
Include NIS2 compliance requirements in your supplier contracts
According to the NIS2 Directive, essential and important entities are required to secure their supply chains. By including the NIS2 Quality Mark as a mandatory requirement in procurement terms, this can be arranged quickly and effectively. For your suppliers, it is an achievable and affordable certification. Ideal for NIS2 entities that want to be compliant without placing an excessive burden on their supply chain.
European companies are directly subject to NIS2.
European companies are indirectly affected by NIS2 (as suppliers).
Affiliated Dutch and European partners for optimal support.
Why a uniform cybersecurity standard?
The NIS2 Directive requires essential and important entities — which we refer to as NIS2 companies — to assess the risks of their direct suppliers or service providers and, if necessary, specify cybersecurity measures. These measures are based on a comprehensive approach that covers all threats and aims to protect network and information systems, as well as their physical environment, from incidents.

The NIS2 Quality Mark: achievable and scalable
The NIS2 Quality Mark is a practical and scalable standard. With a modular system comprising three levels (QM10, QM20, and QM30), companies can implement the appropriate level of security measures tailored to their risk.
QM10 BASIC
For SMEs with a limited risk that supply directly to NIS2-obligated entities.
QM20 SUBSTANTIAL
For companies with increased risks due to their role or access to sensitive data, and that supply directly to NIS2-obligated entities.
QM30 HIGH
For critical companies in the supply chain that pose a significant risk of disruption in the event of cyber incidents and that supply directly to NIS2-obligated entities.
The importance of the NIS2 Quality Mark
Companies that obtain the NIS2 Quality Mark demonstrate compliance with the stricter requirements of the NIS2 Directive. They build greater trust with customers and partners and reduce the risk of digital incidents. Additionally, they can more easily obtain cybersecurity insurance by showing that the proper measures are in place. This clearly signals that these companies take cybersecurity seriously — a strong message in an increasingly demanding digital world.