber Security Centre if and when they suffer a major security incident. Providers of vital infrastructure can be organisations and service providers in the energy, finance and transport sectors. The new obligation to report cybersecurity incidents shall be without prejudice to existing notification obligations, such as the personal data breach notification obligation under the Dutch Data Protection Act, and, as of 25 May 2018, the GDPR.
Written by:

Share

Thomas de Weerd

Key Contact

Amsterdam
Advocaat | Partner
+31 20 605 69 85
+31 6 5165 9208
Jan Brölmann

Key Contact

Amsterdam
Advocaat | Senior Associate
+31 20 605 65 94
+31 6 4704 3567
Jurre Reus

Key Contact

Amsterdam
Advocaat | Associate
+31 20 605 65 76
+31 6 8380 3239