Top
Top

NIS2 Implementation in the EU

Netherlands

(Europe) Firm Houthoff

Contributors Thomas de Weerd
Marco Moeskops

Updated 03 Feb 2025
Status

Ongoing

Status of the NIS2 Implementation Act

On 21 May 2024, the Dutch government published a consultation document for the implementation legislation of the NIS2 Directive, the Dutch Cybersecurity Act (Cyberbeveiligingswet), which consultation period ended on 1 July 2024.

It is currently unknown when the Dutch Cybersecurity Act will be submitted as a bill before the Dutch Parliament.

If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive
  • Closely modelled based on the NIS2 Directive.
  • The scope has been extended to local governments (e.g. the provinces, municipalities and water boards) which have been assigned the status of essential entities. Educational institutions can be assigned the status of essential or important entities in individual cases based on a ministerial decree.
  • Essential and important entities must report significant incidents to both the CSIRT and the competent authority (the relevant Ministry in that sector).
  • Entities that are not important or essential can report incidents on a voluntary basis to a CSIRT.
Expected date of entry into force of the Implementation Act

According to the most recent update of the Dutch government dated 16 October 2024, the government currently anticipates that the draft NIS2 implementation legislation will be submitted to the Dutch Parliament in the first quarter of 2025 and will come into force in the third quarter of 2025, contingent on the progress of the legislation process within the Dutch Parliament.

NIS2 Implementation in the EU

Netherlands

(Europe) Firm Houthoff

Contributors Thomas de Weerd Marco Moeskops

Updated 03 Feb 2025