On 23 September 2025, the revised Baseline Information Security for Government (BIO2) was adopted by the Government-wide Digital Government Policy Consultation (OBDO). This BIO2 takes immediate effect as mandatory self-regulation for provinces, water authorities and the central government, and as a guiding framework for municipalities.
BIO2: revised baseline framework
The BIO2 (Dutch) is the baseline framework for information security across all government layers. The revised framework reflects international security standards. Additionally, it replaces the current classification into three Basic Security Levels (BSLs) with a risk-based approach. Various government measures have been strengthened to meet the requirements arising from the NIS2 Directive.
Furthermore, the BIO2 will be incorporated into the obligations under the Dutch implementation of NIS2, known as the Cyberbeveiligingswet (Cbw).
The Information Security and Privacy Protection Centre (CIP) is launching a support campaign to help organisations implement the BIO2.
