Read this quarter’s Intermedia here

8th October 2024

IIC Brussels Chapter Meeting: Final Countdown – Preparing for the NIS2 Directive and its Implementing Act

Chapter Meetings

Date: Tuesday 8 October 2024
Time: 15:15 – 17:30 CET, followed by a networking reception

Please note the meeting will be held in English.

This IIC Brussels Chapter meeting will bring together representatives from the European Commission and the Cybersecurity Centre – Belgium to explore the business implications of the NIS2 Directive. With the application date of 18 October 2024 fast approaching, the meeting offers a timely opportunity for companies that are gearing up for NIS2 compliance—whether they are intensifying efforts to meet their obligations or refining their compliance strategies.

As a key element in the EU’s cybersecurity regulatory landscape, the NIS2 Directive introduces several significant changes. These include new obligations related to addressing supply chain risks, the potential liability of management body members or other individuals, and clarifying the jurisdiction of the EU Member State where the ‘main establishment’ of certain entities (such as social networking service platforms and online marketplaces) is located.

In addition to covering these updates, the speakers will delve into the specific cybersecurity risk-management measures and multiple-stage incident reporting requirements introduced by the Directive. The discussion will also touch on the NIS2 Implementing Act, which provides detailed requirements, including thresholds for reportable incidents, for certain entities.

Lastly, the meeting will consider the current state of the Directive’s transposition across EU Member States and explore how the NIS Cooperation Group might contribute to further aligning or clarifying cybersecurity legislation implementation throughout the EU.

Join us if you operate in one of the sectors listed in this major piece of cybersecurity legislation, including online marketplaces, cloud computing services, digital infrastructure, ICT service management, manufacturing or digital providers sectors, or provide services to such companies, to receive practical insights and the latest updates on the status of the NIS2 implementation.

Registration is now open.

Please click here to register.

We had a great host and scene setter regarding the NIS2 Directive and the draft NIS2 Implementing Regulation from McDermott Will & Emery followed by an interesting Q&A session with the speakers and audience. The main points raised were as follows:

  1. While the EU Member States need to transpose the NIS2 Directive by 17th October 2024, only a few of them have done so at present. Belgium has fully transposed the NIS2 Directive into its national legal order and the Belgian NIS2 law is effective as of 18th October 2024.
  2. Companies falling within the scope of the Belgian NIS2 law will have time to comply with the obligations stemming from the law gradually, depending on the type of company (important or essential). Nonetheless, it is key for companies to show they are preparing to comply and building up or adapting their cybersecurity-risk management measures.
  3. Some concern was expressed that not all EU Member States may allow companies a progressive timeline to foster proper compliance. Some noted that there had been often a misconception that the tech industry is already compliant with any tech requirements and does not need transition periods.
  4. The Belgian competent authority, the Cybersecurity Centre – Belgium, has published a host of useful resources on its website to help companies steer their compliance efforts. The Centre is also organizing webinars to that effect.
  5. The draft NIS2 Implementing Regulation, that will be applicable to a number of digital industries, should be adopted any time soon. The draft Regulation was revised to address some of the concerns expressed, among others, by respondents to the public consultation.
  6. Among the cybersecurity-risk management measures, an important measure that stands out it the security of the supply chain. It was stressed that the measures need to be seen and implemented in the context of a company’s risk assessment.
  7. Another novelty of the NIS2 Directive is the introduction of the accountability of top management. The intention is to ensure that cybersecurity is a board room issue. Cybersecurity requires a holistic approach that goes beyond a single IT department (as may have been the case in the past for some companies).
  8. The NIS2 Directive sets out only the main rules regarding accountability of top management. It is up to EU Member States to outline specifics (e.g., which body of the entity is responsible, if they can delegate anything to some extent, etc.).
  9. It was suggested that before adopting new laws, enough time is given to allow currently applicable laws to demonstrate whether they are effective enough to address the issues they meant to tackle.
  10. The NIS2 Directive is a great tool, and now it is time to focus on compliance to boost the cybersecurity posture of the industry across the EU.

Speakers

Elias Papadopoulos Policy Director, DOT Europe

Elias is the Policy Director at DOT Europe where he oversees the association’s various workstreams and provides strategic advice on positioning and outreach activities. He also works on horizontal issues and contributes to the wider strategy of the association. Before joining DOT Europe, he worked for a decade in public affairs consulting, where he represented large multinational firms, as well as trade and professional associations focusing, but not limited to, the tech sector. He has covered a range of policy areas, such as cybersecurity, data, AI, consumer protection, taxation and tourism, with a focus on technology industry stakeholders. Elias has substantial experience in devising public affairs strategies and executing advocacy campaigns, as well as advising stakeholders on potential risks and opportunities stemming from EU policy.

