NIS2 readiness, how are you doing?

The European Network and Information Security Directive, NIS2, was introduced to enhance cybersecurity and resilience for essential and important services within well-defined sectors across the EU. It has now been four months since the NIS2 legislation came into effect. Its implementation has undoubtedly created momentum within many Belgian companies. This momentum is essential, as cybercrime is expected to continue rising in the coming years (source: Chart: Cybercrime Expected To Skyrocket in Coming Years | Statista).

Recently, our colleague and Information Security Consultant, Bruno, was invited to provide an update on this topic at Voka Big Refresh—right up his alley.

Bruno is happy to share these 10 key points with anyone looking to accelerate their journey toward NIS2 compliance:

1. Information is a valuable asset for any organization and must be properly protected.
2. Security is more than just a combination of products and tools—it is a process and a mindset.
3. NIS2 is a European directive (transposed into Belgian legislation) aimed at achieving a higher common level of cybersecurity.
4. The scope depends on company size and sector, distinguishing between Important and Essential entities.
5. The key requirements include policies and security measures, incident management, supply chain security, and training.
6. Governance bodies (Board of Directors, ExCo) must be adequately trained and bear liability.
7. Oversight is provided by the Centre for Cybersecurity Belgium (CCB), which offers the Cyber Fundamentals control framework.
8. Non-compliance sanctions range from warnings to hefty fines.
9. Registration with the CCB is mandatory for all in-scope entities by March 18, 2025.
10. “Essential” entities have deadlines for compliance and certification.

Belgium was the first EU member state to fully implement the new NIS2 directive, thanks to the proactive leadership of the CCB. Since the NIS2 legislation was introduced in October last year, 1,224 organizations from critical sectors have already registered with the Centre for Cybersecurity Belgium (CCB). During this period, reports of cyber incidents have increased by 50%.

Furthermore, credit must be given to the CCB for its strong efforts in supporting businesses and organizations in becoming NIS2 compliant. While there is still work to be done, Belgium is undoubtedly on the right track toward achieving stronger cybersecurity resilience.

It’s not just us—many countries across Europe are impressed by the well-developed CCB CyberFundamentals framework. This framework provides a set of concrete measures to protect data, significantly reduce the risk of common cyberattacks, and enhance an organization’s cyber resilience. It is a well-thought-out and pragmatic approach that we highly recommend. You can find all the details at  CyberFundamentals Framework | CCB Safeonweb