Dutch food companies are gearing up for the implementation of the Cybersecurity Act (Cbw). This law stems from the European NIS2 directive and mandates that more companies take cybersecurity measures. The law aims to enhance cybersecurity in critical sectors, such as the food industry. This means that companies previously not subject to cyber legislation will now have obligations.
A key requirement of the Cbw is that companies must report cyber incidents. The law primarily targets medium-sized and large companies in critical sectors. The size of a company is determined by the number of employees, annual turnover, and total assets. Certain sectors, such as providers of electronic communication networks and government organizations, always fall under the Cbw, regardless of their size. For micro and small businesses, the law applies only if a sector minister decides based on a risk assessment.
The new legislation can also indirectly affect companies not directly subject to the Cbw. Companies that do fall under the Cbw must ensure the security of their entire supply chain. This means they can require additional security measures from suppliers if they impact the Cbw company's network and information systems. Proportionality is a key principle in these supply chain agreements.
The Digital Trust Center (DTC) advises companies to start preparing for the Cbw now. The DTC has consolidated all available information at the NIS2 starting point. Here, entrepreneurs can find background information about the law, tools, and checklists to get started. There are also guidelines for the 10 duty of care measures included in the European directive. These measures provide a sufficient basis for companies to start preparatory actions, while the details of the duty of care measures for the Netherlands are still being finalized.
Dutch food companies face the challenge of adapting to stricter cybersecurity requirements. By taking steps now, they can ensure their networks and information systems comply with the new legislation in time.
Source: Digital Trust Center