NomaPort
Netherlands · NIS2

Cyberbeveiligingswet (Dutch NIS2) readiness

Understand what the Cyberbeveiligingswet means for your organisation, who it applies to, potential fines up to €10 million — and how NomaPort Check, Learn and Roam help you build practical readiness.

Team reviewing cybersecurity compliance requirements

What is the Cyberbeveiligingswet?

The Cyberbeveiligingswet is the Dutch implementation of the EU NIS2 Directive. It requires essential and important entities to manage cybersecurity risk with documented policies, incident reporting, supply-chain oversight and staff awareness.

For many SMEs and professional services firms, the law raises the bar from informal IT habits to demonstrable security measures — without requiring an enterprise SOC overnight.

NomaPort helps you close practical gaps: device posture, staff training evidence and secure connectivity for remote and travelling staff.

Who is in scope?

Essential and important entities

The law targets organisations in critical sectors and broader important sectors — including many B2B service providers, manufacturing, digital infrastructure and professional services above size thresholds.

  • Essential entities in energy, transport, banking, health, digital infrastructure and public administration
  • Important entities in postal services, waste management, chemicals, food, manufacturing and digital providers
  • Managed service providers and ICT service management when meeting employee turnover or balance-sheet thresholds
  • Organisations supplying or supporting in-scope entities — supply-chain security obligations apply

Enforcement and fines

Regulators can impose administrative fines for non-compliance. For essential entities, fines can reach €10 million or 2% of global annual turnover — whichever is higher. Important entities face lower caps but still significant exposure.

Up to €10 million

How NomaPort helps

Practical modules for each layer

NomaPort is not legal advice or certification — but it gives you affordable tools to demonstrate ongoing security hygiene and staff awareness.

NomaPort Check — technical baseline

Continuous device posture monitoring for endpoints your team actually uses.

  • Security score and monthly posture reports
  • Alerts when risky settings or missing updates appear
  • Evidence for risk-management and asset-hygiene controls

NomaPort Learn — people and process

Security awareness with simulations and exportable completion records.

  • Phishing simulation and ransomware awareness drills
  • Policy acknowledgement trails for audits
  • Mapped to ISO 27001, GDPR and NIS2 awareness expectations

NomaPort Roam — secure connectivity

VPN-enforced mobile connectivity for staff working remotely or travelling.

  • Kill switch and secure DNS on the road
  • Reduces exposure on untrusted networks
  • Supports secure remote-work and field-access scenarios

Free PDF readiness checklist

Request our Cyberbeveiligingswet checklist by email — a practical starting point for gap analysis conversations with management and advisors.

Get the checklist

Check your company's readiness

Run a free external port scan to spot obvious exposure, then use Check for ongoing monitoring across your devices.

Check your readiness

Build evidence, not just intentions

Combine Check + Learn for device monitoring and staff training — the most popular starting point for growing teams.

View Check + Learn Kit