NIS2

Menu
Menu

NIS2 Quality Mark: the standard for a secure supply chain

From Q3 2025, NIS2 will require large companies to manage risks in their supply chain. As a result, they also demand that their suppliers – often SMEs – work securely.

With the NIS2 Quality Mark, you can easily meet these requirements. We guide you towards a secure digital future!

Obtain the NIS2 Quality Mark
Request pre-registration

What is NIS2?

NIS2 is a European law that requires essential sectors to strengthen their cybersecurity. NIS stands for Network and Information Systems and focuses on improving the security of networks and information systems. Companies and their suppliers must manage risks and prevent cyber incidents through stricter security measures and reporting obligations.

The number of companies affected by NIS2

Directly (under government control): In Europe, 400,000 companies are directly subject to NIS2.
Indirectly (under the control of NIS2 companies): Approximately 1.8 million businesses (suppliers) will be indirectly impacted by NIS2. Large NIS2 companies are required to secure their supply chain and can only collaborate with secure suppliers who can demonstrate that their cybersecurity is up to standard.

With the NIS2 Quality Mark, this becomes easy.

Why a uniform cybersecurity standard?

The NIS2 Directive requires essential and important companies – the so-called NIS2 companies – to secure their supply chain against cyber risks. They must require their direct suppliers, often SMEs, to demonstrate that they are digitally secure whenever a risk is present. This means that SMEs are obliged to provide proof of their security measures. The NIS2 Quality Mark is the certificate awarded following an audit by an accredited auditing organisation.

The NIS2 Quality Mark: achievable and scalable

The NIS2 Quality Mark is a practical and scalable standard, suitable for both small and large organisations. Thanks to its flexible structure, companies can easily achieve certification.

By mapping cyber risks, taking measures, and training employees, companies gain more control over vulnerabilities and can better manage risks.

To provide optimal support to businesses, the NIS2 Quality Mark is divided into three levels, tailored to the level of risk. This makes the standard accessible to every sector and company.

  • QM10 BASIC – For SMEs with limited risk that supply NIS2-obliged companies.

  • QM20 SUBSTANTIAL – For companies with increased risks due to their role or access to sensitive data.

  • QM30 HIGH – For critical companies in the supply chain that pose a significant risk of disruption in the event of a cyber incident.

Getting started with the NIS2 Quality Mark
Download the standard documents
Scroll to Top