Cybersecurity—Belgium—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity—Belgium—Q&A guide
  • 1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?
  • 2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?
  • 3. Has your jurisdiction adopted any international standards related to cybersecurity?
  • 4. What are the obligations of responsible personnel and directors to keep informed about the adequacy of the organisation’s protection of networks and data, and how may they be held responsible for inadequate cybersecurity?
  • 5. How does your jurisdiction define cybersecurity and cybercrime?
  • 6. What are the minimum protective measures that organisations must implement to protect data and information technology systems from cyberthreats?
  • 7. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to intellectual property?
  • 8. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to critical infrastructure or specific sectors?
  • 9. Does your jurisdiction have any cybersecurity laws or regulations that specifically restrict sharing of cyberthreat information?
  • More...

Cybersecurity—Belgium—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to cybersecurity in Belgium published as part of the Lexology Getting the Deal Through series by Law Business Research (published: February 2021).

Authors: NautaDutilh—Peter Craddock; Camille De Munter

1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?

While there are no dedicated cybersecurity laws, some laws contain general provisions relating to cybersecurity, such as: the Criminal Code (CC), which notably implements the Budapest Convention on Cybercrime and includes provisions on professional secrecy; the EU General Data Protection Regulation 2016/679 (GDPR); and the Act of 30 July 2018, which supplements the GDPR. There are specific rules for certain sectors or activities, including:

  1. essential services: the Act of 7 April 2019 (the Network and Information Systems Act (the NIS Act)) and the Act of 1 July 2011 (the Critical Infrastructures Act), which implement respectively Directive (EU) 2016/1148 on security of network and information systems (the NIS Directive) and Directive 2008/114/EC on European critical infrastructures;

  2. the telecommunications sector: Commission Regulation (EU) No. 611/2013 and the Act of 13 June 2005 (the Act on Electronic Communications (AEC)), implementing the ePrivacy Directive (2002/58/EC);

  3. trust service providers (TSPs): the eIDAS Regulation (Regulation (EU) No. 910/2014); and

  4. payment service providers (PSPs): the PSD2 Act of 11 March 2018 on payment services (implementing the Payment Services Directive (Directive

Popular documents