NIS2

Expert

The NIS2 law and the NIS2 Quality Mark: the game changers

Dr. Michel A. Dutrée
Chairman, Stichting Kwaliteitsinnovatie

Our collective challenge: A secure digital foundation

Digital security is of paramount importance in the business world. The new NIS2 legislation poses new challenges for companies. As we all know, the digital world we live in is constantly evolving, offering both opportunities and threats. It is therefore vital that we work together to create a solid foundation for digital security so that organisations can work together without significant risk.

Our mission

Our mission is for all companies and organisations in Europe to adopt a minimum but robust set of cybersecurity standards and comply with the NIS2 Cybersecurity Act. We offer a growth model that starts with the basics: a minimum level of cyber hygiene. This foundation, known as the QM10 standard, is what we should expect from each other to work together securely. We want every company in Europe to achieve at least this basic cyber standard. We believe that if companies want to work together and build long-term relationships, there needs to be a minimum digital foundation for that agreement, so that digital collaboration can take place with confidence.

NIS2, the game changer, as a catalyst

The introduction of NIS2 (Network and Information Security Directive) is a game changer for cyber security. It marks a significant step forward in improving our digital security. The directive requires more than 100,000 large organisations in Europe to actively engage in cybersecurity, which is a milestone and a game changer in this area. Whereas in the past, cybersecurity was often approached on a voluntary basis, it is now mandatory. This is the catalyst for a structural change in how organisations should approach their digital security.

The chain reaction

NIS2 is not limited to large organisations. Through the supply chain, more than 400,000 suppliers, organisations and businesses of all sizes are also involved in the supply chain obligation. This means that many organisations across Europe face a significant challenge. Implementing effective cybersecurity measures is no longer an option, it is a necessity. Each link in the chain must take responsibility for ensuring overall security wherever there is a risk component. It is essential to agree that there is a demonstrable minimum level of cybersecurity, a minimum level of cyber hygiene, in any collaboration. NIS2-QM10 is the minimum standard for any collaboration.

Differentiating cybersecurity needs

Our mission is possible because the European Union recognises that cybersecurity needs and measures vary according to the size and complexity of organisations. We have created a tailored, three-tiered system of standards, developed in collaboration with dozens of experts and industry organisations. This approach makes cybersecurity scalable, making NIS2 achievable for every organisation and allowing us to grow together in security.

Our standard, known as the NIS2 Quality Mark, is a flexible and scalable framework that helps organisations of different sizes and sectors to meet the requirements of NIS2. It provides a step-by-step approach that allows organisations to scale their cybersecurity measures as their needs grow. This ensures that even the smallest organisations can achieve a good level of protection by achieving NIS2-QM10 without unnecessary complexity or over-investment. 

With NIS2-QM10, we have collectively established a robust standard that meets the minimum cyber hygiene requirements that we, as collaborating organisations, should expect from each other. Creating the standard was relatively easy. The government helped us by publishing various guidelines and advice online, and we also carefully considered the minimum standard required to obtain cyber security insurance. These aspects together led to the creation of the minimum standard: NIS2-QM10.

Companies with a higher risk profile can opt for NIS2-QM20 or NIS2-QM30. NIS2-QM30 includes all the components of NIS2, plus the IT and OT components required for 360-degree security in complex manufacturing environments.

3 levels of NIS2 cyber security as a growth path for supply chain collaboration

Achieving goals through collaboration and support

Thanks to the collaboration of dozens of industry associations, we are helping businesses meet this enormous challenge. It is vital that businesses take the right steps now, because everything is digital now. With a mix of online working, remote support, business intelligence and AI, we also aim to alleviate capacity challenges in auditing. Our approach focuses on collaboration with other parties. Together, we can provide organisations and companies not only with the standard, but also, through collaborative partners, with the tools and knowledge they need, and the practical support to use them effectively. Training, guidance and ongoing support are essential components to ensure that organisations can confidently address and overcome cyber threats.

Integration and growth path with established standards

By adding our standard with a specific focus on the supply chain to the cybersecurity standards landscape, we provide a growth path to well-known standards such as ISO27001, NEN7510 and widely used frameworks such as NIST. The path of continuous focus and growth in cybersecurity systematically leads to sustainable and ever-improving digital security.

Companies and organisations using the NIS2-QM standards will add measures to their security each year. This standard requires annual attention and is therefore not a static standard. This would not be possible given the dynamic nature of cyber security, where new threats are constantly emerging.

Integration with existing standards ensures that organisations that have already taken steps in their cybersecurity strategy can seamlessly extend and improve those efforts. Through mapping and transparency, we avoid duplication of effort. It is about implementing real measures that achieve security, not the name of the standard or the certification mark.

Building safety together

I am particularly proud to serve as chairman of the Stichting Kwaliteitsinnovatie, which combines today’s challenges with a high-quality standard that we want to roll out across Europe. Our standard aims to become a valued tool. Together we can build a secure digital future for all. Our joint efforts will contribute not only to a safer digital environment, but also to the trust and resilience of our economy and a secure digital society.

Thank you for your attention and commitment to a safer digital world.

Yours sincerely,
Dr Michel A. Dutrée
President, Stichting Kwaliteitsinnovatie

Interviews

Dr. Michel A. Dutrée >>

Remco van der Linde >>

Rick van der Gaag >>

Nathalie Verkade>>

Jan Meijroos >>

Scroll to Top