Knowledge base
August 21, 2025
Cybersecurity Act NIS2 – Are you prepared yet?
The Cyber Security Act, which transposes the European NIS2 Directive into Dutch law, is expected to enter into force in the second quarter of 2026. Although the directive already took effect within the EU on Oct. 17, 2024, the Netherlands has delayed implementation. This law imposes stricter obligations on organizations in the Netherlands regarding digital resilience. SMEs in particular still underestimate the impact. Our recent LinkedIn poll shows:
📊 38% have just started taking inventory
📊 19% have not started at all
📊 Only 14% say they are fully prepared
That means 86% of organizations are insufficiently prepared. A risky situation – fines and reputational damage lurk with non-compliance.
What is NIS2 and why is it important?
The NIS2 (Network and Information Security) Directive was created by the EU to better secure digital infrastructures of member states against cyber threats. In the Netherlands, this is translated into the Cyber Security Act, aimed at, among other things:
-
Healthcare institutions, government organizations, IT service providers
-
SMEs with essential or important services (e.g., logistics, financial IT)
-
Obligations such as mandatory notification, security audits and incident response
Consequences for non-compliance:
-
Fines up to 10 million euros or 2% of annual turnover
-
Data breaches and operational disruptions
-
Reputational damage to customers and partners
Practical guide: how to implement NIS2 correctly
Step 1: IT risk analysis and baseline measurement
Use our free IT scan (✅ ISO27001 methodology) to understand vulnerabilities.
Step 2: Security by design & policies
Establish policies around access management, backup, encryption and logging.
Step 3: Awareness trainings
Employees remain the weakest link. Train them with hands-on sessions (✅ NEN7510-proof).
Step 4: Monitoring and reporting procedures.
Continuous threat detection and incident notification processes (✅ 24/7 SOC monitoring).
Common mistakes in NIS2 trajectories
❌ Only outsource IT without internal awareness
❌ No incident response plan available
❌ Outdated systems without patch policy
❌ No vendor security controls
❌ Lack of understanding of supply chain responsibility
At ALTA-ICT, we prevent these errors through a structured, certified approach.
ROI of NIS2 compliance
✅ Up to 45% less risk of data breaches
✅ Insurance premiums may drop
✅ Faster AVG/NEN audits
✅ Confidence among customers and investors
Why ALTA-ICT?
At ALTA-ICT, we help Dutch companies with a proven approach that meets:
-
✅ ISO27001, ISO9001 and NEN7510
-
✅ Dutch AVG compliance requirements
-
✅ Proactive threat detection and monitoring
-
✅ Customized IT training and awareness
📞 Schedule your free IT scan now via alta-ict.co.uk/gratisitscan
Frequently asked questions (FAQ)
What exactly is NIS2?
A European directive making cybersecurity mandatory for vital sectors and suppliers.
Who is covered by the NIS2 law?
These include IT service providers, healthcare institutions, governments and key SME suppliers.
What if I don’t comply with NIS2?
You run the risk of high fines and reputational damage in incidents or data breaches.
How can I prepare?
Start with a risk analysis, security policy and awareness training.
What does NIS2 compliance cost?
Depending on your IT landscape. Our approach is modular and customized – always with ROI insight.
Conclusion: prevention is better than cure
The Cybersecurity Act is not an IT project, but a strategic imperative. Start your preparation today – because delay increases risk.
🎯 S chedule your free consultation with our ISO-certified experts at scan.alta-ict.co.uk
Reference
¹https://www.linkedin.com/posts/altaict_iso27001-iso9001-nen7510-activity-7355495991996731392-fGfB
Want to know more?
Related
blogs
Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Wekelijks in je Mailbox.