The bills for the Cybersecurity Act (Cbw, in Dutch) and the Critical Entity Resilience Act (Wet weerbaarheid kritieke entiteiten) have been submitted to the House of Representatives. These laws transpose the European NIS2 and CER directives into national legislation. The aim is to strengthen the resilience of EU member states against threats.
Entry into Force
In February 2025, the Council of State reviewed both bills, which have now been forwarded to the House of Representatives. Following the House of Representatives’ approval, the Senate will review them. The anticipated entry into force has been revised to the second quarter of 2026, contingent on the advancement of parliamentary discussions regarding the bills.
Preparation
Until the directives CER and NIS2 come into effect, organisations have no obligations. However, specific provisions of the NIS2 directive are already in force. For instance, organisations can seek assistance from a Computer Security Incident Response Team (CSIRT). The central government is urging organisations to prepare for the new legislation as the risks organisations face are already present.
More information
For more information on preparing for the Cybersecurity Act and the Critical Entity Resilience Act, please view the following documents:
