The Cyberbeveiligingswet (CBW) is the Dutch implementation of the EU NIS2 Directive, setting new cybersecurity and incident reporting rules for essential and important sectors in the Netherlands. It replaces the older Wbni and aims to improve national cyber resilience by requiring organizations to manage risks, report incidents promptly, and make cybersecurity a board-level responsibility.
The law’s purpose is to strengthen the protection of vital services such as energy, health, transport, finance, and public administration, ensuring the Netherlands is better prepared for growing cyber threats.
How does Cyberbeveiligingswet relate to NIS2?
The Cyberbeveiligingswet is how the Netherlands enforces the EU’s NIS2 Directive. While NIS2 defines the overarching European cybersecurity rules, each member state must pass national legislation to apply them. The CBW is that law for the Netherlands. It keeps the same structure and obligations as NIS2, like risk management, incident reporting, and executive accountability, but tailors supervision and implementation to the Dutch context.
The Rijksinspectie Digitale Infrastructuur (RDI) and Nationaal Cyber Security Centrum (NCSC) oversee the law’s enforcement and coordination with sector-specific authorities.
Read more: Cybersecurity frameworks in the Netherlands
What does Cyberbeveiligingswet require?
The Cyberbeveiligingswet introduces several mandatory security and governance obligations. Key requirements include:
- Take proportionate cybersecurity and risk management measures
- Report major cyber incidents within 24 hours (initial) and 72 hours (full report)
- Manage supply chain and third-party cybersecurity risks
- Ensure board oversight and management-level cybersecurity training
- Maintain business continuity and crisis response plans
- Control access, encrypt data, and address vulnerabilities
- Cooperate with national authorities and CSIRTs
- Register as an in-scope entity via mijn.ncsc.nl
How does Cyberbeveiligingswet provide security?
The Cyberbeveiligingswet builds stronger cybersecurity by enforcing risk-based management, proactive incident reporting, and clear governance accountability. It moves organizations from a reactive to a preventive approach, requiring continuous monitoring and response preparedness.
By involving executives directly and mandating cooperation with national CSIRTs, it ensures cybersecurity becomes an integrated part of operations and leadership across all key sectors.
Get the guide: Cybersecurity frameworks in Netherlands
What are benefits of Cyberbeveiligingswet?
- Stronger protection against cyber incidents and business disruption
- Faster response and recovery through structured reporting and crisis planning
- Improved vendor and supply chain security
- Increased trust and credibility with customers and regulators
- Easier alignment with EU-wide cybersecurity standards
Frequently asked questions
Is Cyberbeveiligingswet mandatory?
Yes. Once in force, compliance will be mandatory for all essential and important entities defined by the law.
Why is Cyberbeveiligingswet important?
It protects critical infrastructure and essential services in the Netherlands against increasing cyber threats. By enforcing consistent security standards, it ensures faster incident response and stronger resilience across sectors.
Who needs to comply with Cyberbeveiligingswet?
The law applies to essential and important entities across sectors like energy, health, transport, digital infrastructure, finance, and public administration. Organizations with 50+ employees or over €10M revenue are generally in scope, though smaller critical providers can also be included.
When is Cyberbeveiligingswet in effect?
The bill was submitted in June 2025 and is expected to take effect in Q2 2026. Voluntary registration started in October 2024.
Is Cyberbeveiligingswet supported in Cyberday?
Yes. Cyberday provides full support for managing Cyberbeveiligingswet compliance with ready-made tasks, templates, and tracking features.
Start your free 14-day trial of Cyberday and see how simple Cyberbeveiligingswet compliance can be. Automate documentation, assign tasks, and track readiness in one place.
