Blogs / 

ICT service provider for the notarial profession? Don’t forget the Notarial Information Security Code of Conduct!

IT, Privacy & Cybersecurity

5 June 2025

Written by

Michelle Wijnant

Blog Image

In recent years, we’ve seen that new laws and regulations are placing increasingly specific requirements on ICT service providers. Consider, for example, the GDPR (which outlines tasks and responsibilities for the “processor”), the Cybersecurity Act (which mandates supply chain security and directly applies to “business-to-business ICT service providers”), and the AI Regulation (which imposes specific obligations and responsibilities on the “provider”). It’s no surprise, then, that this trend is also reflected in more and more guidelines and codes of conduct, including the Notarial Information Security Code of Conduct (hereinafter: “KNB Code of Conduct”). Given that the Royal Dutch Notarial Association (KNB) had 3.497 members at the beginning of 2025, there’s a good chance that, as an ICT service provider, you count at least one affiliated notary among your clients. This blog outlines what the Code of Conduct means for you as an ICT service provider.

Why is the Code of Conduct relevant for ICT service providers?

The Code of Conduct was issued by the Royal Dutch Notarial Association (KNB) to help notaries take responsibility for information security. Taking on this responsibility means that notaries must critically assess their IT security management, the technical security measures in place, the requirements they impose on their ICT service providers, the agreements made with those providers, and that they must periodically evaluate their ICT service providers.

Which ICT service providers are affected by the Code of Conduct?

The Code of Conduct is relevant for all ICT service providers who, through their products and/or services, have (or may have) access to the information systems of a notary affiliated with the KNB.

What does the Code of Conduct mean for ICT service providers?

As a result of the Code of Conduct, notaries will impose specific requirements on ICT service providers. These requirements may include, depending on the nature of the products and services provided: data protection during transmission (e.g. via email, networks, or internet connections), access rights, security incidents, backups, restore capabilities, malware, patching, updates, monitoring, logging, and the use of OTAP environments.

In addition, notaries will require that contracts include concrete agreements on information security. These agreements will cover the aforementioned requirements, as well as confidentiality obligations, the reporting of security incidents (note: distinct from data breaches), and the extension of security obligations to subcontractors.

Finally, notaries will want to conduct a risk analysis—both during the implementation of the Code of Conduct and periodically thereafter—on the products and services provided by the ICT service provider.

What can you do as an ICT service provider to best support your notary clients?

Familiarize yourself with the requirements of the Code of Conduct and assess whether your products and services comply. If you document this in writing, it can also serve as input for the notary’s risk analysis. Additionally, prepare an addendum to your (standard) contracts that outlines the relevant security requirements.

You may be wondering: why should I go through all this trouble if I’m not a notary myself? Well, among other reasons:

  1. it reduces your own risks by only promising what you can deliver (i.e. whether your ICT products/services comply or not);
  2. you can determine in advance whether to pass on costs or offer an upsell;
  3. taking the initiative in contract negotiations is often to your advantage; and
  4. it demonstrates excellent customer service.

If you need help navigating this “trouble,” our firm is here for you. We have extensive legal expertise in cybersecurity from both the ICT service provider’s and the notary’s perspective, and we are happy to support you.

Questions?

For questions, please contact Michelle Wijnant, Attorney at law in IT, Privacy & Cybersecurity.

Newsletter

Would you like to receive a monthly overview of updates and blog posts in your inbox? Click here to subscribe to the newsletter!