Get compliant with NIS2

NIS2 compliance is now a legal obligation for many EU organisations. We help you assess, implement and validate the right security measures, so you meet the standard, avoid penalties, and stay in control. Choose full support or just the steps you need.

Talk to an expert
Solutions
Logos-Golden-Ratio_0008_xxlarge_Logo_Pauwels_Sauzen_CMYK_Print_300_dpi_04b8f15a24
Logos-Golden-Ratio_0004_Club_Brugge_KV_logo.svg
Logos-Golden-Ratio_0005_Easi-logo.svg
Logos-Golden-Ratio_0010_vrijetijd_hoplr
Logos-Golden-Ratio_0013_Cimpro-Logo_2014-scaled
Logos-Golden-Ratio_0003_logo
Logos-Golden-Ratio_0002_Logo-Responsum
Logos-Golden-Ratio_0007_LOGO_iz_pos_pms
Logos-Golden-Ratio_0011_citymesh-logo-mini-power
Logos-Golden-Ratio_0000_321502329_1340258323427703_8014709527846285048_n
Logos-Golden-Ratio_0006_ipsos-1
Logos-Golden-Ratio_0001_pionira
Logos-Golden-Ratio_0009_WGK-logo-geel-RGB

What is NIS2 and why does it matter?

The NIS2 Directive (EU 2022/2555) is a European cybersecurity law that sets stricter obligations for organisations operating in critical sectors. It replaces the original NIS Directive and aims to improve resilience across the EU, not just for governments, but for the private sector too.

You might fall under NIS2 if your organisation:

  • Operates in a critical sector
  • Exceeds size thresholds (based on FTEs, turnover, or balance sheet total)
Business woman looking into the camera

Not sure if you’re in scope? Take our free, 5-minute NIS2 check and find out in minutes.

Take the NIS2 applicability check

The consequences of non-compliance

Business man in a modern office

The stakes are high. Under NIS2, non-compliance can lead to legal enforcement, reputational damage, and financial penalties. However, compliance isn’t just about avoiding fines, but rather about protecting your organisation, your customers, and your ability to operate in the EU market with confidence.

Cingulum helps you:

  • Understand how the directive applies to you
  • Close security and compliance gaps
  • Demonstrate alignment through audits and certification

How we support NIS2 compliance: the Cingulum Methodology

Whether you want end-to-end support or targeted help, we adapt to your context. The Cingulum Methodology is flexible by design. We break NIS2 compliance into three clear phases: Assess. Implement. Validate.

Assess

Get a clear view of where you currently stand.

Maturity assessment

Map your current capabilities and gaps.

Standards-based risk assessment

Get a clear roadmap towards better information security.

Implement

Accelerate your security maturity with tailored guidance.

CISO-as-a-Service

Strategic security leadership without the overhead.

Implementation to maturity

From policies to full execution.

Validate

Prove your strength and resilience today.

Internal audit & management reviews

Aiming for an certification? Test your ISMS with an internal audit before going for the external audit.

Guidance & support with external audit & certification

Expert guidance through the external audit.

Maintain

Accelerate your security maturity with tailored guidance.

ISO-as-a-Service

Continuous ISO 27001 support done right.

Security Staffing

Get full-time security support without the overhead

ISMS Maintenance

Coming soon

Don’t wait until it’s too late: Get started with NIS2

Many organisations underestimate how much time, coordination, and technical alignment NIS2 compliance takes. Leaving it until the last moment increases the risk of:

  • Incomplete or rushed implementation
  • Failed audits
  • Legal and financial penalties
  • Reputational damage with clients or regulators

The earlier you start, the more flexibility and control you retain. Our experts help you prioritise what matters, and avoid common pitfalls.

Woman and man having a meeting
NIS2

Want to learn more about NIS2?

Our free ebook offers a clear, concise, and actionable guide to understanding NIS 2, its potential impact on you and your organisation, and the essential steps to take in order to prepare

Download the NIS2 eBook

What you get (that others don't)

  • Security consultants who actually deliver and not just offer "advice"
  • A plan tailored to your business, not just a compliance checklist
  • Cross-sector insights because we've seen what works and what fails
  • Access and guidance to trusted tech & audit partners, no need to shop around
  • Value-first delivery, so you get what you need, not just what's billable
Close up of colleagues in a meeting

Frequently Asked Questions

The NIS2 Directive applies to organisations in specific critical sectors that meet certain size thresholds (based on FTEs, turnover or balance sheet total).
To check whether you’re in scope, take our free NIS2 Applicability Assessment. It gives a quick and accurate answer based on official EU criteria.

NIS2 classifies organisations as either Essential or Important, depending on the sector you operate in and the size of your organisation.

  • Essential entities face stricter oversight, including proactive audits
  • Important entities must still comply, but are generally subject to reactive supervision

The classification determines which obligations and enforcement mechanisms apply to you.

Download our free eBook for more detailed information, or contact us if you have more specific questions.

In Belgium, the NIS2 regulation entered into force on 18 October 2024.
Most obligations are now in effect, including minimum risk-management measures, incident reporting, and management accountability.

Registration with the CCB (via Safeonweb@Work) should already have been completed.

However, some deadlines still lie ahead:

  • Conformity assessments (for Essential entities using CyFun® or ISO 27001):
    – Begin by 18 April 2026
    – Final verification or certification by 18 April 2027

Starting now is key. Preparation and audits take time.

Cingulum can help you build a personalised compliance roadmap that meets these deadlines, without stress.

In Belgium, non-compliance can lead to:

  • Administrative fines of up to:
    – €7,000,000 or 1.4% of global turnover (Important entities)
    – €10,000,000 or 2% of global turnover (Essential entities)
  • Additional sanctions may include:
    – Warnings or binding instructions
    – Forced suspension of services or certifications
    – Public disclosure of non-compliance
    – Temporary ban from management roles (for Essential entities)

The Centre for Cybersecurity Belgium (CCB) can carry out inspections, audits, and request evidence at any time.
Starting early and complying correctly avoids costly disruptions and reputational risk.

In general, micro- and small enterprises are excluded, unless they provide services that are critical to society (e.g. specific healthcare, digital infrastructure, or energy services).

Medium-sized and larger organisations in critical sectors are typically in scope. For specific services aimed towards SMEs, please check out our VLAIO packages.

Not entirely. ISO 27001 helps cover many technical and organisational controls required under NIS2, but the directive includes additional legal, governance and supply chain obligations.

We can help bridge the gap between ISO 27001 and full NIS2 compliance, so you’re covered across the board.

You don’t have to follow the full journey. Our approach is modular; you can choose the phases or services you need:

  • Risk assessment
  • ISO or CISO as-a-service
  • Internal audit prep
  • External certification support

We adapt to your context… not the other way around.

Yes. We work closely with internal teams to guide implementation, prepare documentation, and train key roles.
We also partner with trusted independent auditors to help you prepare for, and pass, formal certification.

Yes, our support doesn’t stop at compliance. If needed, we offer:

  • Ongoing risk monitoring
  • Policy updates
  • Internal awareness campaigns
  • Vendor reviews
  • Readiness checks for future audits

We’re here to help you stay compliant and resilient over time, not just tick a box once. Reach out to us to see how we can work together towards consistent compliance.

Ready to get started with NIS2?

Whether you need full support or just one part of the process, we’re ready to help your NIS2 journey.

Let’s keep your organisation secure, compliant, and audit-ready.

Cingulum does everything possible to protect and respect your privacy. You can unsubscribe from our mailings at any time. For more information about how we process your data, please read our privacy statement.
Contact