On 1 October 2024, the Promotion of Digital Resilience Companies Act entered into force. The Act aims to improve the digital security of non-critical businesses against cyber threats. The Act tasks the Minister of Economic Affairs and Climate with responsibilities regarding research and analysis, information and advice, and data sharing. According to the Act, the Minister is responsible for analysing and researching data related to vulnerabilities, threats, and incidents that could affect the network and information systems of companies, must inform and advise businesses on potential vulnerabilities, threats, and incidents, and should share data obtained with businesses to help them mitigate risks. Confidential business data can only be shared under strict conditions to ensure privacy. The law also exempts such data from public disclosure rules unless it concerns environmental information.
Original source