www.belgium.be Logo of the federal government

The NIS2 law

All about the new legislation

More background on NIS2  can be found on this website from this page

The Law of 26 April 2024 establishing a framework for the cybersecurity of networks and information systems of general interest for public security ("NIS2 Law") transposes into Belgian law, Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 ("NIS2 Directive").

This law updates the Belgian legal framework for cybersecurity. Once it enters into force, it will repeal the law of 7 April 2019 - known as the "NIS law". Information on this NIS1 law is still available on our former pages on essential service operators (nl - fr) and digital service providers (nl -fr), but will soon be archived.

The NIS2 law aims to strengthen cybersecurity, incident management and oversight measures for entities that provide services that are essential for the maintenance of critical social or economic activities. It also aims to improve the coordination of public policies on cybersecurity.

1. Scope of application, obligations, supervision, sanctions and timeline

Extensive information and explanations on the scope of application, obligations, supervision, sanctions, and a timeline for the implementation of the NIS2 law are available page dedicated to NIS2 on Safeonweb@Work. The CCB also created a short guide on how to comply with NIS2 in 7 easy steps.
Safeonweb@work is an initiative of the CCB aimed at Belgian organisations and businesses. This site serves as a portal for the registration of NIS2 entities. The NIS2 page on Safeonweb@work also gives you access to a number of practical tools and resources to help you comply with the NIS2 law.

2. Leaflet

Everything you need to know about the NIS2 law and its contents in a single document.

It will help you understand not only whether your organisation falls within the scope of the law, but also what this means in terms of obligations and controls. Incident reporting? Essential and significant facilities? Risk management measures? This document explains what you need to know about the law.

3. Frequently Asked Questions (FAQ)

Do you still have questions? The CCB has compiled a list of frequently asked questions to help you. Grouped by topic, these FAQs allow you to quickly find answers to the most frequently asked questions during the development of the law. 

4. National Cyber Emergency Plan

The National Cyber Emergency Plan was approved by the Council of Ministers in 2017 on the proposal of the then Prime Minister Charles Michel. The NIS2 law incorporates the cyber crisis management framework of the NIS1 law and brings it into alignment with European requirements.

As part of its cyber crisis management mission, the CCB, in collaboration with the National Crisis Centre (NCCN), has developed the National Cyber Emergency Plan. The main objective of the plan is to organise a response structure for cybersecurity crises and incidents that require coordination and management at the national level.