TIOZ Howest

Howest Logo

🚨 Exactly 1 Month to Go: did you Already Register your Company as NIS2 Entity? 🚨

For organizations operating within the EU, it's imperative to determine their applicability under NIS2, understand the necessary registration processes, and adhere to mandated incident reporting protocols. This first in a series of articles provides a comprehensive guide to navigating these critical aspects of NIS2 compliance.

Belgian NIS2 entities are required to register with the CCB, the Centre for Cybersecurity Belgium, which is the local national regulation authority in Belgium, before the 18th of March 2025, one month from now.

TL;DR: The registration form can be found on the SafeOnWeb website. If you need extra information, RTFM, consult the "How to register your organisation on Safeonweb@work for the first time?" documentation.

Get in Touch with your Questions about NIS2 and CyFun!

Cover image

Quick facts

  • /

    NIS2 applies to both "essential" and "important" entities across various sectors

  • /

    Entities must report significant cybersecurity incidents within specific timeframes

  • /

    Non-compliance can lead to substantial penalties and increased accountability for management

  • /

    More companies are seen as NIS2 entities than you would expect

Are you in Scope of NIS2?

A lot of companies ask us whether they are in scope of the NIS2.

Here are a few things to check:

  • if your organisation is in the 18 critical or important sectors mentioned in Annexes I and II in the NIS2 Directive,
  • if it meets the size threshold, and
  • if it is operating within the EU, or provides services in the EU,
  • even if size thresholds are not met, your organization might still be in scope if it is deemed critical for public safety or societal/economic stability

If your organization meets these criteria, it is likely subject to NIS2 obligations. For a more detailed evaluation, you can use tools like scope assessment checkers:

In brief, more companies are seen as NIS2 entities than you would expect, mainly because you are part of a supply chain, and your company is a partner or supplier to a critical infrastructure company.

If you are in scope of NIS2, register your organisation on the SafeOnWeb website. If you need extra information, RTFM, consult the "How to register your organisation on Safeonweb@work for the first time?" documentation.

Belgium was not only the first country in Europe to transpose the European Directive into national law (a big applause for CCB for achieving this), it was also exceptional in providing a helpful framework to implement and comply with NIS2.

The CyberFundamentals Framework (often abbreviated as CyFun®) is a set of concrete measures to protect data, significantly reduce the risk of the most common cyber-attacks and increase an organisation's cyber resilience.

To respond to the severity of the threat an organisation is exposed to, in addition to the starting level Small, 3 assurance levels are provided: Basic, Important and Essential.

A great self-assessment tool is the CyFun® Maturity Level Toolbox by CCB, Which contains a great explanation of the 4levels and key measures to take.

To show that your company is serious about NIS2 and potentially gain a competitive edge in the marketplace, you can obtain the CyberFundamentals Label from an Authorised Conformity Assessment Body (CAB).

Finally, there is a whole list of tools and useful documents about e.g. NIST CSF 2.0 transition and policy templates in the CyberFundamentals Toolbox.

Interesting NIS2 Resources (part of our NIS2 Observatory):

Authors

  • /

    Patrick Van Renterghem, AI, CyberSecurity, Web3, Quantum, ... Community Builder

Want to know more about our team?

Visit the team page