Network and Information Security Directive 2 (NIS2)
The NIS2 Directive is the European Union’s updated framework for enhancing the cybersecurity and operational resilience of essential and important entities across the digital ecosystem. It introduces stricter requirements for risk management, incident reporting, supply chain security, and governance among others. Reflecting the growing importance of digital infrastructure in modern society.
For Ver.iD, a provider of digital identity infrastructure operating in sensitive and regulated domains, alignment with NIS2 is both a strategic and ethical imperative. Recognizing the directive’s significance, Ver.iD has voluntarily registered with the Dutch regulatory authority to be considered within scope under NIS2.
In the Netherlands, NIS2 is being implemented through the Cyberbeveiligingswet, which expands on the EU directive to include additional national provisions. The final publication of this legislation is expected by the end of Q2 2025, after which enforcement will intensify across in-scope sectors. By embracing NIS2 early, Ver.iD ensures that our platform, policies, and governance structures meet the highest standards of cybersecurity and operational continuity, further reinforcing trust among our clients and partners.
Roadmap
| Phase | Date | Description |
|---|---|---|
| Assessment Phase | Q2 2024 | Determine the need for NIS2 compliance. |
| Discovery Phase | Q3 2024 | Map out existing processes, policies and security measures. |
| Planning Phase | Q3 2024 | Develop a comprehensive project plan outlining tasks, timelines, resources, and budgets. |
| Gap Analysis | Q4 2024 | Conduct a gap analysis with current state and requirements of NIS2. |
| Start of Implementation | Q1 2025 | Implementation of identified gaps. |
| Review | Q2 2025 | Review final publication of the cyberbeveilingswet. |
| Monitor | Continuous | Monitor to uphold requirements with respect to NIS2/cyberbeveilingswet. |
Status
Ver.iD is currently in the review phase of its NIS2 compliance journey. Following the successful completion of the assessment, discovery, planning, gap analysis, and the start of implementation in Q2 2025, we are now closely reviewing the latest developments and near-final version of the Cyberbeveiligingswet, expected later this quarter.