Header image

Port Security

11 May 2021
How can we help you?

As the Port Security Officer (PSO) in the port of Rotterdam, the Harbour Master is the authority for security in the entire port on behalf of the Mayor. To keep the risk of security incidents to a minimum, security rules apply in the port of Rotterdam. These rules are set by the International Maritime Organisation (IMO) in the International Ship and Port Facility (ISPS) Code.

The security measures set out in the code have been included in the European Regulation 725/2004.

The ISPS Code is mandatory for:

  • ships engaged on international voyages;
  • passenger ships, including high-speed passenger craft;
  • cargo ships, including high-speed craft of 500 gross tonnage or more; and
  • drill units;
  • port facilities serving vessels engaged on international voyages.

Security level in the port of Rotterdam

The security level is part of the ISPS Code. For terminals, these security levels are set by the national government. For sea-going vessels, the level is established by the flag state or the port state. In the event of an increased threat, the security level is raised and vessels and terminals must take additional security measures. The Port of Rotterdam Authority informs those responsible for security at terminals (PFSOs) about changes to the security level.

Security levels

  1. Normal situation: the standard security measures apply
  2. General increased threat: stricter security measures are implemented
  3. Specific threat: very strict security measures are implemented

The actual security level in the ports in Rotterdam-Rijnmond and Drechtsteden is 1 (one).

Risk assessment and security plan

In compliance with the ISPS Code, the government must prepare a risk assessment for terminals where sea-going vessels are handled and the administrators of these terminals are required to prepare a security plan. The ISPS evaluation team (police, customs and the Port Authority) evaluates whether the risk assessment and the security plan comply with the requirements. The team advises the PSO on approval of the documents. A risk assessment and a security plan must also be prepared for sea-going vessels. They are evaluated by the flag state of the vessel or by a registered security organisation on behalf of the flag state.


The Port Security Officer has been using MOBI since mid-2019. This nation-wide online application allows the Port Security Officer and his staff, the PFSOs, the ISPS Assessment Team and the ISPS supervisors to share information with each other in order to secure the port in compliance with the ISPS Code. Users can log on to the application via www.havenmobi.nl.

View the following clip for an overview of the options offered by MOBI.


Shipping agents of vessels subject to the ISPS Code are obliged to register the ship security pre-arrival information at least 24 hours in advance. See European Directive 65/2010/EU. This can be done via the security screen in Portbase.



Ship Security Officers (SSOs) are responsible for the security on board vessels. The security of a terminal is the responsibility of the Port Facility Security Officer (PFSO). The PFSO must hold a simple exercise (‘drill’) at the terminal once every three months, and a full exercise, including the participation of an external party, once every calendar year (separated by no more than 18 months): an ‘exercise’. Under the instructions of the European Commission, the Antwerp Port Authority has developed the European Handbook of Maritime Security Exercises and Drills. The Handbook Port security awareness of the Antwerp Port Authority can be used for the compulsory regular refresher courses for non-security personnel working at the terminal.

Cyber Notification Desk & IT disruption reporting obligation

The Harbour Master of Rotterdam established the Port Cyber Notification Desk on 11 June 2018. Companies in the Port of Rotterdam area are asked to report large-scale IT disruptions at their company. They should make this report to the Port Cyber Notification Desk. A reporting obligation applies to companies that fall under the Port Security Act Regulation (EC) no. 725/2004 and companies that are required to comply with ISPS.

If the IT disruption has one of the three following consequences, you should contact the Port Cyber Notification Desk immediately on +31 (0) 252 1005.

  1. It is no longer possible to carry out the measures from the Port Facility Security Plan completely.
  2. Interruptions to processes for the receipt and departure of vessels.
  3. Interruptions to processes regarding freight throughput.

The reporting enables the Harbour Master and security and other partners to determine whether measures are required to support security in the port area. Extensive information about the reporting obligation is given at the bottom of this page under ‘downloads’ in the ‘Port Cyber Notification Desk Policy Document’.