The Law of 26 April 2024 establishing a framework for the cybersecurity of networks and information systems of general interest for public security ("NIS2 Law") transposes into Belgian law, Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 ("NIS2 Directive").

This law updates the Belgian legal framework for cybersecurity. Once it enters into force, it will repeal the law of 7 April 2019 - known as the "NIS law". Information on this NIS1 law is still available on our former pages on essential service operators (nl - fr) and digital service providers (nl -fr), but will soon be archived.

The NIS2 law aims to strengthen cybersecurity, incident management and oversight measures for entities that provide services that are essential for the maintenance of critical social or economic activities. It also aims to improve the coordination of public policies on cybersecurity.

1. Scope, obligations, supervision and sanctions

Information and explanations on scope, obligations, supervision and sanctions are available on our dedicated pages.

3. Frequently Asked Questions (FAQ)

Do you still have questions? The CCB has compiled a list of frequently asked questions to help you. Grouped by topic, these FAQs allow you to quickly find answers to the most frequently asked questions during the development of the law. 

5. National Cyber Emergency Plan

The National Cyber Emergency Plan was approved by the Council of Ministers in 2017 on the proposal of the then Prime Minister Charles Michel. The NIS2 law incorporates the cyber crisis management framework of the NIS1 law and brings it into alignment with European requirements.

As part of its cyber crisis management mission, the CCB, in collaboration with the National Crisis Centre (NCCN), has developed the National Cyber Emergency Plan. The main objective of the plan is to organise a response structure for cybersecurity crises and incidents that require coordination and management at the national level.