Cybersecurity & Cybercrime

The digital landscape is increasingly threatened by advanced hackers and evolving threats. As society relies on complex IT networks and third-party software, vulnerabilities can impact intellectual property, product security, and consumer data.

Artificial Intelligence (AI) and Machine Learning (ML) may well defend against online threats like malware and ransomware, but hackers can also exploit them for cyber attacks like deepfakes and misinformation. Cyber breaches are becoming more complex, threatening critical services and the global economy, and complicating international legal assistance.

New cybersecurity legislation like DORA, NIS2, and CSR, along with expanding regulatory requirements, demand organisations to strategically manage cyber risks. Pragmatic steps are essential to address related business and reputational risks.

NautaDutilh's Benelux Cybersecurity & Cybercrime team specialises in cybercrime, cybersecurity, data protection, privacy, litigation, insurance, reputation management, corporate governance, and regulatory and criminal enforcement. The team offers strategic advice and legal support before, during, and after cyber security incidents. We empower businesses to navigate the cybersecurity digital landscape.

Market focus
Our strong market focus helps us to understand our clients' markets so we can provide proactive advice on strategic issues. We assist major global organisations, banks, insurers, tech companies, and non-profits, offering expertise in the following industries:
Connectivity & (High) Tech
eCommerce
Energy
Finance, Insurance and Banking
Life Science & Health
(Semi)-Public
Highlighted work
Representing companies affected by internet fraud and advising them on cyber incident response, cybersecurity issues and asset recovery.
Representing financial institutions such as a Dutch bank in a major phishing and internet fraud case.
Advising global logistics on cybersecurity, cybercrime and incident response.
What other say
‘Joris Willems is brilliant and a huge asset’ Legal500 2024
‘The team is very knowledgeable, practical and delivers work on time.’ Legal500 2024
‘The team is very knowledgeable and cooperates internally like a charm. Due to the continuing expansion of the team, clients can be assured that continuity is assured.’ Legal500 2024
‘The individuals have made sure that they understand our company, our culture and risk appetite properly before advising us. They are all very motivated and willing to deliver.’ Legal500 2024
‘Very pleasant in meetings, very quick to react to questions and able to simplify complex issues.’ Legal500 2024

Related articles

The Court of Justice to rule for the first time on the interaction between generative AI and copyright: five things you need to know

Do you really need both PSD2 and MiCA licences? EBA issues no-action letter on interplay between payments and crypto-regulations

“Beware of AI”: clarifications given on AI literacy requirements

CSSF aligns outsourcing rules with DORA framework

Defence sector evolving: 5 things you need to know

ESG Matters | April 2025

ESG Matters | March 2025

Healthcare & Life Sciences in 2025: five things to know

Update: European Commission - Sustainability Omnibus Package

European Commission publishes first set of guidelines on AI

AI Act, a new legal standard for artificial intelligence: three key insights

AI literacy under the EU AI Act: three key insights

Technology and the law in 2025: Five things you need to know

The Platform-to-Business (P2B) Regulation under ACM supervision: five things you need to know

Why space law concerns us all

Luxembourg Tech & Data Law: 5 trends for 2025

MiCAR and grandfathering: stuck between a rock and a hard place

Integrity in sustainability: three key insights

Vincent Wellens, Sigrid Heirbrant and Ottavio Covolo in Paperjam on DORA

NautaDutilh contributes Luxembourg chapter in 2024 OneTrust DataGuidance

Software protection under EU copyright law: 5 things to know

Chambers Technology & Outsourcing Guide 2024

Staying ahead in cybersecurity: our CISO’s three key insights

Belgium’s Copyright Act faces CJEU examination after Meta and Google contest

Developments in mass claims & class actions

FT Innovative Lawyers Europe 2024: NautaDutilh recognised for innovative initiatives

NautaDutilh assists L2L in the acquisition of SwipeGuide

The proposed International Sanctions Act: strengthening and expansion of the Dutch sanctions regime

NautaDutilh assists Lineage in the acquisition of Luik Natie

Copyright in the AI Act: 5 things you need to know

Counting down to DORA - Mapping & classification of ICT services ‘supporting’ critical or important functions

Counting down to DORA – governance of ICT risks and board member responsibility

ICT services: comparison of the ESMA and EBA outsourcing guidelines and DORA

NautaDutilh intensifies AI collaboration with Fledger

DMA countdown - Perhaps the most important milestone: gatekeepers must ensure compliance

Counting down to DORA – Mapping and classification of ICT services

Privacy & data in the Benelux: five things you need to know in 2024

Technology and the law in 2024: five things you need to know

Provisional EU agreement leads to stricter rules on anti-money laundering

Counting down to DORA – three key aspects

The interplay between the AI Act and the GDPR

EU AI Act: three key insights on the world's first comprehensive AI law

The Chambers Technology & Outsourcing guide 2023

Q&AI: What financial institutions need to consider when using AI

Luxembourg FDI screening mechanism enters into force

The twin transition of the financial sector: eight key insights

The competition dynamics in relation to cloud services

Green light for EU-US Data Privacy Framework: a new era for transatlantic data flows

NautaDutilh writes Netherlands chapter of the Global Legal Insights on AI, Machine Learning and Big Data 2023

Reverse hybrid rules and tax compliance for partnerships

Upcoming EU legislation on artificial intelligence

NautaDutilh Luxembourg ranked in Chambers FinTech 2023

Best practices for drafting and updating data protection notices

NautaDutilh assists Bluestar Alliance in Scotch & Soda acquisition

Using ChatGPT and other generative AI tools: risks and challenges

The EDPB provides for further guidance on the use of cloud solutions in line with the GDPR

The end-user and its avatar - data integrity risks and ethical challenges in the metaverse

Online platforms and search engines to publish average monthly active recipients (AMARs) in EU by 17 February 2023

GDPR & AML: no longer public access to UBO data without legitimate interest

Digital Markets Regulation: now a reality in the EU

DORA: the forthcoming EU legal framework on Digital Operational Resilience in the financial sector

DORA the EU Regulation

NautaDutilh contributes to Technology Disputes Guide by Lexology

Privacy and security concerns in the metaverse

Data protection impact assessments new EDPS recommendations

Revamped CSSF outsourcing guidance for the financial sector

Technology & the law in 2022: five things you need to know

Luxembourg IP & Technology Law: five things you need to know

NautaDutilh Luxembourg ranked in Chambers FinTech 2022

NautaDutilh assists shareholders of Mepal in investment by 3i

Prohibition of online advertising in a list of e-mails or messages: a misstep by the CJEU?

Why all companies should care about the UN's cybersecurity & software update regulations: Lessons for all sectors

New rules on material IT outsourcing in the financial sector

NautaDutilh contributes to Technology Disputes Guide by Lexology

NautaDutilh contributes to digitalization series by EACCNY

NautaDutilh's IP & Tech Law team recognised by Leaders League

Belgian DPA: fines prohibited in the absence of a prior order to comply?

Europe proposes first-ever statutory framework for AI

Lindsay Korytko in Silicon Luxembourg on IP and contractual protection of APIs in the EU