Outlines the specific legal consequences of a CVD as they relate to Intrusion into an IT system; Manipulation of IT data; IT forgery and IT fraud; Crimes concerning the secrecy of communications; and Compliance with other legal provisions.

Outlines "good practices" for the content of a CVD and for the overall process of Discovery, Report, Investigate, Deploy a Solution, and (Possibly) Disclose Publicly.

Companies and organizations are urged to publish a “Coordinated Vulnerability Disclosure Policy.” Through sectoral authorities, professional organizations and the Cyber Security Coalition Belgium, they will be informed of significant threats or vulnerabilities. Organizations of Vital Interest will also receive targeted and non-public alerts through the CCB’s Early Warning System (EWS).  Additionally, Belgium has established a legal framework (effective February 15, 2023) providing protections for ethical hackers who report vulnerabilities in good faith, ensuring they are not subject to prosecution under certain conditions.