New Cybersecurity Act Effective July 1, 2026

The new Dutch Cybersecurity Act is expected to take effect on July 1, 2026, as part of the implementation of the European NIS2 Directive. This law introduces stricter cybersecurity requirements for critical and important sectors, including transportation, logistics, ports, and maritime infrastructure.

The European NIS2 Directive extends cybersecurity obligations across the entire supply chain. Not only shipowners, but also operators, shippers, and suppliers must be able to demonstrate that cyber risks have been identified and appropriate measures have been taken.

What does this mean for the maritime sector?

For the maritime sector, this represents a significant shift. Due to rapid digitalization, ships, ports, and logistics chains are becoming increasingly interconnected. As a result, cyber incidents can have a more direct impact on operational continuity, making cybersecurity an even more pressing issue for the entire sector.

Under the law, organizations must comply with the following requirements:

Verifiable risk management and cybersecurity governance
Incident detection and mandatory reporting of cyber incidents
Safeguard the security of suppliers and supply chain partners
Management-level accountability

As a result, cybersecurity is shifting from a supporting IT function to an integral part of strategy and operations within maritime organizations.

NIS2 in maritime operations

In practice, NIS2 requires that ships in critical sectors, such as energy and transportation, must be able to demonstrate that cyber risks have been identified and that both IT and operational technology (OT) are adequately secured. This applies not only on board, but also to digital connections with shore-based operations and supply chain partners.

Within this context, the interplay between IT and OT is becoming increasingly critical. Solutions that provide continuous insight into onboard systems while simultaneously detecting and recording incidents thus form an important foundation for NIS2 compliance.

NIS2-compliance support

MDM supports maritime organizations in this transition with MDM-PROTECT, a compact onboard cybersecurity unit that monitors all onboard network traffic 24/7.

MDM-PROTECT directly addresses the most critical cybersecurity requirements within the maritime sector:

Continuous monitoring of IT and OT systems on board
Real-time detection and blocking of cyber threats
Incident logging and documentation
Monthly reports for authorities and supply chain partners
Insight into cyber risks within the maritime environment
Support in translating NIS2 requirements into practice

Cyber resilience as a foundation

With the introduction of the Cybersecurity Act, cyber resilience is becoming a prerequisite for business continuity in the sector. Organizations that invest in secure digital infrastructure now will be better prepared for future regulations and an increasingly interconnected maritime supply chain.

Would you like to know what the Cybersecurity Act means for your organization? Contact MDM.