Since October 17, 2024, the "Network and Information Security 2" directive, better known as the NIS2 law, has been in effect in Belgium.
More information
It’s time to get informed and take the necessary steps to align your cybersecurity with this new NIS2 law.
Applies to more than 18 sectors
More than 200,000 medium and large companies
Fines of up to 2 million euros
NIS2 is a European regulation designed to enhance cybersecurity within companies across the European Union. It is a revision and extension of the previous NIS directive, targeting a wider range of organizations and sectors with strengthened requirements and responsibilities.
NIS2 applies to specific sectors deemed essential or important. Organizations operating in these sectors must comply with NIS2 requirements to ensure their cybersecurity:
This sector includes companies involved in the production, distribution, and supply of electricity, gas, and oil.
Examples: Power plants, gas and oil producers, grid operators.
This applies to organizations active in aviation, rail transport, maritime transport, and road transport.
Examples: Airlines, railway companies, ports, and logistics companies.
This sector includes institutions and organizations involved in healthcare services.
Examples: Hospitals, health insurance providers, laboratories, and pharmaceutical companies.
This refers to organizations providing financial services, such as banks and insurance companies.
Examples: Banks, payment service providers, investment firms, and insurers.
This sector includes organizations offering digital services and infrastructure, such as internet service providers and cloud services.
Examples: Data centers, internet exchange points, and cloud service providers.
This covers all levels of government responsible for public services and policies.
Examples: Local, regional, and national administrations.
If your organization is not part of the sectors covered by NIS2, you are not legally required to comply with the directive. However, it is important to consider your clients or partners. Many of them may be subject to NIS2, meaning they might expect you to adhere to certain security standards.
Supply chain security: This is a key element of NIS2. Your clients may require your organization to take measures to reduce their risks.
Competitive advantage or disadvantage: Not complying with NIS2 could put you at a disadvantage compared to your competitors, as clients might prefer suppliers who meet this directive. Investing in cybersecurity and aligning with NIS2 can build trust and open new business opportunities.
The NIS2 directive imposes a number of obligations on organizations.
The NIS2 registration requirement applies to all medium and large companies belonging to one of the 18 defined sectors in the directive. They must register in the entity register as a NIS2 entity.
A thorough risk assessment and cybersecurity risk analysis is a key obligation under the NIS2 directive.
If your self-assessment indicates that you must comply with NIS2, you are required to take appropriate measures to protect your networks and information systems, including advanced cybersecurity training for IT managers.
In case of an incident, the organization must report it within a specified timeframe through a centralized system and may be subject to an audit.
Non-compliance with the NIS2 directive can result in significant fines—up to 10 million euros, depending on the severity of the violation and the size of your company. It is therefore crucial to take cybersecurity seriously and comply in time!
Looking for guidance to align your cybersecurity with NIS2?
Contact us