A significant milestone for cybersecurity has been reached with the adoption of the European NIS2 directive. Its Belgian transposition law will take effect in exactly one month (18 October 2024).
Key insights
New cybersecurity compliance rules
Mandatory risk assessments and trainings
Update your contracts with service providers
Under NIS2, numerous companies spanning different sectors will be facing increased cybersecurity obligations.
The NIS2 legislation impacts more entities than those directly listed, as all directly covered entities are required to ensure their suppliers and direct service providers implement similar measures.
Failure to comply may have significant consequences, including potential administrative measures and fines, with possibilities for legal representatives to be personally liable for breach of their duties to ensure compliance.
Among the requirements, the following are key to any compliance checklist:
- Risk analysis and information system security policies
- Supply chain security measures
- Incident handling measures
- Business continuity measures
- Cybersecurity risk management assessment policies
- Cyber hygiene practices and training
- Cryptography and encryption policies
- HR security, access control, and asset management
- Multi-factor authentication and secure communication measures
- Security measures for the acquisition, development, and maintenance of network and information systems
- Coordinated vulnerability disclosure
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.