Cybersecurity is no longer just an IT issue, but a responsibility at management level. The arrival of the European NIS2 Directive (Network and Information Security Directive 2) heralds a new era of responsibility. Whether you are active in healthcare, logistics, energy, or manufacturing, NIS2 means that you must be able to demonstrate that your security is in order, otherwise there could be serious consequences.
The new rules may seem like yet another obligation, but they also offer opportunities. Opportunities to use data and intelligence to build real resilience. And that is precisely where Altares Dun & Bradstreet can make a difference.
What is NIS2? A brief explanation
NIS2 is the updated European cybersecurity law (Directive (EU) 2022/2555). It replaces the original NIS Directive from 2016 and significantly expands its scope. The aim is to better protect Europe's digital infrastructure, from energy grids to cloud services, against cyberattacks.
The directive distinguishes between essential and important entities. Essential entities are organizations in sectors such as energy, healthcare, transportation, drinking water, digital manufacturing companies, food and waste workers, postal and courier services, and research institutions. In practice, most medium-sized and large organizations in these sectors fall under NIS2. Smaller companies may also fall under it if they provide crucial services to these sectors.
See which organizations in the Netherlands fall under the Cybersecurity Act here.
What exactly does NIS2 require?
Organisaties moeten kunnen aantonen dat ze hun cyberrisicoโs actief beheersen. De richtlijn schrijft voor dat bedrijven passende technische en organisatorische maatregelen nemen, zoals encryptie, toegangsbeheer en veilige softwareontwikkeling. Ernstige incidenten moeten binnen 24 uur worden gemeld, gevolgd door een aanvullende melding binnen 72 uur en een eindrapport binnen een maand.
In addition, companies must identify and manage cyber risks in their supplier and partner networks. Management is ultimately responsible for the policy and can be held liable if the organization fails to comply. Regulators can impose heavy penalties of up to โฌ10 million or 3% of global annual revenue.
The situation in the Netherlands
The Netherlands is still working on the national translation of the NIS2 Directive. In the new Cybersecurity Act (Cbw). This law is expected to come into force in 2026. However, organizations cannot wait until then. Dutch companies operating in other EU countries where NIS2 already applies must already comply with the rules. Regulators also expect organizations to prepare in good time so that they can demonstrate that their security and risk processes meet the requirements of NIS2.
How Altares Dun & Bradstreets helps with NIS2 compliance
With the global D-U-N-S number, Altares connects more than 600 million companies into a single reliable network. This gives organizations a complete picture of their suppliers. Thanks to reliable UBO information and corporate linkages, it becomes clear who is really behind a supplier and where potential vulnerabilities arise.
Platforms such as IndueD enable companies to continuously monitor their suppliers for sanctions, politically exposed persons, financial risks, and reputation signals. The information is always up to date and fully verified, which helps with audits or reports. When an incident occurs, that same up-to-date data ensures that companies can report within the legal deadlines of 24 and 72 hours.
Read more about our compliance solutions here.
From obligation to advantage
Those who approach NIS2 intelligently will gain more than just compliance. It strengthens trust among customers and partners, increases the resilience of the organization, and improves the balance between cybersecurity, risk management, and procurement.
Met betrouwbare data leg je de basis voor echte veerkracht Altares Dun & Bradstreet helpt organisaties om die stap te zetten: van reactief voldoen aan regels naar proactief beschermen van hun reputatie, klanten en toekomst.
