Specialist in digital network connections
Customization & installation available upon request
Items available from stock and on a back-to-back basis
Order today, delivered tomorrow
Online Store
Online Store
Home cybersecurity

RDI is investigating compliance with the Telecommunications Act  


Compliance with the amended Telecommunications Act  

So what exactly has changed in the Telecommunications Act over the past year? We’ll explain. Last year, the Telecommunications Act was amended to include a reporting and duty-of-care obligation for internet service providers and companies offering other telecommunications services. These changes give internet service providers greater responsibility for identifying cyber threats and ensuring digital resilience. Apart from the new obligations, these stricter requirements also signal preparations for the NIS2 Directive, also known as the Cybersecurity Act.  

What do the duty to report and the duty of care entail?  

The reporting obligation means that internet service providers are required to report any outages or other issues to the RDI as soon as possible. Security incidents must also be reported immediately, so that the RDI can be certain that the appropriate measures are being taken to protect customer data. The duty of care stipulates that an internet service provider must “take appropriate technical and organizational measures to ensure the security and continuity of services.” The goal of the stricter legislation is to minimize security risks as much as possible and ensure that a provider’s services can be restored as quickly as possible following a disruption or other incident. Because incidents are reported quickly, security measures can be improved and greater insight into cyber threats is gained.  

Preparing for the NIS2 Directive  

In addition to the new obligations being imposed on internet service providers, the RDI will also examine preparations for the NIS2 Directive—which will become the Cybersecurity Act in the Netherlands—during its inspections. This is a technological directive established by the European Commission. The law has not yet entered into force, but it is expected to do so sometime next year. The directive sets stricter requirements regarding the security of network and information systems. During inspections, internet providers can therefore expect to be asked how they are already preparing for the Cybersecurity Act!