We cannot avoid it: the NIS2 regulations are coming next year.
Nick Visser, Agerion IT
Cybersecurity
The NIS2: Are you ready?
It is already in effect in many other European member states: the Network and Information Security 2 Directive. Compliance in the Netherlands will also begin in mid 2025. What does this mean for organizations in the Netherlands?
We have compiled a list of the complex criteria and necessary actions to comply with the regulations.
Who is the NIS2 for?
The NIS2, and thus the Cybersecurity Act, focuses on critical organizations and sectors where service outages could cause social and economic disruption. According to the European Union, they deserve an extra layer of digital protection.
The organizations covered by the Cybersecurity Act include:
Source: Digital Trust Center
When will this start?
A European directive is not simply transposed into national law. While the directive was already adopted by the European Council on November 22, 2022, the 21-month implementation period began on January 16, 2023. During this time, all Member States must transpose this directive into national law. Unfortunately, the Netherlands did only achieve this by October 17, 2024. The final national legislation is expected to enter into force in mid-2025.
NIS2 Criteria
Does your organization fall into one of the above sectors? Then it is important to determine whether it can also be classified as an 'essential' or 'important' entity according to the criteria below.
1. Essential
Large organizations (at least 250 employees or an annual turnover of more than €50 million and a balance sheet total of more than €43 million) operating in a sector listed in column 1. Organizations designated as critical entities under the CER Directive are automatically considered essential entities.
2. Important
Medium-sized organizations (at least 50 employees or an annual turnover and balance sheet total of more than €10 million) operating in a sector listed in Annex 1, as well as medium-sized and large organizations operating in sectors listed in column 2.
If this is the case, you must comply with the NIS2 Directive.
Our organization is an essential or important organization. What now?
Your company is crucial to the social and economic operations within the Netherlands. That is a great honor, but in this case, it also comes with certain responsibilities. In recent years, developments such as the COVID-19 epidemic, the war in Ukraine, and cyber threats have increasingly put the security of our society and economy under pressure. To enhance this cyber resilience, the European Union has developed certain pillars in the NIS2 (National Security and Cybersecurity Act).
These pillars are duty of care, reporting, and supervision. We describe these obligations using a concrete step-by-step plan in our free white paper. This way, you can quickly and comprehensively prepare to meet these obligations. Our cybersecurity experts are happy to work with you to create an inventory for your organization.
Smaller Organizations: Aren't You Important?
Does your organization not fall under the categories of essential and important? Then the regulations will certainly not apply to you in the short term. It is important to ask yourself: if our organization is not crucial to the economy and society, might it be crucial to our employees and ourselves? The cyber resilience of organizations is currently being increasingly tested. Reports of phishing, ransomware, and malware are commonplace.
Subsidy scheme 'My cyber-resilient business'
To support organizations of this size, the Dutch government launched the "My Cyber-Resilient Business (MCZ)" subsidy program in September 2024 for small businesses with up to 50 employees and an annual turnover of up to €10 million. This program also applies to self-employed professionals.
This program reimburses 50% of the purchase price and/or implementation of digital technology, up to a maximum of €1,250 of the purchase or subscription price. The subsidy program runs until December 31, 2024, and applies to products and services that fall under:
- Secure network access and Wi-Fi
- Password managers
- Two-factor authentication (2FA), two-step verification, and multi-factor authentication (MFA)
- Patch management
- Antivirus software
- Setting up and testing backups
- Risk inventory and evaluation (RI&E)
- Cyber awareness training
Cybersecurity experts of Agerion help
At Agerion IT, we work primarily preventatively on cybersecurity for our clients every day. This way, we make organizations unattractive to hackers. We do this through cyber awareness training (after all, it is the person who clicks on links), setting up highly secure workspaces, and providing our clients with backups and risk assessments. We do this using our Cybersecurity Framework. This framework consists of 5 pillars that we use to measure an organization's security and present it in a clear and understandable way for entrepreneurs.
Comply with Cyber security regulations in a timely manner
Our cyber security experts are happy to help you with this.
Certified cyber security experts
Your organization quickly and well secured
More news
PUBLICATIONS
IT environments that match the growth ambitions of entrepreneurs
This time a Hoeksche Zaken Magazine with a very special cover!
HOEKSCHE WAARD
Agerion hosts the 60th Open Coffee Hoeksche Waard
On Friday, November 14, you are welcome to network, exchange ideas, and discover opportunities for collaboration.
MICROSOFT
Microsoft stops with Windows 10: time for action
Are you still working with Windows 10 within your organization? Then it's time to take action. There are several possible routes.