News item | 10-03-2025 | 13:37
The internet consultation of the draft Implementation Act Regulation Cyber Resilience was started on 7 March 2025. This bill regulates the implementation of the Cyber Resilience Regulation, or Cyber Resilience Actin the Netherlands. The consultation period runs until April 6, 2025.
Consumers, companies and other organizations in the EU must be able to trust that the digital products they use are safe. This is also important for the digital resilience of Europe. The European Cyber Resilience Regulation (or Cyber Resilience Acthereinafter: CRA) therefore introduces cyber security requirements for all products with digital elements. This concerns hardware, software and individual components that are offered on the market in the European Union from 11 December 2027. From September 11, 2026, a reporting obligation to actively exploited vulnerabilities and serious incidents applies to manufacturers of these products. The regulation has direct effect and is therefore not converted into national legislation. However, it must be determined in an Implementation Act who is designated for the implementation, supervision and enforcement of the CRA in the Netherlands, and the corresponding penalty powers and legal protection must be regulated.
You can respond to the draft bill in which these matters are arranged:
- In the law, in practice, the Minister of Economic Affairs, the National Inspectorate for Digital Infrastructure (RDI), is designated as authority responsible for the procedure to assess, register and monitor conformity assessment authorities. The bill stipulates that the assessment and monitoring of these authorities must take place through accreditation.
- In addition, supervision and enforcement in the proposal is invested with the Minister of Economic Affairs (RDI), as a National Market Supervision Authority, which is given the power to impose administrative fines with the maximum size prescribed in the Regulation in the event of a violation.
- A appeal procedure for the decisions of the market supervisor is also set up.
- Finally, it becomes national Cyber Security Center (NCSC) in the draft proposal designated as the Computer Security Incident Response Team (CSIRT) that will be taxed with the design and implementation of the reporting counter for the reporting obligation in the event of active vulnerabilities and serious incidents.
Participate in consultation
From March 7 to April 4, 2025, everyone can Respond to the draft Implementation Act Regulation Cyber resilience. The purpose of the consultation is to involve stakeholders in the establishment of this Implementation Act. After the consultation period, all responses are viewed and, where necessary, processed in the Implementation Act.
Look at Government.nl to view the draft Implementation Act To participate in the consultation.
Online information session on March 25, 2025
The Ministry of Economic Affairs is organizing an online information session on Tuesday 2 March 2025 from 3:00 pm to 4:30 pm through teams about the draft Implementation Act and the CRA. You can register and pass on any questions in advance by sending an e-mail.