First legislative bill on cyber security to the House of Representatives

It will be mandatory for organisations within vital sectors to report serious digital security incidents to the National Cyber Security Centre (NCSC) of the Ministry of Security and Justice. Prompt reporting makes a more effective approach possible for these types of incidents, for the purpose of preventing or limiting social disruption. This is covered by a legislative bill submitted by the State Secretary Dijkhoff (Security and Justice) to the House of Representatives today.

In any case the duty to report shall apply (date still to be designated) for organisations within the following sectors: electricity, gas, nuclear energy, drinking water, telecom, transport (mainports Rotterdam and Schiphol), finances and government (including primary water-control structures). These sectors are part of the vital infrastructure of the Netherlands. Failure could lead directly or indirectly to social disruption.

By legally making it mandatory for these vital organisations to report IT violations, the NCSC can not only estimate the risks for society but can also provide assistance to the affected organisation. Moreover, this enables the NCSC to warn and to make recommendations to other essential organisations.

The duty to report falls in line with the broader context of the ongoing public private partnership to improve cyber security within the (central) government and the vital sectors. The confidential character of the reported information on incidents and vulnerabilities continues to be guaranteed. The legislative bill provides for a good balance. On the one hand it ensures that the NCSC is able to execute its tasks properly. And on the other hand, it keeps account of the interests of the involved providers where it concerns the provision of information to the public (among others) about these incidents and vulnerabilities.