To cybersecurity

NIS2: Essential step towards a more cyber-secure Europe requires more cyber expertise

Published on 18/05/22 by Danny Goderis
On Friday, 16 May, the European Parliament and the European Council reached an agreement on the revision of the European framework for the security of network and information systems, NIS2. Agoria is pleased with this reform, which lays the foundation for Europe's cybersecurity efforts in the coming years. Transposition into national legislation is expected in spring 2024 at the latest.

The war in Ukraine has made it painfully clear that cyber security is vital to Europe's future --  to its citizens, industry and society. The new NIS2 Directive aims to create a broad cyber security awareness. In addition to most central government departments, many companies have also been affected. While the existing NIS1 directive primarily covered a number of critical sectors, such as energy and telecom, almost all sectors are now covered by the NIS2 directive, including the Agoria sectors of manufacturing and the ICT sector.

Most manufacturing companies and digital service providers will therefore be bound by this NIS2 directive.

A GDPR Directive for Cybersecurity

By analogy with the personal data processing policies that companies and governments have developed since the GDPR, this framework will also require companies to have a specific cyber security policy. That policy will require a risk analysis, incident handling procedures, taking mitigating measures as well as business continuity plans in line with the identified risks. Staff training and awareness is also a necessary component. Finally, the security of supply chains is also a crucial element of the directive. There will also be an obligation to report security incidents. Companies will therefore have to develop a cyber security plan with all these elements in accordance with the NIS2 Directive.

Proportionality for SMEs

The applicability of NIS2 is therefore determined by the sector to which a company belongs, but also by the size of the company. With a view to proportionality, a "size cap" was built in. Broadly speaking, only large and medium-sized companies will be accountable under NIS 2. The Member States can still deviate from this in order to include small or even micro-enterprises in the scope of the directive. Although all companies should actually have a cyber security plan, it is best to take into account the feasibility for small companies. For example, in the scope and size of the plan.

When transposing the directive into national legislation, Agoria pleads for consultation between the government, the regulator and the industry in order to draw up a proportional framework together.

More cyber experts and a strong cyber industry 

The NIS2 will require many more companies and organizations from roughly all sectors to implement a more complex set of obligations. This will require more cyber knowledge, more cyber experts and a strong cyber industry to meet the demand. However, according to current estimates, there is a major shortage of 200,000 and of 5,000 to 7,000 cyber experts in Europe and Belgium respectively. Agoria therefore calls upon the competent authorities to interact with the various sectors and in particular with the sector of cybersecurity companies and the cyber industry, so as to raise awareness and provide guidance, but especially in order to work together for more qualified cyber experts and a strong cyber industry. 

Recommended experts

Ilse Haesaert
Business Group Leader Digital
Eric Van Cangh
Senior Business Group Leader Digital

Documents

icon
Recommendations in case of a cyber attack: steps for SMEs
In English | 456 KB

Agenda

Services

Advice - Cybersecurity REDline

Are you the victim of a cyber attack or has a cyber security incident occurred? Agoria provides you with first-line assistance best suited to your specific situation.

Read more

Advice - Cybersecurity

We provide expert advice and inform you about technological trends and developments within your sector or market. In addition, we introduce you to important players, stakeholders and business development opportunities.

Read more
Was this article useful?

Related articles

News

New proposals for a Cybersecurity Act 2 and an amended NIS2 Directive: what changes and impacts for your company?

Arnaud
Martin
26/02/26
On 20 January 2026, the European Commission published a cybersecurity package proposal with a view to further strengthen the cybersecurity in Europe while making the rules simpler and more harmonised. It involves new proposals to...
News

CRA Standards Unlocked: Deep Dive Session EN 40000-1-4 Security Controls - Generic security requirements' (2026-03-05)

Dirk
De Moor
12/02/26
CENELEC organises a Deep Dive Session on EN 40000-1-4: Security Controls – Generic Security Requirements, a key horizontal standard supporting compliance with the essential product requirements of the Cyber Resilience Act (CRA)...
News

‘Converging IT-OT towards cybersecurity compliance’ event: key takeaways

Arnaud
Martin
18/12/25
On 11 December, Agoria welcomed more than 95 participants to its offices in Diegem for an event on OT cybersecurity compliance. The event focused on a central question: how can the generic requirements of the NIS2 standard be...

Related topics