NIS2: does it apply to you?

160,000 European entities affected. Fines up to €10M or 2% of global revenue. Check your situation in 5 minutes.

Are you within the NIS2 scope?

You employ more than 50 people or generate over €10M in revenue

You operate in an essential or important sector (energy, healthcare, transport, finance, digital, water, food, chemicals, public administration, waste management, postal services, industry)

You are a supplier to an essential or important entity

You process data critical to the continuity of an essential service

If you checked at least one box, NIS2 likely applies to you. Test your compliance in 15 minutes with Varden Auditor.

Non-compliance: the bill.

€10M

Maximum fine, or 2% of global revenue

72h

Mandatory deadline to report a major incident

Personal

Executives are personally and criminally liable

The 10 requirements of Article 21.2

1Risk analysis and information security policy

2Incident management (detection, handling, reporting)

3Business continuity, backup and recovery planning

4Supply chain security and critical third parties

5Security in acquisition, development and maintenance of systems

6Regular assessment of cybersecurity measure effectiveness

7Cyber hygiene and continuous staff training

8Cryptography and encryption policy

9HR security, access control and asset management

10Strong authentication and secure communications

Published by the Centre for Cybersecurity Belgium (CCB)

Cyber Fundamentals: the Belgian framework to implement NIS2

Cyber Fundamentals (CyFun) translates NIS2 requirements into concrete, actionable and verifiable measures. Instead of a legal text open to interpretation, CyFun provides a precise grid of controls aligned with ISO 27001 and the NIST Cybersecurity Framework.

Each control specifies what to do and how to prove it: security policy, asset inventory, vulnerability management, incident detection, continuity, awareness. It is the operational reference for any Belgian organization subject to NIS2.

Four assurance levels, tailored to your risk exposure

Small

Micro-businesses and small organizations — basic good practices.

Basic

Low-exposure SMEs — core essential controls.

Important

Corresponds to 'important entities' under NIS2.

Essential

Corresponds to NIS2 'essential entities' — the highest bar.

Varden Auditor natively integrates CyFun and generates the enforceable evidence expected by the CCB.

Test your NIS2 compliance in 5 minutes.

Start the test Talk to an expert

Chargement...

NIS2: does it apply to you?

Are you within the NIS2 scope?

Non-compliance: the bill.

The 10 requirements of Article 21.2

Cyber Fundamentals: the Belgian framework to implement NIS2

Four assurance levels, tailored to your risk exposure

Varden's three radars cover NIS2.

Varden Auditor

Sentinel Externe

Sentinel Interne

Test your NIS2 compliance in 5 minutes.

NIS2: does it apply to you?

Are you within the NIS2 scope?

Non-compliance: the bill.

The 10 requirements of Article 21.2

Cyber Fundamentals: the Belgian framework to implement NIS2

Four assurance levels, tailored to your risk exposure

Varden's three radars cover NIS2.

Varden Auditor

Sentinel Externe

Sentinel Interne

Test your NIS2 compliance in 5 minutes.