Resource Center

An overview of CCB’s international engagement in 2024 with focus on the Belgian Presidency of the Council of the EU In 2024, Belgium took the spotlight with its Presidency of the Council of the EU (January-June), playing a pivotal role in shaping Europe's cybersecurity future. The CCB’s International Relations department was at the helm, driving Belgium’s cybersecurity agenda in close collaboration with the country’s Permanent Representation to the EU. A team member was even seconded to ensure seamless coordination. Under the Presidency theme "Protect, Strengthen, Prepare," Belgium set several key priorities, including on cybersecurity.A top priority was leading negotiations between the Council, European Parliament, and Commission on two major legislative acts: the Cyber Solidarity Act and the amendment to the Cybersecurity Act. The Cybersecurity Act amendment paves the way for certification schemes for Managed Security Services, vital for implementing NIS2, while the Cyber Solidarity Act establishes the EU Cybersecurity Alert System and a Cyber Reserve enhancing detection, analysis and response capabilities across the Union. Despite challenges, Belgium successfully secured political agreements on both files in record time before the European Parliament’s elections. Belgium also spearheaded discussions on the Council’s representation in the Interinstitutional Cybersecurity Board (IICB), and the CCB represented the Council in the board’s inaugural meetings.‘Implement and Protect together’, Council Conclusions on the future of cybersecurityAnother key achievement was a comprehensive review and stocktaking of the EU cybersecurity landscape, which led to the adoption of Council Conclusions on the future of cybersecurity, titled ‘Implement and Protect together’. This pivotal document, set to guide EU cybersecurity policy for years to come a shift towards implementation rather than new legislation. It calls for reducing legislative fragmentation, clarifying roles and responsibilities, strengthening collaboration with law enforcement, and enhancing Active Cyber Protection. This vision received unanimous support from all EU Ministers at the Telecom Council on 21 May 2024. Brussels Cybersecurity Summit The Centre for Cybersecurity Belgium also organized high-profile events such as the Brussels Cybersecurity Summit (18-19 January) and co-sponsored the ENISA Cybersecurity Policy ConferenceThe Brussels Cybersecurity Summit on 18-19 January 2024 united leading experts, policymakers, and industry trailblazers to delve into the most recent trends, challenges, and solutions in the cybersecurity landscape. This event was streamed live and gathered around 500 policymakers and global experts to discuss the future of cybersecurity in Europe. Throughout the day-and-half of the conference participants had the opportunity to connect with people, exchange ideas, national experience, and practical lessons of the past and insights from the latest research. Such bottom-up analysis provided concrete ways forward for cybersecurity practitioner, as well as for policy makers, including the upcoming European Commission and European Parliament. The summit represented a key interactive bridge-builder that drove European cybersecurity forward, promoting new concepts such as Active Cyber Protection (ACP) and pushing the EU to cross ‘the last mile” to make Europe more cybersecure. Participants to the event had also the opportunity to follow tailored and specific presentations/panel discussions and debates in three different tracks: strategic track; cyber coordination and competence track; and CTI trackMoreover, the CCB had the opportunity to co-sponsor the ENISA Policy Conference, organised in Brussels 17 April. In this context, the CCB had the opportunity to put again on the spotlight Active Cyber Protection. Moreover, the event saw also a keynote delivered by the Secretary of State Mathieu Michel. Cybersecurity Networks in action Two cybersecurity weeks were held in Namur and Ghent, featuring regular meetings of networks chaired by CCB during the Presidency: EU-CyCLONe, the NIS Cooperation Group, the CSIRTs Network, and the informal network of European Cybersecurity Directors, which saw significant strengthening during this presidency.As Chair of EU-CyCLONe, CCB led the adoption of the network’s first Rules of Procedure, submitted the network’s first report to the Council and European Parliament, and navigated it through the European Elections and ENISA’s Cyber Europe Exercise. Within the NIS Cooperation Group, the CCB led efforts on Active Cyber Protection and contributed to discussions on Post-Quantum Cryptography, ensuring Europe stays ahead in the cybersecurity race. Other International activity Also beyond the Presidency the CCB played a pivotal role at both national and international levels in coordinating  progress in cybersecurity policy, partnerships, and preparedness.Nationally, CCB led the National Cybersecurity Council Belgium (NCCB), ensuring coordination between federal and regional cybersecurity authorities. We managed the Platform Cybersecurity, aligning security and intelligence services to advise the National Security Council on a unified national cybersecurity policy. CCB answered Parliamentary Questions, engaged with many stakeholders, including associations such as the Cybersecurity Coalition, Beltug, Agoria and many more.  Internationally, we expanded Belgium’s bilateral network, advancing collaborations with EU and non-EU countries. Highlights included organizing a MISP workshop in Brussels with  Lithuania, in the context of the Counter Ransomware Initiative, praised for enhancing ransomware information-sharing. We continued to lead OSCE efforts on public-private partnerships through CBM 14 and reinforced Belgium’s contributions to NATO's Cyber Defence Pledge.A major achievement this year was passing the Belgian NIS2 law, transposing the EU NIS2 Directive. Led by the efforts of the CCB, Belgium was the first Member State to fully transpose this European obligation. Additionally, the CCB’s Cyber Fundamentals Framework that helps guide and attest NIS2 implementation became a certification scheme, and moreover is becoming a European norm. Several other Member States are now underway in equally adopting the scheme. CCB also won the European Cybersecurity Month (ECSM) award for best awareness video. These and many other efforts contribute to making Belgium one of the leading voices in cybersecurity policy in the EU.Looking ahead, the CCB  has begun preparing the new National