Cybersecurity and law



Introduction


Our infrastructure is highly dependent on digital processes. IT incidents can therefore disrupt society.

Extensive digitalization, including the increase in the number of remote workers, the rise of the Internet of Things (IoT), and cloud computing, has led to more (successful) digital attacks. AI is also being increasingly deployed by cybercriminals, and the trend is that they are also targeting cloud services and mobile devices more frequently.

Nevertheless, there is still little awareness regarding cybersecurity at many companies. It is not (yet) a standard part of senior management/the board.


Increase in cybersecurity regulations

Cybersecurity is an important theme for the EU in 2026; Europe must be digitally resilient ('cyber resilience'), also to remain competitive with the US and China.

In recent years, various new (European) legislation has been introduced in the field of cybersecurity. Examples include the Cyber Resilience Act (CRA), the Cybersecurity Act, the Digital Operational Resilience Act (DORA), and the NIS2. In the Netherlands, the NIS2 will be implemented via the Cyberbeveiligingwet (Cbw).

This leads to an increase in 'cyber obligations' for many companies across various sectors. The government (such as municipalities and provinces) also faces additional regulatory pressure. The Cybersecurity Act obliges companies and the government to adequately secure their IT systems, report significant IT incidents, and make specific contractual agreements with (IT) suppliers. The board must supervise these matters and can be held liable.

One must be fully aware of these new cybersecurity laws and regulations in the event of a serious IT incident (e.g., a cyberattack). Understanding the legal cybersecurity landscape is essential for Incident Response.








Our Specialists

The lawyers at De Vos & Partners specialize in IT law, more specifically regulations in the field of cybersecurity and privacy. They can help you navigate the complex landscape of laws and regulations in the field of cybersecurity. This includes advice on applicable regulations, the assessment or drafting of contracts, and support in setting up the reporting process and submitting reports to supervisory authorities. Furthermore, our lawyers can provide you with legal support regarding incidents and potential (damage) claims.

Jasper is een ervaren advocaat met een internationale praktijk op het gebied van IE/IT, privacy en cybersecurity. Big tech bedrijven, multinationals en het MKB vragen om zijn advies en bijstand op het gebied van IT-recht, waaronder privacy & cybersecurity regelgeving. Hij adviseert hen ook over de juridische (on)mogelijkheden om cybercrime aan te pakken en illegale software en namaakproducten te bestrijden. In 2018 heeft Jasper de Grotius specialisatieopleiding ‘Informaticarecht’ voltooid. Over de onderwerpen cybersecurity en privacy zijn meerdere publicaties van hem verschenen in het bekende juridische tijdschrift 'Computerrecht'. Jasper geeft jaarlijks een cursus over Cybersecurity & Recht bij de Academie voor de Rechtspraktijk (AvdR). Hij is daarnaast lid van Vereniging Informaticarecht Advocaten (VIRA) en het internationale netwerk van IT-juristen genaamd ‘ITechLaw’. Jasper is een vlotte, toegankelijke advocaat, met een passie voor housemuziek & vinyl en sport. Bij het beoefenen van die hobby’s voeren gedrevenheid en perfectionisme de boventoon. De combinatie van die eigenschappen samen met een pragmatische aanpak maken Jasper tot een ideale advocaat voor diverse (middel)grote ondernemingen en ondernemers.

Jasper Hulsebosch

Partner 

Dennis van Beem

Partner

Bente van den Beuken

Lawyer
Contact us

..Our services

Quickscan Cybersecurity

IT contracts

Incident Response

Assistance & advice