Belgium DMARC & MTA-STS Adoption Report 2025
Brussels is the hub of EU institutions, global headquarters, and Belgium’s principal cyber-talent pool. This has turned Brussels, and the country as a whole, into a cluster of solution integrators, incident-response firms, and research laboratories.
Belgium began enforcing the NIS2 directive in October 2024, which made it mandatory for 2,410 entities to implement structured risk-management controls and report incidents within 24 hours. Penalties of up to EUR 10 million have shifted cyber risk to board agendas. Hospitals such as UZA Antwerp now run centralised security operation centers and have reduced phishing email click-rates from 30% to 8% after mandatory staff awareness campaigns.
Despite these improvements and strong SPF implementation, major gaps in DMARC enforcement, very low MTA-STS uptake, and insufficient DNSSEC deployment create a permissive environment for phishing, domain spoofing, and email interception.
Report Request - Belgium DMARC Adoption
"*" indicates required fields