BELGIUM Law and Practice Contributed by: Wim Nauwelaerts, Alston & Bird LLP
1. General Overview of Laws and Regulators 1.1 Cybersecurity Regulation Strategy Belgium’s Cybersecurity Strategy 2.0 (2021–25; the “Strategy”), which was designed by the Bel - gian federal government in co-operation with the Belgian Cybersecurity Centre (CCB), aims to make Belgium one of the least vulnerable countries in Europe in terms of cybersecurity. It includes a strategic plan to support the develop - ment of appropriate capacity to detect, investi - gate, prosecute and sanction cybercrime. One of the key objectives of the Strategy is to build out expertise across all levels of law enforcement so that the necessary investiga - tion capacities can be effectively and quickly deployed in a digital environment. The intention is to ensure that the prosecutor’s office and the courts of all judicial districts have prosecutors and judges with sufficient experience in combat - ting cybercrime. The Strategy also sets out several strategic objectives that the CCB intends to pursue in co-operation with all relevant stakeholders in the cybersecurity sector in the upcoming years. These objectives include: • strengthening and increasing trust in digital environments; • arming users and administrators of comput - ers and networks; • protecting organisations of vital interest against cyberthreats; • responding effectively to cyberthreats; • improving public, private and academic col - laborations; and • participating in international commitments involving cybersecurity.
1.2 Cybersecurity Laws The main laws and regulations in Belgium relat - ing to cybersecurity include: • Article 22 of the Belgian Constitution; • Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protec - tion Regulation; GDPR); • the Act of 3 December 2017 establishing the Data Protection Authority (the “DPA Act”), amended by the Act of 25 December 2023; • the Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, supplementing the GDPR (the “Data Protection Act”); • the Belgian Criminal Code, as amended by the Act of 28 November 2000 on Cybercrime and the Act of 15 May 2006 on Cybercrime, in particular Article 210bis on computer-related forgery, Articles 259bis and 314bis on the interception of electronic communications, Article 504quater on computer-related fraud, Article 550bis on illegal access (hacking) and Article 550ter on computer sabotage; • the Belgian Criminal Procedure Code; • the Royal Decree of 10 October 2014 for the establishment of the CCB, supplemented by Royal Decree of 12 October 2023 determin - ing the conditions for awarding subsidies for activities related to informing and raising awareness in the field of cybersecurity; • Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) 526/2013 (the “Cybersecurity Act”);
41
CHAMBERS.COM
Powered by FlippingBook