NIS2 and the Netherlands
The NIS2 Directive is the latest version of European legislation governing cybersecurity for businesses and organizations. In the Netherlands, this directive has been adopted in the form of the Cybersecurity Act (CBW). The goal of the new directive and legislation is to improve the digital resilience of essential and critical businesses against cyberattacks. The Cybersecurity Act is expected to take effect starting in the third quarter of 2026. Failure to comply with this law can result in director liability and substantial fines.
To find out if your organization is subject to NIS2, check below!
What NIS2 Means for Your Organization
Even if your organization is not directly subject to the NIS2/Cybersecurity Act (CBW), you may still be expected to comply. Organizations that are subject to NIS2 are required to manage their supply chain and therefore impose requirements on their direct suppliers.
This means that suppliers must demonstrate that they have implemented appropriate cybersecurity measures. This demonstration requires verifiable evidence, such as documented processes, technical measures, and periodic assessments. An increasing number of organizations are using the NIS2 Supply Chain model as a structured framework to provide this evidence.
Good cybersecurity not only protects your own organization but also the business continuity of customers and partners in the supply chain. In addition, cybersecurity measures are playing an increasingly important role in cyber insurance: insurers are more frequently including these requirements explicitly in their policy terms and conditions.
Zero Trust Networks and NIS2 Supply Chain
Securing your business and processes digitally involves a great deal of work. At Zero Trust Networks, we make this process much easier by assisting you with the technical implementation and providing expert advice. To this end, we utilize the NIS2 Quality Mark framework to apply the appropriate measures tailored to your organization’s requirements and needs.
The NIS2 Quality Mark has three levels: NIS2-SC10 Basic, NIS2-SC20 Substantial, and NIS2-SC30 High, each requiring increasingly more measures.
NIS2-SC10 Basic
For small and medium-sized enterprises (SMEs) with a low-risk profile that directly provide services or products to organizations subject to NIS2 requirements.
NIS2-SC20 Substantial
For companies with a higher risk profile due to their role or access to sensitive information, which conduct business directly with organizations subject to NIS2.
NIS2-SC30 High
For companies that are at higher risk due to their role or access to data and that supply directly to organizations subject to the NIS2 Directive.
Ready to get started? Contact us today.
Trust & Partnership
Zero Trust Networks collaborates with Samen Digitaal Veilig to help organizations improve their digital resilience and comply with NIS2 requirements. Samen Digitaal Veilig is a Dutch partnership in which government agencies, businesses, and research institutions work together to strengthen cybersecurity.
Within this framework, the focus is on practically preparing organizations for digital threats. By sharing knowledge and collaborating on concrete measures, organizations become more resilient against cyberattacks, data breaches, and phishing, among other threats. This collaboration contributes to a safer and more resilient digital country.
