New cyberlaws in 2026: what you must know
- KVK Editors
- The basis
- 17 October 2025
- 1 min
- Managing and growing
- Rules and laws
Two new cyberlaws come into force in 2026. Every entrepreneur may have to deal with them. If you import digital products, for example. Or if you work for a business in a vital sector. Read here if the laws apply to you and how to prepare for them.
Cyber Magazine SECURE IT!
Cyber magazine SECURE IT! contains tips and information on how to secure your business online.
These laws come into force next year:
Cyber Resilience Act (CRA)
This European law deals with secure digital products. Do you make or import digital products? Or software or smart devices? Then you will have to: Â
- report serious security problems and misuse as soon as possible (from 11 September 2026 onwards).
- comply with new security requirements, for example delivering security updates (from 11 December 2027).
In the Netherlands, the CRA is also referred to as the Verordening cyberweerbaarheid.
Cybersecurity Act (Cbw)
The Cyberbeveiligingswet (Cbw) is the Dutch term for this European rule: the NIS-2. The Cbw applies in particular to companies in a vital sector, for example energy suppliers, hospitals, or banks. When such a business faces a cyberattack, it has a big impact on many people. Are you a supplier to a vital business? Then, according to the Cbw, you must be able to prove that your systems are cybersecure. Use this  (in Dutch) to find out if this applies to you.
The Cbw is likely to take effect in spring 2026.
How can you prepare?
Is your business affected by the new laws? Get to know exactly what this means for your business in advance so that you are well prepared:
- Prepare for the CRA with the Cyber Resilience Act  (in Dutch) of the Ministry of Economic Affairs.
- Read this article to prepare for the Cbw.
Even if you are not covered by the new cyber laws, it is smart to pay attention to your cybersecurity. For example, use strong passwords, two-step verification and do regular updates.