Rosa Barcelo Partner, McDermott Will & Emery; Chair, IIC Brussels Chapter

Rosa Barcelo was appointed Partner, McDermott Will & Emery in April 2022.

Rosa Barcelo has nearly 20 years of experience in European data protection and privacy, including expertise in compliance and policy. Her experience covers diverse sectors and is drawn from working in private practice, as well as in public service with the European Data Protection Supervisor (EDPS) and the European Commission.

Rosa Barcelo advises clients on data protection and privacy, including compliance with the GDPR and the e-Privacy Directive. She has a particular focus on cutting-edge ICT issues, including AI, machine learning, autonomous vehicles, programmatic advertising and online tracking technologies.

Prior to McDermott Will & Emery, Ms Barcelo was Partner and Deputy Co-Chair, Data Privacy & Cybersecurity Practice Group, Squire Patton Boggs.

Ms Barcelo was also Deputy Head of Unit of the Cybersecurity and Digital Privacy Unit of DG CONNECT in the European Commission, where she led legislative deliberations over the proposed e-Privacy Regulation.  During her tenure with the European Commission, Ms Barcelo also worked in the Data Protection Unit where she was responsible for international data transfer issues (BCRs and adequacy decisions). Ms Barcelo’s work with the office of the EDPS focused on a wide range of ICT-related issues. In these roles, Ms Barcelo worked closely with national supervisory authorities participating in the former Article 29 Working Party (now the European Data Protection Board).

Ms Barcelo has also worked in academia and as a private lawyer in the Brussels offices of various international law firms, where she advised on EU privacy and data protection issues, as well electronic commerce and technology laws.

Ms Barcelo is a frequent lecturer on data protection, privacy and cybersecurity.

Valéry Vander Geeten Head of Legal, Centre for Cybersecurity Belgium (CCB)

Valéry Vander Geeten is the Head of Legal, policy officer and DPO of the Centre for Cybersecurity Belgium (CCB), which is a Belgian federal public administration under the authority of the Prime Minister.

The CCB is the competent cybersecurity authority and national Computer Security Incident Response Team (CSIRT) in Belgium under the NIS2 Directive.

Valery is also actively involved in the work of the NIS Cooperation Group.

Vinzenz Heussler Policy Officer, European Commission, DG CNECT, Unit H2 Cybersecurity and Digital Privacy Policy

Vinzenz Heussler is working in the European Commission’s Directorate-General for Communication Networks, Content and Technology (CNECT) where he is Policy Officer in the unit for Cybersecurity and Digital Privacy Policy, a unit in charge of delivering groundbreaking files such as NIS 2 Directive and the Cyber Resilience Act. He is working for a stronger EU cybersecurity policy by designing, coordinating, and implementing policy and legislative initiatives in the field of cybersecurity, with a focus on the implementation of the NIS2 Directive aiming to step up the cybersecurity resilience of Europe’s critical infrastructure and industry across many sectors. Previously, he was Head of the Office for Strategic Network and Information Security in the Austrian Federal Chancellery.

Event details
Date:
8th October 2024
Location:
Brussels, Belgium
Region:
Europe
Chapter:
Brussels
McDermott Will & Emery Belgium LLP
Avenue des Nerviens 9-31
1040 Brussels
Belgium

Upcoming Events

View All
19th February 2025
IIC Small Nations Regulators Forum – Dealing with Non-Compliant Actors Location: Virtual Core Event: Virtual Meetings
18th - 19th March 2025
Europe Digital Communications and Media Forum 2025 Location: Brussels, Belgium Core Event: Digital Communications and Media Forum (DCMF)
  • Virtual Meetings
  • Digital Communications and Media Forum (DCMF)
Back to the top

The IIC is the world's only policy debating platform for the converged communications industry

We give innovators and regulators a forum in which to explore, debate and agree the best policies and regulatory frameworks for widest societal benefit.

Insight: Exchange: Influence

We give members a voice through conferences, symposiums and private meetings, as well as broad exposure of their differing viewpoints through articles, reports and interviews.

The new website will make it easier for you to gather fresh insights, exchange views with others and have a voice in the debate

Take a look Learn more about our updates
Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The International Institute of Communications website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.