Solutions
Solutions
All in one solution
Overview
Managed XDR
Keep my IT safe 24/7
24/7 Incident Response
Restore business operations
Security Awareness
Improve security culture
Cyber Insurance
Ensure business continuity
Integrations
Technology partners
Industry
All sectors
Logistics
Manufacturing
Professional services
Healthcare
Partners
Partner Network
For Brokers & Risk Advisors
Lower your clients' cyber risk.
For Managed Service Providers (MSP)
Expand your offer with cybersecurity.
Case studies
Customer protection
Jan de Rijk
Logistics
Avi Medical
Healthcare
KeyTec Netherlands
Manufacturing
Van der Most Transport
Logistics
Signature Foods
Manufacturing
KlaassenGroep
Construction
GOED Belgium
Healthcare
Zimmer Group
Manufacturing
Plans
Resources
Resources
Blog
News from the front lines
Resource Library
Guides and brochures
Knowledge Base
Customer login
Free Anti-spoofing Tool
Sign up to get started
NIS2 Resource Hub
The latest news around NIS2
Eye Research
Tech blog and real-world incidents
Trend Report 2026
Insights from 630 cyber investigations
Glossary of Terms
An overview of cybersecurity terms
Learning Hub
Understand the building blocks
Webinars & Events
All digital & live events at a glance
Company
About
News
Careers
Contact
Press
en
de nl
Talk to us
Take a tour
Solutions
Back
Solutions
All in one solution
Managed XDR
24/7 Incident Response
Security Awareness
Cyber Insurance
Integrations
Industry
All sectors
Logistics
Manufacturing
Professional services
Healthcare
Partners
Back
Partner Network
For Brokers & Risk Advisors
For Managed Service Providers (MSP)
Case studies
Back
Customer protection
Jan de Rijk
Avi Medical
KeyTec Netherlands
Van der Most Transport
Signature Foods
KlaassenGroep
GOED Belgium
Zimmer Group
Plans
Resources
Back
Resources
Blog
Resource Library
Knowledge Base
Free Anti-spoofing Tool
NIS2 Resource Hub
Eye Research
Trend Report 2026
Glossary of Terms
Learning Hub
Webinars & Events
Company
About
News
Careers
Contact
Press
en
de nl
Book a demo
Incident Hotline

NIS2 is here. Are you ready?

NIS2 compliance in Belgium: practical guide for essential and important entities

The real question begins now: how do we sustain security in practice? Download the guide used by European essential entities and maintain NIS2 compliance readiness with 24/7 incident reporting capability. 
NIS2 Belgium book cover

Europe's cybercrime is targeting NIS2 essential entities.

53.7%

of cyber incidents in Europe affected essential entities under NIS2 (source: ENISA)

60%

of intrusions start with phishing; AI-supported identity compromise dominates

81.1%

ransomware still dominates
cybercrime activity against EU organisations

"For security leaders, the assume breach principle requires a shift from compliance-driven activity to continuous readiness. This involves testing response plans, training teams, monitoring systems 24/7, and partnering for expertise."
Marcel van Asperdt.
CISO, Eye Security
EYE-HEADSHOT-CROPS_Marcel van Asperdt
"For security leaders, the assume breach principle requires a shift from compliance-driven activity to continuous readiness. This involves testing response plans, training teams, monitoring systems 24/7, and partnering for expertise."
Marcel van Asperdt.
CISO, Eye Security
EYE-HEADSHOT-CROPS_Marcel van Asperdt

The 7 steps to NIS2 compliance in Belgium.

Each step reinforces the “assume breach” mindset: understanding that cybersecurity resilience under NIS2 is not a one-time exercise but a continuous, auditable commitment to preparedness.

number-one
Check if NIS2 applies to you

Consult the official CCB NIS2 portal to verify your classification and understand which authority supervises your sector. If you are part of another organisation’s supply chain, the CCB recommends aligning at least with the Basic level of the CyberFundamentals (CyFun®) framework.

two
Register your organisation

This ensures your organisation is officially recognised and can receive updates, guidance, and instructions from the authorities. It is also the starting point for meeting your reporting obligations in case of a cyber incident. You can complete this process via the official CCB platform.

three
Be ready to report incidents

From 18 October 2024 onward, all in-scope organisations must notify the CCB within 24–72 hours of any significant cybersecurity incident. This requires not only knowing how to report via the Safeonweb notification platform, but also having a tested incident response plan.

