Other official information and services: www.belgium.be

Ready for NIS2?

News

7 steps to comply with the new cybersecurity legislation

The Centre for Cybersecurity Belgium (CCB) has published a quick start guide to comply with the Belgian NIS2 legislation in 7 steps.

Prepare your organisation for the future of cybersecurity with this NIS2 quick start guide. For businesses, SMEs, and critical infrastructures, it is essential to act now. By following these 7 steps, you will not only meet legal requirements but also strengthen cybersecurity and increase the operational resilience of your organisation.

Don't wait any longer! Tackle the NIS2 challenge one step at a time.

Step 1: Determine if the NIS2 legislation applies to your organisation

Use the easy tool to determine if your organization is covered by the NIS2 regulations. If not, you do not need to comply with the NIS2 regulations, but it is still important to continually improve your organisation's cybersecurity. You can use the CyFun framework to adapt and improve your level.

→ CyberFundamentals Framework

If your organisation falls within the scope, proceed to the following steps in the quick start guide.

Step 2: Register your organisation as soon as possible

All NIS2 entities must register on Safeonweb@Work. https://atwork.safeonweb.be/register-my-organisation

Step 3: Report significant incidents

From October 18, 2024, all NIS2 entities must report significant incidents to the CCB via the reporting platform or by phone at +32 (0)2 501 05 60.

Step 4. Determine your organisation's CyberFundamentals (CyFun^®) level

Use the CyFun^® selection tool to determine the appropriate assurance level (basic, important, or essential) for your organisation. https://atwork.safeonweb.be/tools-resources/cyberfundamentals-framework/choosing-right-cyber-fundamentals-assurance-level-your-organisation

Step 5. Plan training

Board members and management must be trained in cybersecurity to fulfill their responsibilities and obligations as required by the NIS2 legislation.

Step 6. Implement security measures

Use the three-step CyFun^® framework to comply with the NIS2 legislation. https://atwork.safeonweb.be/tools-resources/cyberfundamentals-framework

Step 7: Conduct security audits

Essential entities must regularly have their implementation assessed by a third party accredited through CyFun^® certification.

Important entities can also undergo regular compliance assessments within the CyFun^® framework to obtain a presumption of compliance. The appropriate CyFun^® label or certificate is crucial as evidence in case of an incident.