NIS2 compliance checklist: from duty of care to demonstrable evidence
For executives, CISOs and information managers at municipalities, water authorities, public-service bodies and their suppliers. The Dutch Cybersecurity Act (Cbw) translates the European NIS2 Directive into a duty of care, a reporting obligation and personal accountability for management. This checklist helps you quickly determine whether you fall under the law and where your biggest gaps are — section by section, tickable, so you know what can be picked up tomorrow.
0 / 42 completed
1. Determine scope & registration
2. Risk management & security measures (duty of care)
3. Incident reporting process (24h / 72h)
4. Business continuity & backups
5. Supply chain & supplier security
6. Governance & management accountability
7. Documentation & demonstrability
Want to know where you really stand? Start with a NIS2 baseline assessment
This checklist shows the themes; a baseline assessment shows your actual position. We assess your organisation against the duty-of-care and reporting requirements of the Cybersecurity Act, prioritise the gaps by risk and impact, and deliver a concrete roadmap with the rationale your board needs. Also available as an independent second opinion on an ongoing NIS2 programme.