A mapping (overview) of NIS2 measures for the security standard NEN-EN-ISO/IEC 27002 (nl) has been published. This mapping was developed by the Ministry of the Interior and Kingdom Relations (BZK), in collaboration with the IBO core. The IBO is the forum where decision-making regarding the BIO takes place, involving representatives from BZK and umbrella organisations for the central government, municipalities, provinces, and water authorities.
NIS2 Directive
The revision of the Network and Information Security (NIS2) Directive represents new European cybersecurity legislation. It is expected to be applicable in the Netherlands by the end of 2024, aiming to boost cybersecurity and resilience of essential services across EU member states. The NIS2 Directive imposes a duty of care for information security on governments. BZK plans to use the BIO as a framework to fulfil this duty of care.
Mandatory, optional, or conditional?
In the lead-up to the implementation of the directive, there is sometimes confusion about the obligation of specific measures from the NIS2. This new mapping clarifies which measures from the NIS2 are mandatory, optional, or conditional, and how they relate to the NEN-EN-ISO/IEC 27002 (nl) and the current BIO.
The mapping is not intended to indicate the extent to which the BIO already meets the NIS2 measures. The BIO working group is investigating whether additional measures from the NIS2 should be included in a new version of the BIO.
View the mapping and its explanation (Dutch).