2021/0333/NL
EC/EFTA
NL Pays-Bas
  • V00T - TELECOM
2021-09-13
2021-06-17

Hardware and software products for the technical infrastructure and equipment of electronic communications networks.

Regulation of the Secretary of State for Economic Affairs and Climate Policy of [...], No WJZ/19188178, establishing detailed rules on the security and integrity of public electronic communications networks and services (Regulation on security and integrity of telecommunications)

This notification concerns the Regulation on security and integrity of telecommunications. This regulation is a further clarification of the duty of care laid down in the Article 13a of the Directive 2002/21/EC (implemented in the Article 11a.1 of the Telecommunications Act (Tw)). The regulation contains security measures (management measures) to be implemented by 1 October 2022 by providers of a public mobile electronic communications network.

The management measures can be divided into different categories:
A. Safe configuration of technical equipment: the purpose of these management measures is to ensure that the network provider is aware of which information processing assets may directly or indirectly affect the confidentiality of the critical data to be protected and protect these assets from unauthorised access and other (advanced) forms of digital abuse.
B. Safe configuration of network infrastructure: the aim of these management measures is to ensure the confidentiality of critical data to be protected and the protection of processing facilities to be protected in the networks of providers.
C. Monitoring of technical infrastructure (monitoring): the aim of these management measures is to ensure that vulnerabilities and incidents that may have an impact on the interests identified by public authorities are recognised and resolved in a timely manner.
D. Security assurance on software and management services: the aim of these management measures is to obtain appropriate safeguards with regard to the security of third-party products and services which may directly or indirectly affect the interests to be protected by the State.
E. Human resource security: the aim of these management measures is to ensure that both internal and external management staff are known to the network provider and are suitable for the performance of (sensitive and/or critical) management activities from a security and reliability point of view.
The requirements thus categorised may contain technical requirements.
Given the importance of protecting national security, a provision on mutual recognition is not possible here.