four-1
Determine your CyFun® assurance level

Organisations using the Belgian CyFun® framework should define which assurance level applies to them: Basic, Important, or Essential. This level determines the depth of controls and the form of evidence required for compliance or certification.

five
Train leadership and teams

NIS2 explicitly requires that management be capable of making informed cybersecurity decisions. Board and leadership teams should have completed cybersecurity and risk management training by April 2025 at the latest. In parallel, employee awareness remains a core control under NIS2’s risk management measures.

six
Implement the right controls

Once the scope and level are defined, organisations must conduct a gap analysis against CyFun® (or ISO/IEC 27001) and implement the required controls. This process should be structured, gradual, and evidence-based, ensuring documentation and review at each stage of implementation.

seven
Validate and maintain compliance

Essential entities are required to undergo regular third-party assessments, ideally through CyFun® certification by an accredited body. The initial assurance level must be achieved by April 2026, with full certification required by April 2027.

 

Important entities are encouraged to follow the same path, as certification provides clear proof of compliance and strengthens trust with clients and regulators.

NIS2  resources that help you stay ready. 

NIS2 Readiness: Where Eye Security Can Help

Beyond detection and response, this is an overview of the areas where Eye Security strengthens your compliance readiness.

Download the resource

NIS2 Readiness: Where Eye Security Can Help

Beyond detection and response, this is an overview of the areas where Eye Security strengthens your compliance readiness.

Download the resource

Incident Response Readiness under NIS2

This is your practical guide to achieving 24h and 72h incident reporting readiness. 

Download the resource

Incident Response Readiness under NIS2

This is your practical guide to achieving 24h and 72h incident reporting readiness. 

Download the resource

Here is what experts across industries say about NIS2.

Ultimately, the new rules are meant to make organisations more resilient. So avoid rushing that. Instead, make use of the extra time you have. NIS2 helps make your business safer and healthier. It can also take you to a higher level of knowledge. And it is certainly not a stick to beat with. On the contrary, it is an effective tool. Think of it as tailwind instead of a headwind.
Simone Pelkmans
Partner Digital Regulations
In order for the legislation to be effective, Europe is in need of a highly skilled workforce to exercise the tasks designated by NIS2. Independent security audits, risk assessment, cybersecurity architecture design and implementation, and incident management and reporting need to be carried out by certified professionals.
Chris Dimitriadis
Chief Global Strategy Officer, ISACA
Remaining proactive in enhancing cyber security is vital to maintaining competitiveness. This is not only about complying with laws and regulations, but about ensuring that your business is cyber resilient and able to deal with the ongoing cyber threat landscape and risks.
Auke Huistra
Managing Director, Applied Risk
Many think the NIS2 Directive is a technical issue and run at the technical side of it. But it is the strategical and tactical side of it to be implemented and from that perspective translate into what needs to be done in operations. To achieve this, there must be policies, procedures and processes to be agreed upon and then implemented within operations.
Mohamad Adib Baroud
Expert NIS2 Directive

Enterprise-grade, made for the mid-market

This is tailored cybersecurity that meets the scale and complexity of mid-market organisations without the overhead of enterprise-only tools. Simple and to the point. AI-driven detection and expert-led response prevent downtime, protect revenue, and safeguard operations while helping you prepare for the unexpected. 

Protect business continuity

  • Best-of-breed EDR and ITDR
  • 24/7 in-house SOC
  • 24/7 incident response

Build future readiness

  • Annual cyber reviews 
  • Attack surface deep dives
  • Proactive vulnerability and threat hunting

Simplify cybersecurity

  • All-in-one, all-you-need package
  • Onboarding within hours 
  • Built for your scale and risk profile

Accelerate compliance

  • Streamlined audits and regulatory alignment
  • Competitive cyber insurance premiums
  • Frictionless insurance qualification and renewals
Get in touch

Discover why companies choose Eye Security.

Protect yourself against digital threats with Europe's leading Open XDR solution. Try a demo to see how Eye Security compares to your existing solution.

  • Protect your business 24/7
  • Prevent ransomware & data breaches
  • Respond to attacks within minutes
  • Mitigate financial losses with cyber insurance, advised by brokers

 

Trusted by European companies:

Talk to an expert.