Financial Crime World

Belgium’s Cybersecurity Framework Undergoes Major Overhaul

=====================================================

European Union Sets Deadline for Member States’ Compliance

The European Union has set a deadline of October 2024 for member states to align their cybersecurity frameworks with new directives. In response, Belgium is amending its existing laws and regulations to ensure compliance.

Revisions to the Cyber Security Act (CSA) of 2019

Belgium’s CSA of 2019 will be revised to incorporate the requirements of Directive (EU) 2022/2557 on the resilience of critical entities (RCE Directive). This directive aims to enhance the cybersecurity of operators of essential services and digital service providers.

Updates to the Critical Infrastructure Act (CIA)

Belgium is also updating its CIA to reflect the broader scope of the RCE Directive. The CIA, which regulates the protection of critical infrastructure, will now extend its reach beyond energy and transportation to include the financial and electronic communications sectors.

Key Requirements Under the Revised Framework

  • Operators of essential services and digital service providers must implement suitable and proportionate technical and organisational measures to mitigate risks that may compromise the security of their network and information systems.
  • Establish a security plan (Business Process Entity - BPE) that incorporates incident prevention and handling procedures.
  • Implement measures to protect employees’ personal data and ensure that their devices do not compromise company security.

Centre for Cybersecurity Belgium (CCB)

The CCB will serve as the single point of contact for all cybersecurity matters, providing authorities with the necessary tools and powers to enforce compliance.

Stricter Confidentiality Requirements

Professionals working in the cybersecurity sector will be subject to stricter confidentiality requirements under the Whistleblower Act.

Timeline for Compliance

The revised framework is expected to come into effect by October 2024, giving companies a two-year window to comply with the new regulations.