The government is holding a public consultation over the Internet regarding a notification duty for security breaches on electronic information systems of vital infrastructure providers in which a breach could result in social disruption (Wet melding inbreuken elektronische informatiesystemen).

Notifications for breaches must be made to the National Cyber Security Center (NCSC) which forms part of the Dutch Ministry of Security and Justice. The purpose of notifying the NCSC is twofold: first it will provide the NCSC with the possibility to assess the impact of a breach, and second the NCSC can provide assistance to the organization concerned and alert others.

The government has various organizations in mind to which these rules should apply. These organizations are, for example, water, electricity, and telecommunication providers, banks, airports, ports, and governmental institutions. The providers and specific products and services to which this notification duty will apply will be appointed by order in council.

Sanctions for non-compliance are currently not foreseen because the government expects voluntary cooperation of the organizations concerned.

This public consultation over the Internet is open until 17 September 2013.  

The consultation document can be found on http://www.internetconsultatie.nl/meldplicht_ict_inbreuken