Understanding NIS2 in Belgium: Scope and Implications for Companies

5/31/20261 min read

photo of white staircase
photo of white staircase

What is NIS2?

The NIS2 Directive is a legislative measure proposed by the European Union aimed at enhancing cybersecurity across member states. It builds upon the original NIS Directive, which was the first piece of EU-wide legislation on cybersecurity. NIS2 seeks to improve the overall security level of networks and information systems within the EU, thereby ensuring that both essential and important services are adequately protected against cyber threats.

Key Provisions of NIS2

NIS2 introduces various requirements for incident reporting, risk management, and the resilience of services. Unlike its predecessor, which had a minimal focus on sectors, NIS2 broadens its scope significantly. It emphasizes the importance of cooperation and information sharing among member states, establishing a streamlined process for addressing security incidents. It also introduces stricter supervisory measures and enforcement mechanisms, ensuring that companies comply with the established cybersecurity norms.

Companies in Scope of NIS2 in Belgium

In Belgium, various companies fall under the NIS2 Directive, particularly those operating in crucial sectors such as energy, transport, health, banking, and digital infrastructure. Specifically, providers of essential services like electricity and gas, water supply, and healthcare institutions are required to comply with NIS2 regulations. Additionally, important entities such as digital service providers, including search engines, online marketplaces, and cloud computing services, are also in scope.

The detailed regulation targets both public and private sectors, increasing the accountability of companies in safeguarding their information systems against cyber risks. As organizations are required to assess their cybersecurity measures, they need to implement stronger policies and practices to mitigate potential threats.

As the NIS2 Directive comes into effect, companies must be proactive in ensuring compliance. This involves not only understanding the directive itself but also evaluating their current cybersecurity practices and adapting them as necessary to meet the outlined requirements.

In conclusion, NIS2 represents a significant step towards a more secure digital environment in Belgium and across the EU. By enforcing better cybersecurity standards, the directive aims to protect vital services from emerging cyber threats, fostering resilience and trust within the digital landscape.