Read the letter here (Dutch).

The Netherlands, like many other EU Member States, is still in the process of implementing the NIS2 Directive (and the CER Directive for Critical entities resilience) into national law.

Earlier this year, the Cabinet submitted the draft Cyber Security Act (Cyberbeveiligingswet) and the accompanying Cyber Security Decree for consultation, and then sent it to the House of Representatives. These documents revealed that, in the meantime, a new authority had been introduced for ministers, namely to prohibit the use of certain products and services from specific suppliers in the interests of national security.

Shortly after the summer, questions were asked in the House, which have now been answered (Dutch) by the Minister of Justice and Security. However, this has done little to allay some concerns. It is not that we dispute the need for such an authority, but rather the way in which it is currently being implemented in lower-level legislation, which in principle can be amended without parliamentary approval.

That is why CIO Platform Nederland, together with VNO-NCW and other organisations, is sounding the alarm. Specifically, we call on Parliament not to leave the establishment, and any future amendments, of this far-reaching authority to the Cabinet without parliamentary approval. To this end, the House of Commons can request a preliminary consultation procedure for the Cyber Security Decree and the subordinate regulations.