Other official information and services: www.belgium.be

Vital sectors

The Centre for Cybersecurity Belgium (CCB) has launched a number of projects aimed at strengthening the cybersecurity of vital sectors in Belgium. These sectors are considered crucial to the security of the Belgian population, namely the energy, mobility, telecommunications and financial sectors, access to drinking water, public health and public authorities.

Early Warning System for vital sectors

In order to provide a quick and standardised warning to the vital sectors in Belgium about new cyber threats and attacks, the CCB has set up an Early Warning System.

Vital sectors have access to filtered alerts about intrusions or other cyber threats via a shared platform. This means that they receive information quickly from a reliable source and are able to take action just as quickly.

The European NIS Directive and the Belgian NIS Act

The Act of 7 April 2019 establishing a framework for the security of networks and information systems of general interest for public security (also known as the "NIS Act") transposed Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 on measures to ensure a common high level of security of networks and information systems in the Union (NIS Directive) into Belgium.

In particular, the NIS Act provides for the identification of operators of essential services active in our country in the following sectors: Energy, Transport, Finance, Health, Drinking Water and Digital Infrastructure.

These operators of essential services (OESs) must take the necessary and proportionate technical and organisational measures to manage the risks that threaten the security of the networks and information systems on which the essential services they provide depend. OESs must also notify the NIS authorities of security incidents relating to their networks and information systems.

Another category of entity is also covered by the NIS Act, namely digital service providers (DSPs), but these are subject to a less stringent legal regime.

Since the applicable legal rules are not the same, you will therefore find information on OESs and DSPs separately.

❗❗❗ New version of the NIS Directive❗❗❗

It replaces the 2016 NIS-1 Directive, which is often called the very first cybersecurity legislation in the world.

The proposal for the new NIS directive was tabled by the European Commission in December 2020. After a swift negotiation process, the final text was adopted by the Council and the European Parliament two years later, and published on 27 December 2022 and went into effect 20 days later. Our country now has 21 months, until 17 October 2024, to transpose the NIS-2 directive into national legislation.

All information on the new version of the NIS Directive (or "NIS2")Legal framework for operators of essential services (OESs)Legal framework for digital service providers (DSPs)

National Cyber Emergency Plan

The Council of Ministers approved the National Cyber Emergency Plan on the proposal of then Prime Minister Charles Michel in 2017.

As part of its mission with regard to crisis management for cyber incidents, the Center for Cybersecurity Belgium (CCB) developed the National Cyber Emergency Plan in cooperation with the National Crisis Center (NCCN). The plan's main objective is to organize a response structure to cybersecurity crises and incidents that require coordination and management at the national level. To prepare itself for potential cyber incidents and crises, CERT.be regularly takes part in national and international cyber exercises.