Legal frameworks and codes of conduct
Your institution is required to comply with the laws and regulations. National and international legal frameworks and codes of conduct exist that contribute to the security of the Netherlands. Collaboration with international partners must take place within ‘rigid’ frameworks. Relevant legislation and regulations are also currently in preparation. Additionally, we turn our attention to codes of conduct that have been developed within the knowledge sector and that provide guidance and can be helpful for the purposes of decision-making.
- Your institution must comply with legislation and regulations to prevent and address threats. For example, within the European Union, there are strict rules for the export of dual-use products and technology that have both military and civil applications. They include all forms of transfer, and thus also digital transfer, such as by email or cloud services. Basic scientific research and technology that is already in the public domain is exempt from export controls. In case of uncertainty about whether the export rules apply, a classification request can be submitted to the Central Import and Export Office (CDIU).
- In addition, international sanction regimes are in place against certain countries, organisations and individuals. The current overview is available at www.sanctionsmap.eu. The sanctions against North Korea and Iran are particularly relevant to knowledge institutions, as they form the foundation for the enhanced supervision that applies to a number of disciplines.
- The Dutch government is developing measures to further increase the scope for action for knowledge institutions and government bodies. For example, the government is developing an assessment framework that provides a targeted assessment of individuals seeking access to domains of knowledge with a high risk to national security. When this framework will come into force is currently unknown.
- In addition, in June 2023 new obligations came on foreign investments, mergers and takeovers. This Vifo Act (in Dutch) focuses on vital suppliers and organisations that have access to sensitive technology.
- Various codes of conduct on knowledge security exist as well. Although they are non-binding, they do provide direction. Examples include the Universities of the Netherlands (UNL) knowledge security framework and the European Commission’s EU guidelines on tackling foreign interference. Several countries have since elaborated similar codes of conduct. These codes facilitate conversations about knowledge security with foreign partners.