Become a partner

This system of partnerships allows us to share knowledge, information and support in the field of prevention, detection as well as response more widely, effectively and efficiently. As a result, as many organisations as possible in the Netherlands can become more resilient to digital threats and cyberattacks. Should things go wrong nonetheless, they can get back on their feet again more quickly. We can only share information with CERTs, CSIRTs and other partnerships that have been designated by the NCSC.

Starting a partnership

To become a partner, you must first have a CERT or CSIRT (computer crisis team) or other partnerships. The NCSC will advise you on how to start a partnership or sectoral CERT.

Further details on starting a partnership

Starting a partnership with the NCSC

To enter into a partnership, there is an initial test of whether your partnership satisfies the statutory conditions. We will check the role of the partnership in informing the public and the way in which confidential information is handled. Four types of partnerships with which we can share information are distinguished within the framework of the Network and Information Systems Security Act (Wbni):

  • organisations that have an objectively recognisable task to inform the wider public;
  • designated national computer emergency response teams (CERTs or CSIRTs);
  • CERTs that have been designated by ministerial regulation;
  • providers of Internet access to inform their users.

Why become a partner?

The NCSC has knowledge and information that is relevant as well, including threat information or current vulnerabilities. It can only share this information with other organisations under certain conditions. If your organisation satisfies the assessment criteria, the NCSC can share this information.

Partnership test

We conduct a test to determine whether your partnership can be designated by the NCSC pursuant to Section 3.2 of the Wbni. When doing so, we test your organisation using the following questions:

  • Is the aim of your organisation to inform other organisations or the public about incidents and threats?
  • Can your organisation guarantee the confidentiality of information that you receive?
  • Do you legitimately process the data received, i.e. in accordance with the GDPR, and only for the purpose for which they were issued to you?

More information?

If you would like more information about assessment and designation pursuant to Section 3.2 of the Wbni, or if it could be useful for your partnership to collaborate with the NCSC, please send an email to