Checklist

NIS2 compliance checklist: from duty of care to demonstrable evidence

For executives, CISOs and information managers at municipalities, water authorities, public-service bodies and their suppliers. The Dutch Cybersecurity Act (Cbw) translates the European NIS2 Directive into a duty of care, a reporting obligation and personal accountability for management. This checklist helps you quickly determine whether you fall under the law and where your biggest gaps are — section by section, tickable, so you know what can be picked up tomorrow.

0 / 42 completed

1. Determine scope & registration

2. Risk management & security measures (duty of care)

3. Incident reporting process (24h / 72h)

4. Business continuity & backups

5. Supply chain & supplier security

6. Governance & management accountability

7. Documentation & demonstrability

Want to know where you really stand? Start with a NIS2 baseline assessment

This checklist shows the themes; a baseline assessment shows your actual position. We assess your organisation against the duty-of-care and reporting requirements of the Cybersecurity Act, prioritise the gaps by risk and impact, and deliver a concrete roadmap with the rationale your board needs. Also available as an independent second opinion on an ongoing NIS2 programme.

Request a NIS2 baseline assessment