Government Websites Will Not Reach Desired Information Security Standards Until 2030, Forum Standardization Concludes

The Standardization Forum is committed to IT standards and has concluded that government websites will not reach the desired information security standards until 2030. Four out of ten government domain names do not yet comply with the statutory rules set out in the recently introduced Digital Government Act.

Rising Adoption

The Standardization Forum measured that only 56 percent of domain names meet all website standards, while half adhere to appropriate email standards. The deadline for this was already at the end of 2021, although not everything is mandatory. This percentage is also growing far too slowly, so that full compliance with the adoption agreements is not expected until 2030.
Nevertheless, the Standardization Forum indicates that progress can certainly be seen at some ministries, although there is room for improvement at municipal level. “The Ministries of the Interior and Kingdom Relations (BZK) and Economic Affairs and Climate (EZK) show a large increase in adoption compared to the previous measurement. The targeted approach of these ministries, which is based on the approach of the Ministries of Health, Welfare and Sport (VWS) and General Affairs (AZ), can be used as an example of an effective approach. Full adoption, including non-mandatory standards, can be seen at a number of local governments. This concerns the municipalities of Aalten, Bergen (L), Bergen op Zoom, Bronckhorst, Doesburg, Doetinchem, Staphorst and Zuidplas.”

Plan of Action

Because a clear internal guideline apparently produces results, the Standardization Forum insists on a plan of action. However, July 1, for example, will undoubtedly come too soon for some websites to comply with HTTPS and HSTS adoption legislation. These standards would guarantee that the “information exchange is confidential” through a secure connection, according to an official announcement by State Secretary Van Huffelen on 11 May.
The Standardization Forum is committed to IT standards and is determined to ensure that government websites reach the desired information security standards. The recently introduced Digital Government Act has not been enough to persuade government service websites to adopt the privacy and security-related measures that this Act establishes.
Only 56 percent of domain names measured meet all website standards, while half adhere to appropriate email standards. This percentage is growing far too slowly, so that full compliance with the adoption agreements is not expected until 2030.
Progress can be seen at some ministries, although there is room for improvement at municipal level. The targeted approach of the Ministries of the Interior and Kingdom Relations (BZK) and Economic Affairs and Climate (EZK) can be used as an example of an effective approach. Full adoption, including non-mandatory standards, can be seen at a number of local governments.
The Standardization Forum insists on a plan of action to ensure that websites comply with HTTPS and HSTS adoption legislation. These standards would guarantee that the “information exchange is confidential” through a secure connection.
It is clear that the Digital Government Act is not enough to persuade government service websites to adopt the privacy and security-related measures that this Act establishes. The Standardization Forum is committed to IT standards and is determined to ensure that government websites reach the desired information security standards by 2030.