Businesses are not the only parties experiencing problems with implementing the new European regulations for Network and Information Security (NIS2) and the Critical Entity Resilience Directive (CER). In the Netherlands, the preparations for the consultation on the Dutch implementation of these European directives are already delayed. Dutch outgoing Minister Yeşilgöz-Zegerius of Justice and Security announced this to the Lower House yesterday.

“The transposition of the directives into national legislation requires more time than initially expected,” the minister said in a letter to parliament. She continued: “The draft bills are expected to be submitted for consultation before the summer of 2024. Given the necessary follow-up steps in the legislative process, I conclude that the European Commission’s implementation deadline for both directives, namely October 17, 2024, will not be met.”

This consultation round is one of the steps in the legislative process for strengthening national cybersecurity. “After processing the consultation responses, the bills will be submitted to the Advisory Division of the Council of State for its opinion. I aim to present the bills to your Chamber in the fall of this year,” the minister concluded.

To say that the NIS2 and CES directives are hard to implement would be an understatement. However, the Dutch government could have sent a better signal to the business community by taking the lead in preparing supranational directives it helped initiate.