On 23 September 2025, the revised Government Information Security Baseline (BIO2) was adopted by the Government-wide Digital Government Policy Consultation (OBDO). This BIO2 takes immediate effect as mandatory self-regulation for provinces, water authorities and the central government, and as a guiding framework for municipalities.
BIO2: revised baseline framework
The BIO2 (Dutch) is the baseline framework for information security across all government layers. The revised framework reflects international security standards. Additionally, it replaces the current classification into three Basic Security Levels (BSLs) with a risk-based approach. Various government measures have been strengthened to meet the requirements arising from the NIS2 Directive.
Furthermore, the BIO2 will be incorporated into the obligations arising from the Cyber Security Act (Cbw), as part of the implementation of the NIS2 Directive.
The Information Security and Privacy Protection Center (CIP) is launching a support campaign to help organisations implement the BIO2.
