Compliance

NIS2 Directive - Are You Prepared?

Q: What is the NIS2 directive?

NIS2 (Network and Information Security Directive 2) is a European directive that sets cybersecurity requirements for organisations in essential and important sectors. The directive is stricter than its predecessor NIS1 and applies to more organisations. In the Netherlands, NIS2 is implemented through the Cybersecurity Act.

Q: Does my business fall under the NIS2 directive?

NIS2 applies to organisations in 18 sectors, including energy, transport, healthcare, digital infrastructure, ICT services and more. Medium and large companies in these sectors also fall under it. Additionally, you may be indirectly affected through your customers or suppliers. We can determine this for you.

Q: What are the fines for non-compliance?

Fines can reach up to 10 million euros or 2% of global turnover for essential entities. For important entities, this is 7 million euros or 1.4% of turnover. Additionally, directors can be held personally liable.

Q: When do I need to be compliant?

The NIS2 directive came into effect on 17 October 2024 in the EU. The Netherlands had until that date to transpose the directive into national legislation. Start preparing now, because compliance takes time.

Q: What measures do I need to take?

NIS2 requires, among other things: risk analyses, security policy, incident handling, business continuity, supply chain security, security awareness training, and reporting incidents within 24 hours. We help you with all aspects.

The NIS2 directive sets strict cybersecurity requirements for an increasing number of businesses. Do you already comply with the new legislation? We help you with assessment, implementation and continuous monitoring.

Request NIS2 assessment 026 312 14 98

NIS2 Directive - Cybersecurity compliance — NIS2 compliance - Comply with European cybersecurity legislation

What does NIS2 mean for your business?

The NIS2 directive is the successor to the first Network and Information Security Directive from 2016. Europe has significantly tightened the rules following the increase in cyber attacks. More sectors now fall under the directive, the requirements are stricter, and the fines higher.

For many SME businesses, NIS2 comes as a surprise. You do not need to be a large multinational to fall under it. Do you work in one of the 18 designated sectors and have more than 50 employees or turnover above 10 million? Then there is a good chance you need to comply with NIS2.

But even if you do not fall directly under the directive, you may be indirectly affected. Large customers or clients who do fall under NIS2 will place requirements on their suppliers. Including you. Our cybersecurity services help you be prepared for this.

What do you need to arrange for NIS2?

1 Risk analysis and security policy

You must have a current risk analysis and a security policy that aligns with the identified risks.

2 Incident handling

Procedures for detecting, analysing and handling incidents. Plus a reporting obligation within 24 hours for serious incidents.

3 Business continuity

Backup management, disaster recovery and crisis management so your business can continue after an incident.

4 Supply chain security

You must assess the cybersecurity of your suppliers and set requirements for their security.

5 Technical measures

Encryption, multifactor authentication, secure communication and access management are mandatory.

6 Awareness and training

Employees and directors must be trained in cybersecurity. Security awareness is mandatory.

How we help you with NIS2

NIS2 assessment

We determine whether your organisation falls under NIS2 and which measures you need to take.

Gap analysis

We compare your current security level with NIS2 requirements and identify the gaps.

Implementation

We help you implement the required technical and organisational measures.

Incident procedures

We help you set up reporting and response procedures for security incidents.

Supply chain security

Your suppliers must also meet requirements. We help you organise and monitor this.

Continuous monitoring

After implementation, we continuously monitor whether you continue to meet the requirements.

Sectors that fall under NIS2

Essential entities

Energy (electricity, gas, oil)
Transport (air, rail, water, road)
Banking and financial markets
Healthcare
Drinking water and wastewater
Digital infrastructure
Government
Space

Important entities

Postal and courier services
Waste management
Chemical industry
Food production and distribution
Manufacturing (medical, electronics, etc.)
Digital service providers
Research institutions
ICT service provision (MSPs)

Veelgestelde vragen

What is the NIS2 directive?

Does my business fall under the NIS2 directive?

What are the fines for non-compliance?

When do I need to be compliant?

What measures do I need to take?

Not sure if you fall under NIS2?

Request a free NIS2 quickscan. Within a week you will know where you stand.