Cybersecurity Strategy (2025-2030), updating the current strategy and implementing NIS2 obligations. At the European level, we anticipate reviews of the Cybersecurity Act and Cyber Blueprint, as well as new initiatives such as a Commission Action plan on Cybersecurity in the health care sector. The CCB plans to scale up capacity-building initiatives, intensify bilateral partnerships, and strengthen international frameworks to bolster Belgium’s cybersecurity. Cyber Coordination & Competence track (Brussels Cybersecurity Summit) The NCC-BE organized and hosted the Cyber Coordination & Competence track of the event, which focused on topics like turning lesson learned into impact: from real-world cases to investment strategies; cybersecurity skills in the future: will AI bridge the gap or will training take the lead?; and also the prospects of the Strategic Agenda for the interval 2024-2030. By being the lead in four sessions of the event, the NCC-BE captured the new challenges of the Belgian SMEs and the NCCs (very well represented during the event), discussing solutions together to best tackle cyber security and support the implementation of new regulations. Strategic takeaways were directed at the ECCC and the European Commission, by industries and the NCCs.Eventually, Luca Tagliaretti participated and provided his first speech as Executive Director of the ECCC.The 'Research to Reality – Digital Solutions to European Challenges' conference, With the support of the NCC-BE, in the context of the Belgian Presidency, the Regions organized this conference in collaboration with the European Commission. The event aimed to explore the connection between cutting-edge research in digital technologies under Horizon Europe and the implementation of digitalisation initiatives within the Digital Europe Programme (DEP).The NCC-BE actively participated in the "Research to Reality" event, organising a dedicated Cybersecurity breakout session inviting community members to participate in discussions on promoting European and Belgian cybersecurity innovation. The session focused on exploring means to advance on the path of marketing European and Belgian cybersecurity innovation. The NCC-BE also hosted a frequently visited booth, providing information about the European Cybersecurity Competence Centre framework, the competences and responsibilities of the NCC-BE, and available European funding for cybersecurity. The NCC-BE launch event (19 September 2024) This first public event of the NCC-BE gathered Belgian government officials, SMEs, and industry leaders to discuss Belgium’s cybersecurity strategies and collaboration. The sessions were very interactive, the NCC-BE wanted to listen and to learn from those exchanges and was able to draw conclusions on how to best work closely with the different Belgian stakeholders. Luca Tagliaretti, the Executive Director of the ECCC, highlighted during his keynote speech the importance of engaging the national community in its widest sense – he praised Belgium as a pioneer of such collaboration at national level as well as for being well-ranked in the DEP participation.Key takeaways include:Government collaboration is essential for a resilient cybersecurity future.Building a competence community is crucial to address the right needs.Input on EU funding priorities will strengthen cybersecurity across Belgium.The event emphasized the importance of maintaining research excellence and reinforcing the EU’s cybersecurity competitiveness.

On 20 November 2024, the CRA was published : New rules will make connected products more secure  This new EU regulation on “horizontal cybersecurity requirements for products with digital elements” aims at addressing a major source of vulnerability: the low level of cybersecurity of many connected products sold on the European market, from connected toys to smart TVs and from B2B software to complex industrial systems including connectivity features. For the first time, the CRA imposes minimum cybersecurity requirements on these products, both before they are put on the market and afterwards, ensuring that cybersecurity vulnerabilities are addressed throughout the lifecycle of a product.The initial proposal of Regulation had been tabled by the European Commission on 15 September 2022. As part of the EU legislative process, it was subsequently examined by the Council of the EU and the European Parliament. Both institutions reached an agreement on a revised text about a year later, on 30 November 2023. Following some procedural delays linked to the organisation of the European elections of 9 June 2024, the CRA was only signed into law and published in the Official Journal of the EU on 20 November 2024. The text officially enters into force 20 days after its publication, i.e. on 10 December 2024.Throughout the whole adoption process, Belgium has played an active role in promoting a proportionate approach for CRA requirements. In line with the CCB’s recommendations, we advocated for simple measures that will have a real impact in reducing vulnerabilities, such as the introduction of a default setting ensuring security are installed automatically by default, or the obligation for manufacturers to inform users about the length of the support period for their connected products (i.e. the date until when they commit to provide security updates).In practice, a transition period is foreseen to ensure that economic operators have sufficient time to adapt to the new requirements:In the first phase, starting 21 months from today, manufacturers of connected products will have to notify public authorities about incidents and vulnerabilities impacting the security of their products. This will create more transparency and ensure a speedy development and deployment of security updates to ensure that vulnerabilities are patched.In a second phase, starting 3 years from today, all CRA requirements will apply, including provisions on security by default, user transparency and market surveillance. By that time, connected products will have to undergo a conformity assessment prior to being sold in Europe, no matter where the manufacturer is located. A simplified compliance process based on self-declaration is foreseen for low-risk products whereas the most important and critical products will have to be subject to a detailed assessment by third party auditors (so-called “conformity assessment bodies”).For more detailed information on the new rules, see our CRA page and the answers to the most frequently asked questions (FAQs) or consult the full text of the Regulation.