The ministers of Justice and Security and Economic Affairs and Climate have sent the drafts of the Cyber Security Decree and the Critical Entity Resilience Decree (WKE) to the House of Representatives. These decrees implement the European NIS2 Directive and CER Directive. These are aimed at strengthening the digital and physical resilience of organizations in vital sectors.
With the new Cybersecurity Decree, more organizations will come under scrutiny for their digital security. There will also be stricter security requirements for these organizations. These include companies and institutions operating in sectors such as energy, transportation, healthcare, drinking water, finance and digital infrastructure.
The WKE Decree focuses on protecting critical entities from physical threats, such as sabotage or natural disasters. Among other things, organizations must conduct risk assessments, take appropriate measures and report serious incidents.
Both draft decisions were publicly consulted earlier this year. Reactions were received from various sectors and interest groups. In the consultation attention was drawn to the practical feasibility of the rules, the concurrence with existing legislation and the importance of clear definitions. These comments were taken into account when adapting the draft texts. For example, the scope of the decrees has been clarified and some obligations have been elaborated more specifically.
The amended executive orders and accompanying explanatory notes can be viewed in the Draft Cyber Security Decree and Critical Entity Resilience Decree.
The NIS2 and CER directives must be transposed into national laws and regulations by Oct. 17, 2024. The ministries aim to have the decrees come into force at the same time as the corresponding laws.
