The Dutch Ministry of Security and Justice has submitted a revised bill covering the obligation to report serious ICT breaches. The bill is now open to a consultation process that will run until 6 March. The bill includes rules on how to process data for the ministry as regards to cybersecurity. The obligation to report will only cover providers of products or services that are of vital importance to Dutch society.
Reports will be processed by the National Cyber Security Centre (NCSC), part of the ministry. The main purpose of the reporting obligationis to help the NCSC better assess the risks associated with any ICT breach and then assist the party or parties affected. The rules on data processing will strengthen the legal process and clarify the provision of confidential data by the NCSC to third parties.