Dutch business loses competitiveness due to unfamiliarity with NIS2
European cybersecurity directive
In October, the stringent European cybersecurity directive Network and Information Security 2 (NIS2) will come into force. This directive focuses on risks that threaten networks and information systems and could disrupt the economy and society. This includes organisations dealing with energy, transport, banking, infrastructure, financial markets, healthcare, drinking water, digital infrastructures, waste water, public services, space and management of ICT services.
Chain responsibility
As with CSRD, the European sustainability reporting system, chain responsibility applies to NIS2. If a company falls under the NIS2 directive, so do its suppliers. If they fall victim to a cyberattack and cannot deliver their products or services on time, the business continuity of their customers higher up the chain is also at risk.
Need for NIS2-Compliance
It is not as if these obligations came out of the blue. The companies concerned have had ample time to prepare for NIS2. It is difficult to explain why the Netherlands, which is so dependent on exports, has dropped stitches here. Extra worrying is that Germany and Belgium, two of the largest foreign markets for Dutch companies, took the NIS2 obligations seriously and expected this from their supply chain partners. So, NIS2 compliance needs to be put at the top of the agenda in the Netherlands to avoid losing market share. Therefore, it is wise to take the necessary steps in cooperation with a specialised management consultancy firm as soon as possible to mitigate cyber risks and sustainably strengthen one's competitive position.