Supervision of digital resilience is essential for the Netherlands due to our digitized economy and increasing geopolitical threats. The supervisors of this digital resilience have decided to adopt a more intensive form of collaboration for effective and efficient oversight.
The resilience of vital processes and sectors is crucial for trust in our digital society and economy. Therefore, companies and public institutions are legally required to protect themselves against external disruptions and must be able to recover quickly after an incident. New European guidelines have been established to enhance digital resilience throughout the EU. In the Netherlands, these guidelines are being implemented in the form of the Cybersecurity Act (Cbw) and the Act on the Resilience of Critical Entities (Wwke).
Efficient and Agile Oversight
Different supervisors are designated for these laws across various sectors. Since a company can fall under multiple sectors, they may interact with several supervisors. The supervisors are joining forces to work towards efficient and agile oversight.
They are working on a work plan with ambitions in various areas, including the harmonization of assessment frameworks so that supervisors handle companies in the same manner. This harmonization and increased uniformity provide more clarity for companies and public institutions that must comply with these laws. Moreover, the supervisors are thus better able to jointly provide insights into the state of digital resilience of vital processes and sectors in the Netherlands, based on concrete inspection results.
Patrick Spelt, Head of Cybersecurity at the Human Environment and Transport Inspectorate (ILT):
Shaping supervision in collaboration with other supervisors provides a uniform application of the law for all organizations that will fall under the law. Supported by the law, we will demand digital resilience from those under supervision, enabling the Netherlands to build capacity to limit physical and digital disruptions.
Exchanging Information Among Supervisors
Each supervisor will, of course, continue to operate within their own legal role, basis, and responsibility. They will investigate where the overlap in tasks lies and which supervisor has which powers under the new legislation. Additionally, they will look at whether and how they can exchange information within the frameworks of the law and will examine which existing methods the various supervisors use and can share, so they can learn from each other.
More Information on the Implementation of the Law
The European guidelines are currently being translated into Dutch legislation by the Ministry of Justice and Security. More about the implementation of the new legislation can be found on the website of the National Coordinator for Counterterrorism and Security (NCTV): Cybersecurity Act and Act on the Resilience of Critical Entities. For the Cbw, 2 tools have been developed: use the NIS2 self-assessment tool to assess whether the organization falls under the European directive (NIS2) and do the NIS2 Quickscan to learn how well the organization is prepared for the arrival of NIS2. The NIS2-Quickscan is primarily intended for ICT and cybersecurity specialists and responsible parties within organizations.
About the Directors Consultation on Digital Resilience Oversight
Since the introduction of the Network and Information Systems Security Act (Wbni), supervisors on cybersecurity of vital processes have already been collaborating in the consultation Cooperative Oversight on Digital Resilience. With the introduction of the Cbw and Wwke, the National Inspectorate for Digital Infrastructure has taken the initiative to intensify collaboration and the Directors Consultation on Digital Resilience Oversight has been established. They focus on conducting effective oversight of the digital resilience of vital processes. In this consultation, the following supervisors collaborate:
- Nuclear Safety and Radiation Protection Authority.
- Personal Data Authority.
- De Nederlandsche Bank.
- Health Care and Youth Inspectorate.
- Human Environment and Transport Inspectorate.
- Justice and Security Inspectorate.
- Inspectorate of Education.
- Netherlands Food and Consumer Product Safety Authority.
- National Inspectorate for Digital Infrastructure.
- State Supervision of Mines.
