NIS2

NIS2 in plain language. No scaremongering.

The new cyber rules sound complicated, but the core is simple: knowing where you stand and being able to prove your IT is in order. We explain what it is, who it applies to and where to begin.

  • In effect ~15 August 2026
  • Directly from ~50 employees
  • Plus your whole chain

Free · about 5 minutes · an instant, personal picture of where you stand.

An IT professional working with focus, in control of cyber risk

What is NIS2, really?

NIS2 is a European directive for digital security, translated in the Netherlands into the Cybersecurity Act. The thinking behind it is simple: businesses that matter to society have to get their digital resilience in order, and be able to show it. So it is not about one technical trick, but about having provable control over your risks.

Does it apply to you?

Not every business falls under it directly. But "not direct" does not mean "no concern", because the rules ripple through the whole chain.

Directly

Medium and large organisations (from around 50 employees or more than 10 million euros in revenue) in designated, important sectors fall under it directly. They face a duty of care, a reporting duty and supervision.

Indirectly, through your chain

If you do not fall under it yourself, you can still be affected through your customers. Because an organisation that does fall under NIS2 has to get its suppliers in order too, and passes those requirements down. That is how it touches a large group of SMEs indirectly.

In practice this is what we see most often: your biggest customer suddenly asks whether your security is provably in order. That is the moment you want it sorted, not afterwards.

Take the scan

What does the law ask, roughly?

Without lapsing into legal language, it comes down to a handful of healthy basic measures. Each one a thing you would want anyway:

  • Knowing the risks you run
  • Multi-factor authentication (MFA) and well-arranged access
  • Keeping your devices and systems up to date
  • Tested backups and a recovery plan
  • Making your people aware of phishing and spoofed email
  • A plan for when something does go wrong
  • Visibility into which suppliers have access

The nice part: these are exactly the things that make your IT safer and calmer anyway. NIS2 or not.

Don’t start with a thick report. Start by seeing.

You don’t have to panic about this, nor write a policy document straight away. The first step is knowing where you stand now. Our free security scan touches the themes NIS2 covers too, and with MIRA we record it in a measurable, provable way, exactly what a customer or regulator wants to see.

This is an explanation in plain language, not legal advice. Whether and how NIS2 applies to you exactly depends on your situation, which we are happy to discuss honestly.

NIS2: a few frequently asked questions.

No legal jargon, just honest answers to what we hear most often.

  • Does my business fall under NIS2?

    That depends on your sector and your size. From around 50 employees or 10 million euros in revenue in a designated sector you probably fall under it directly. Below that, you can still be affected through a customer who passes the requirements down. Not sure? Then we will take a look with you in an intro call.

  • When does it take effect?

    The Cybersecurity Act was adopted in 2026 and is expected to take effect around 15 August 2026. Starting now gives you time to get it in order calmly rather than under pressure.

  • What happens if I do nothing?

    For businesses that fall under it directly, that can lead to obligations and fines. But even without that, waiting is rarely wise: the measures protect your business and are increasingly asked for by customers and insurers.

  • Do we have to overhaul everything for this?

    Usually not. Often you have already arranged part of it and it is about the finishing touches. So we start by mapping what is there, so you work in a targeted way instead of all at once.

Want to know whether and how NIS2 affects you?

Our free scan touches the themes NIS2 covers too, so you quickly know where you stand. Not sure whether NIS2 applies to you? In a no-strings intro call we’ll take a look with you.

Free and no-strings, no sales pitch.