Cybersecurity is no longer just an IT issue, but a responsibility at management level. The arrival of the European NIS2 Directive (Network and Information Security Directive 2) heralds a new era of responsibility. Whether you are active in healthcare, logistics, energy, or manufacturing, NIS2 means that you must be able to demonstrate that your security is in order, otherwise there could be serious consequences.
The new rules may seem like yet another obligation, but they also offer opportunities. Opportunities to use data and intelligence to build real resilience. And that is precisely where Altares Dun & Bradstreet can make a difference.
What is NIS2? A brief explanation
NIS2 is the updated European cybersecurity law (Directive (EU) 2022/2555). It replaces the original NIS Directive from 2016 and significantly expands its scope. The aim is to better protect Europe's digital infrastructure, from energy grids to cloud services, against cyberattacks. The directive distinguishes between essential and important entities. Essential entities are organizations in sectors such as energy, healthcare, transportation, drinking water, digital manufacturing companies, food and waste workers, postal and courier services, and research institutions. In practice, most medium-sized and large organizations in these sectors fall under NIS2. Smaller companies may also be covered if they provide critical services to these sectors.
Learn more about the NIS2 Directive here.
What exactly does NIS2 require?
Organizations must be able to demonstrate that they actively manage their cyber risks. The directive stipulates that companies must take appropriate technical and organizational measures, such as encryption, access management, and secure software development. Serious incidents must be reported within 24 hours, followed by a supplementary report within 72 hours and a final report within one month.
In addition, companies must identify and manage cyber risks in their supplier and partner networks. Management is ultimately responsible for the policy and can be held liable if the organization fails to comply. Regulators can impose heavy penalties of up to €10 million or 3% of global annual turnover.
The situation in Belgium
Belgium was at the forefront of the introduction of NIS2. The law has been in effect since October 18, 2024, replacing the previous Cybersecurity Act. Belgian organizations must be able to demonstrate that they have taken the appropriate measures and prepare for audits by the Centre for Cybersecurity Belgium (CCB). The Belgian regulator expects organizations not only to comply with legal obligations, but also to demonstrate that they are working on continuously improving their cyber resilience and supply chain management.
How Altares Dun & Bradstreets helps with NIS2 compliance
With the global D-U-N-S number, Altares connects more than 600 million companies into a single reliable network. This gives organizations a complete picture of their suppliers. Thanks to reliable UBO information and corporate linkages, it becomes clear who is really behind a supplier and where potential vulnerabilities arise.
Platforms such as IndueD enable companies to continuously monitor their suppliers for sanctions, politically exposed persons, financial risks, and reputation signals. The information is always up to date and fully verified, which helps with audits or reports. When an incident occurs, that same up-to-date data ensures that companies can report within the legal deadlines of 24 and 72 hours.
Read more about our compliance solutions here.
From obligation to advantage
Those who approach NIS2 intelligently will gain more than just compliance. It strengthens trust among customers and partners, increases the resilience of the organization, and improves the balance between cybersecurity, risk management, and procurement.
Reliable data lays the foundation for true resilience Altares Dun & Bradstreet helps organizations take that step: from reactively complying with rules to proactively protecting their reputation, customers, and future.
