Navigating Cyber Compliance: Preparing for NIS2

Join our CyberConnect Series

Are you wondering how the NIS2 Directive will impact your business? Join us for a roundtable discussion that will shed light on what the Directive covers, how you can prepare, and what remains unknown about its implementation.  

Interested in the topic, but can't attend in September? Register for one of our upcoming CyberConnect roundtables

Practical Information

  • Time:
    Thursday, September 12
    15:30 - 18:00
  • Location:
    Hunt & Hackett
    New Babylon
    Anna van Buerenplein 46
    The Hague
    Find on Google Maps


  • 15:00 – 15:30
  • 15:30 – 16:00
    Hunt & Hackett's experts will give an overview of the changes that are expected under the NIS2 Directive, and what this means for Dutch businesses.
  • 16:00 -17:00
    Event host, Marcel van Oirschot, will lead a group discussion. We will go through any concerns, challenges, or learnings you would like to share about the Directive's arrival and implementation.
  • 17:00 – 17:30
    We will conclude the session with some key takeaways and recommendations.
  • 17:30 – 18:00
Roundtable LinkedIn Ads (draft options) (2000 × 1331 px)


Preparing for NIS2

How can you ensure compliance?

The second Network and Information Systems Directive (NIS2) came into force in January 2023. This new legislation follows and replaces the 2018 NIS Directive, broadening the scope of enterprises to which it applies. The Directive also introduces mandatory incident reporting requirements for companies falling under its scope. Its aim is to strengthen cybersecurity networks across a variety of sectors in the EU in a harmonised manner. 

The most significant change that comes with the implementation of NIS2 relates to the scope of sectors deemed “critical” in the EU. Under the previous NIS Directive, eight sectors were classified under “essential services”, and Member States were granted significant discretion in the classification of such services. Under NIS2, an expanded list of 11 sectors falls under “essential services”, and an additional seven sectors (deemed “important services”) are also subject to regulation. Organisations falling under the scope of NIS2 will need to implement 10 cybersecurity measures set out in the Directive. They will also face additional obligations related to incident reporting and supply chain security.  

However, before you begin to implement new cybersecurity and risk management measures, keep in mind that they are only a portion of what NIS2 requires from you. The first step should be to examine the structure of your business and management, as the Directive’s incident response and reporting requirements may call for significant reorganisation of security monitoring, incident response, processes and infrastructure.  

While some aspects of NIS2’s implementation remain ambiguous, you can already take steps to prepare. These include setting up an internal management group focused on compliance and investigating the cybersecurity training options available to you. Interested in learning more about how NIS2 may apply to your business? Read our detailed analysis at the link below.