NIS2 Quality Mark, the game changer

Dr. Michel A. Dutrée
Voorzitter, Stichting Kwaliteitsinnovatie

The challenge of all of us, a secure digital foundation

Digital security is of paramount importance in business. To improve digital security, NIS2 legislation that poses new challenges for business. As we all know, the digital world we live in is constantly changing and offers both opportunities and threats. Therefore, it is essential that we work together to create a solid foundation for digital security so that organisations can work together without major risks.

Our mission

Our goal is for all companies and organisations in Europe to have a minimum but robust foundation of cybersecurity standards and comply with the NIS2 Cybersecurity Act. We offer a growth model that starts from the basics: a minimum of cyber hygiene. This foundation, known as the QM10 standard, is what we should expect from each other for secure collaboration. We aim for every company in Europe to achieve at least this basic cyber standard achieved. We believe that if companies are going to work together and build a long-term relationship, there a minimum digital foundation should be in place for that arrangement, so that digital collaboration can happen in confidence.

The challenge of all of us, a secure digital foundation

The introduction of NIS2 (Network and Information Security Directive) is a gamechanger for cybersecurity. With it we are taking an important step in improving our digital security. This directive requires more than 100,000 large organisations in Europe to actively address cybersecurity which is a milestone and game-changer in this domain. Whereas cybersecurity was often addressed voluntarily before, it has it has now become a mandatory measure. This is the catalyst for a structural change in thinking about how organisations should approach their digital security.

The chain reaction

The chain reaction NIS2 is not just limited to large organisations. Through the chain, over 400,000 suppliers organisations and companies of all sizes are involved in the chain obligation. This means that many organisations in Europe face a huge challenge. Implementing effective cybersecurity measures is no longer an option, but a necessity. Each link in the chain must take its responsibility to ensure overall security where a risk component is present. Agreeing with each other that there is a demonstrable level of minimum cybersecurity, a minimum level of cyber hygiene, is essential. For any collaboration, NIS2-QM10 is the minimum standard.

Differentiation in cybersecurity needs

Our mission is possible because the European Union recognises that cybersecurity needs and actions to be taken measures vary by organisation size and complexity. We have created a customised standards system in three levels, developed together with dozens of experts and industry associations. This approach makes cybersecurity scalable and therefore NIS2 achievable for any organisation, and allows us to grow together in security.

Our standard, known as the NIS2 Quality Mark, is a flexible and scalable framework that helps companies of different sizes and sectors to help meet the requirements of NIS2. It offers a step-by-step approach, allowing companies to scale up their cybersecurity measures as their needs grow. This ensures that even the smallest companies, by passing NIS2-QM10, can achieve a good level of protection without unnecessary complexity or over-investment. With NIS2-QM10 we together have a fine standard that meets the minimum cyber hygiene requirements that we as collaborating organisations should expect from each other. Setting the standard was actually straightforward. The government helped us by publishing various guidelines and advice online, and further, we took a good looked at the minimum standard to meet for cybersecurity insurance. These facets together lead to a list from which we have made the minimum standard: NIS2-QM10.

Companies with a heavier risk profile choose either NIS2-QM20 or NIS2-QM30. The NIS2-QM30 contains all the components from the NIS2 and also incorporates IT and OT components necessary to get 360-degree security in complex production environments.

3 levels of NIS2 cybersecurity as growth path for cooperation in the chain

Achieving goal through cooperation and support

Thanks to the cooperation of dozens of industry associations, we are supporting companies in this huge challenge. It is essential that companies take the right steps now, as everything is digital these days. With a mix of online working, remote support, business intelligence and AI, we also aim to to alleviate auditing capacity challenges. Our approach focuses on collaboration with other parties. Together, we can offer organisations and companies not only the standard, but, through cooperation partners, also offer the tools and knowledge they need as well as the practical support to deploy these tools effectively. Training, advice and ongoing support are essential components so that organisations can be confident in their ability to tackle and overcome them.

Integration with and growth path to known standards

By adding our standard, with specific focus on the supply chain, to the cybersecurity standards landscape, we provide a growth path to well-known standards such as ISO27001, NEN7510 and a widely used framework such as NIST. The path of continuous attention and growth in cybersecurity systematically leads to persistent and ever-improving digital security.

Companies and organisations using the NIS2-QM standards will add measures each year to their safety. This standard requires attention every year, so it is not a stationary standard. Nor would it be possible given the dynamics of cybersecurity in which threats are also constantly emerging.

Integration with existing standards ensures that organisations that have already taken steps in their cybersecurity strategy can seamlessly expand and enhance these efforts. Through mappings and transparency, we avoid the need for duplication. It’s about the real measures that achieve security achieve, not the name of the standard or the seal.

Building safety together

I am extremely proud to be chairman of the Quality Innovation Foundation, which links modern challenges links to a high-quality standard that we want to roll out widely in Europe. Our standard strives to become a valued resource. Together, we can build a secure digital future for everyone. Our joint efforts will not only contribute to a more secure digital environment but also to the confidence and resilience of our economy and a secure digital society.

Thank you very much for your attention and your commitment to a safer digital world.


Dr. Michel A. Dutrée >>

Remco van der Linde >>

Rick van der Gaag >>

Nathalie Verkade>>

Scroll naar boven