Skip to content

NIS2

NIS2 is coming. Prepare now.

The EU’s Network and Information Security directive raises the bar for digital resilience across Europe, and the obligations that come with it are not far off.

Get in touch

What is NIS2?

NIS2 is the European Network and Information Security directive. It aims to raise digital resilience and harmonise cybersecurity across the EU, replacing and broadening the original NIS directive.

It significantly expands the range of organisations in scope and tightens the requirements around risk management, incident reporting and accountability.

Who does it apply to?

NIS2 applies to organisations active in a covered sector that qualify as an important or essential entity.

Group 1, sectors of high criticality

EnergyTransportBankingFinancial market infrastructureHealthDrinking waterWastewaterDigital infrastructureICT service managementPublic administrationSpace

Group 2, other critical sectors

Digital providersPostal & courier servicesWaste managementFoodChemicalsResearchManufacturing

Within these sectors, organisations are classed as important or essential entities, which determines the level of supervision that applies.

Indicative size thresholds

Large250+ employees, or €50M+ annual turnover
Medium50+ employees, or €10M+ annual turnover

Your core obligations

Duty of care

Run your own risk assessment and take appropriate technical and organisational measures to manage the risks you find.

Reporting duty

Report significant incidents within 24 hours to the supervisory authority, and inform the CSIRT for cyber incidents.

Supervision

Expect active supervision and accountability at management level for the measures your organisation takes.

Where the law stands

NIS2 is being transposed into national law across the EU. In the Netherlands the implementation, the Cyberbeveiligingswet, is being finalised. The obligations are coming, so the responsible move is to prepare now rather than wait for a date.

{{ CONFIRM: current Dutch NIS2 / Cyberbeveiligingswet status and in-force date before launch }}

How CyberReady gets you there

Three phases that bring your organisation to a NIS2-ready security implementation.

1

Assess

A Readiness Assessment establishes where you stand against NIS2 and the frameworks behind it, with maturity scored per domain.

2

Design

We draft the policy, processes and documentation NIS2 expects, tailored to your organisation.

3

Implement

We help put it into practice so people and systems genuinely work to it, with optional aftercare.

Get NIS2-ready.

Start with a Readiness Assessment and a clear view of the gap.

Get in touchConsulting