NIS2

The Supply Chain Cyber Security Standard

Designed for direct suppliers to NIS2 companies

The Network and Information Systems Directive, or NIS2 Directive, was adopted by the European Union to improve the cybersecurity and resilience of essential services. Compared to the first NIS Directive, NIS2 goes much further. It covers more sectors and imposes stricter security standards and incident reporting requirements. 

Organisations identified as critical or important, the NIS2 companies, have a significant obligation to protect their digital networks and systems from disruption or extortion. This includes working with their direct suppliers to secure the supply chain. The NIS2 Quality Mark is the intended vehicle for this.

As NIS2 companies are held partly responsible for the cybersecurity of the supply chain, they will require their direct suppliers, often SMEs, to take the necessary security measures. But when have they done enough? And how can they prove it?

The NIS2 Quality Mark, developed in consultation with and supported by dozens of trade and professional associations, provides a practical answer to these questions. With a modular system of standards, companies in the supply chain can take the right steps according to the importance and size of their organisation, with an official NIS2 QM certificate as verifiable proof.

Modular standards system with recognised certificate as proof

NIS2 Quality Mark features 3 levels, tailored to the importance and size of the organisation

Scroll to Top