Reporting cybercrime (Wbni act)
Do you offer digital services or do you supply essential services? You need to take measures to protect your business from cybercrime. In case of a cyber security incident you must report this. This is regulated in the Act on the security of networks and information systems (Wet beveiliging netwerk- en informatiesystemen, Wbni), the Dutch implementation of the EU's NIS-directive.
When are you a digital services provider?
A Digital Service Provider (DSP), is a legal entity that supplies 1 or more of these services:
- electronic (online) marketplace
- cloud service
- search engine
As a DSP you are subject to the Wbni act if you meet these criteria:
- Your company has its headquarters or a representation in the Netherlands.
- You have at least 50 employees.
- Your total assets or your yearly turnover amounts to over €10 million.
When are you a supplier of essential services?
You are considered a CSIRTs Network operator if this service is essential to Dutch society, such as:
- gas production and distribution
- drinking water supply
- transport
- financial transactions
If you are considered part of the critical infrastructure the Ministry of Economic Affairs and Climate Policy will let you know.
Duty of care: protection from cybercrime
You must ensure you have the right security measures and products to protect your company from cybercrime. For instance, protection against viruses, malware, and ransomware. You must prevent damage to networking and information systems.
Duty to report cybercrime
Has your company encountered a cybersecurity incident? And does this incident have major consequences? Or are your ICT systems damaged to such an extent that you can no longer provide your services? You always must report this to:
and
- CSIRT-DSP, an agency of the Ministry of Economic Affairs and Climate Policy for digital service providers
- the Dutch Authority for Digital Infrastructure (Rijksinspectie Digitale Infrastructuur) for suppliers of essential services (in Dutch, scroll down for notification forms in English)
This article is related to:
Amendments
External links
- Cyber security (National Coordinator for Security and Counterterrorism, nctv.nl)
- National Cyber Security Centre (NCSC)
- CSIRT-DSP (Cyber Security Incident Response Team for Digital Service providers)
- Video cybersecurity (Wbni) in English (Dutch Authority for Digital Infrastructure)
- Shaping Europe’s digital future - NIS Directive (European Commission)
- Critical infrastructure (protection) (National Coordinator for Security and Counterterrorism, nctv.nl)
- Brochure Notification obligation for digital service providers (Dutch Authority for Digital Infrastructure)