BELGIUM Law and Practice Contributed by: Wim Nauwelaerts, Alston & Bird LLP
• Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and informa - tion systems across the Union (the “NIS Directive”), as repealed by Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on meas - ures for a high common level of cybersecurity across the Union, amending Regulation (EU) 910/2014 and Directive (EU) 2018/1972 (the “NIS2 Directive”); • the Act of 26 April 2024 establishing a frame - work for the cybersecurity of networks and information systems of general interest for public security, and transposing the NIS2 Directive (the “NIS2 Act”); • Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 Decem - ber 2022 on digital operational resilience for the financial sector and amending Regula - tions (EC) 1060/2009, (EU) 648/2012, (EU) 600/2014, (EU) 909/2014 and (EU) 2016/1011 (DORA); • Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity require - ments for products with digital elements and amending Regulations (EU) 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (the “Cyber Resilience Act” or CRA); • Council Directive 2008/114/EC of 8 Decem - ber 2008 on the identification and desig - nation of European critical infrastructures and the assessment of the need to improve their protection (the “Critical Infrastructures Directive”), as repealed by Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities (the “CER Direc - tive”);
• the Act of 1 July 2011 on the security and protection of critical infrastructures, partially implementing the Critical Infrastructures Directive (the “Critical Infrastructures Act”) – the Critical Infrastructures Act was amended by the Royal Decree of 15 September 2023 to align the security requirements for the energy sector with those imposed by the CER Direc - tive; and • Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on arti - ficial intelligence and amending Regulations (EC) 300/2008, (EU) 167/2013, (EU) 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (the “AI Act”). 1.3 Cybersecurity Regulators The CCB operates under the authority of the federal Prime Minister and is the central author - ity for cybersecurity in Belgium, in addition to assuming the role of national computer secu - rity incident response team (CSIRT). The CCB is charged with monitoring, co-ordinating and supervising the implementation of the govern - ment’s cybersecurity policy and strategy. The federal computer emergency response team (CERT) is the operational service of the CCB. The task of CERT is to detect, observe and ana - lyse online security problems, and to provide continuous information about these problems. It helps the government, emergency services and companies to prevent, co-ordinate and provide assistance in the event of cyber-incidents. The Cyber Threat Research and Intelligence Sharing (“CyTRIS”) Department within the CCB monitors cyberthreats and publishes regular reports.
42
CHAMBERS.COM
Powered by FlippingBook