Belgium marks the first anniversary of the NIS2 Directive’s entry into national law—an important milestone not only for our country but for the entire European cybersecurity landscape. As the first EU Member State to transpose the Directive into national legislation, Belgium set the pace for strengthening resilience across essential sectors and critical digital supply chains.
A broad and maturing ecosystem of registered entities
One year on, Belgium has already registered 1,500 essential entities and 2,500 important entities under the NIS2 framework. This means the vast majority of organisations falling under the Directive have now been identified.
In a few specific sectors, however, registrations are still lagging. Organisations that are unsure whether NIS2 applies to them are encouraged to use the NIS2 Scope Test Tool and, if in scope, complete their registration through https://atwork.safeonweb.be without delay.
CyFun 2025: supporting risk assessment and security maturity
To help entities meet their new obligations, the Centre for Cybersecurity Belgium has released the 2025 version of CyFun, an updated and more intuitive tool to guide organisations through their cybersecurity risk assessment.
Data indicates that 75% of entities have already selected a security framework (a majority of which being CyFun), showing strong awareness and early adoption. For those still at the starting line, CyFun 2025 provides a solid and accessible way to begin risk evaluation and compliance planning.
Streamlined incident reporting through a dedicated notification platform
To further support organisations in understanding the evolving threat landscape, the CCB has also hosted a dedicated webinar (see link below) detailing among others NIS2-related incidents across different sectors and the new version of CyFun2025. The session provides also deeper insight into the trends, challenges and lessons learned from the first year of notifications, helping entities strengthen their preparedness and response.