Dutch Government Prepares for New European Cyber Regulations
The Dutch government is gearing up for new European cyber regulations to ensure the security and integrity of digital infrastructures, which are crucial for a resilient digital environment.
Introduction to New Regulations
Recent developments highlight the Dutch government’s proactive steps in adapting to the revised Network and Information Security directive (NIS2) and the Critical Entities Resilience directive (CER). The Minister of Economic Affairs and Climate has informed the House of Representatives about the release of the 2023 Annual Report by the Rijksinspectie Digitale Infrastructuur (RDI), which outlines their efforts to maintain continuous, secure, and reliable digital networks and services.
Implementation of NIS2 and CER
The NIS2 directive, which aims to bolster the cyber resilience of essential services across EU member states, is a significant upgrade from its predecessor. The Dutch government has been working diligently to translate these directives into national legislation. The RDI is tasked with evolving its regular inspection methodologies to be NIS2-compliant, engaging essential service providers in this process. This collaboration underscores the importance of cohesive action among national and international regulatory bodies to maintain robust digital infrastructure.
Focus on Essential Services
In addition to the broader implementation of NIS2, the RDI has initiated a program targeting over 30 entities in the oil and gas sector, focusing on their compliance with the upcoming cyber regulations. This proactive engagement aims to address potential vulnerabilities in critical sectors ahead of the formal enforcement of these regulations. The RDI’s efforts include research into the cybersecurity of digital equipment at its IoT lab, where it collaborates with manufacturers to enhance the security of their products.
Upcoming Cybersecurity Requirements
From 1 August 2025, digital equipment must comply with the cyber requirements of the delegated regulation (EU) 2022/30 under the Radio Equipment Directive (RED). The RDI is already investigating and advising manufacturers and importers on necessary measures to meet these upcoming standards. Although the RDI currently lacks formal oversight authority for these essential cybersecurity requirements, it is actively contributing to the development of these norms internationally, including for the Cyber Resilience Act (CRA).
The Broader European Context
The broader European context of these regulations was highlighted by Minister Ollongren’s speech at the NATO Cyber Defence Pledge Conference held on 21 May 2024. The conference, co-organized by Romania and held in The Hague, emphasized the importance of enhancing cyber resilience through collaboration and information sharing. Recent cyber-attacks targeting critical infrastructure across Europe, including incidents involving the German Social Democratic Party, underscore the urgency of robust cybersecurity measures.
Public Consultation and Future Steps
To ensure these regulations are comprehensive and effective, the Dutch government has opened a public consultation for the Cybersecurity Act, which transposes the NIS2 directive into national law. Stakeholders have until 2 July 2024 to submit their suggestions. The NIS2 directive will become mandatory across Europe in October 2024, with the Netherlands expecting full implementation by 2025. The Digital Trust Center advises organizations to start preparing for these duty of care measures in advance.
Conclusion
These efforts reflect the Dutch government’s commitment to fortifying its digital infrastructure against emerging cyber threats. By staying ahead of European regulations and fostering international cooperation, the Netherlands aims to ensure a secure and resilient digital environment for all its critical sectors.