The Dutch government has submitted 2 bills to the House of Representatives: the Critical Entity Resilience Act (Wet weerbaarheid kritieke entiteiten), which transposes the EU CER Directive into national legislation, and the Cyberbeveiligingswet (Cbw), which implements the NIS2 Directive. Together, these laws aim to enhance the resilience of EU member states against evolving threats.
Entry into force
In February 2025, the Council of State reviewed both bills, which have now been forwarded to the House of Representatives. Following the House of Representatives’ approval, the Senate will review them. The anticipated entry into force has been revised to the second quarter of 2026, contingent on the advancement of parliamentary discussions regarding the bills.
Preparation
Until the directives CER and NIS2 come into effect, organisations have no obligations. However, specific provisions of the NIS2 directive are already in force. For instance, organisations can seek assistance from a Computer Security Incident Response Team (CSIRT). The central government is urging organisations to prepare for the new legislation, as the risks organisations face are already present.
More information
For more information on preparing for the Cbw and the Critical Entity Resilience Act, please view the following documents:
