Skip to content
Vectel
Support/Compliance and regulations

What changes with the Dutch Cyber Security Act?

The Cyberbeveiligingswet is the Dutch implementation of NIS2. Track NCSC for the exact effective date and the lower regulations.

Try this first

  1. 1Three pillars match NIS2: duty of care, notification duty, and board responsibility.
  2. 2Duty of care means technical and organisational measures proportional to risk, documented like an ISMS.
  3. 3Notification: significant incidents go to CSIRT and the supervisor within the statutory window. Confirm timing via NCSC.
  4. 4Board responsibility: directors must adopt and follow the policy, train, and can be personally liable. Record the decision in board minutes.
  5. 5Follow the bill via tweedekamer.nl and NCSC for the final date and secondary rules.

When to bring us in

Essential entity with no ISMS in place yet? You will not make it solo. Bring in external help early.

See also

None of the above fits?

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.

Who are you?

For the AI question we need your email and company, so we can follow up if the AI gets stuck, and to prevent abuse.

Limited to 2 questions per hour and 5 per day, kept lean so the AI stays useful. For more, contacting us directly works better for you and us.

Or skip the DIY entirely

Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.

Bring us inHow Managed IT works