NIS2 Compliance training: demonstrably compliant with the new legislation
Practical in-company training for board members, compliance officers and IT-security. Understand the ten mandatory measures of the NIS2 directive, set up your reporting process and make your board demonstrably accountable — before the legislation takes effect.
NIS2 in numbers
The NIS2 directive places far-reaching obligations on thousands of organisations. Preparation is no longer optional — it is a board-level responsibility.
What your organisation will learn
An intensive full-day training for everyone involved in NIS2 compliance. From scope assessment to reporting procedures and board liability. Content is fully tailored to your sector and organisation.
NIS2 framework & your organisation
Understand what the NIS2 directive entails, who it applies to and what the implementing legislation means for you.
- From NIS1 to NIS2: what has changed?
- Scope: essential versus important entities and the 18 sectors
- Supervisory authorities (NCSC, RDI, sector-specific bodies) and their powers
- Self-assessment: does your organisation fall under NIS2?
Risk management & technical measures
Implement the ten mandatory measures of Article 21 in a practical and proportionate way.
- Risk analysis and information security policy
- Incident handling, business continuity and backup management
- Supply chain security and supplier security
- MFA, encryption, access control and patch management
Reporting duty & incident response
Establish a working reporting procedure and know exactly what to do when a significant incident occurs.
- What is a 'significant incident' under NIS2?
- The three-phase reporting cycle: early warning (24h), notification (72h) and final report (1 month)
- Reporting to the CSIRT and the sector-specific supervisor
- Drafting and testing your incident response plan
Governance, audit & accountability
Ensure your board can demonstrate its responsibility and prepare for supervision and audit.
- Board liability: what does this mean in practice?
- Documentation, policy and evidence of compliance
- Internal audit and NIS2 gap analysis
- Roadmap to full compliance: priorities and quick wins
Why this training?
No dry legal texts, but a practical training that lets you get to work immediately with NIS2 implementation in your organisation.
Practical and immediately applicable
No abstract legal analysis, but concrete steps, templates and checklists that you can put to use straight after the training in your compliance process.
For board and IT together
The training is structured so that board members, compliance officers and IT-security can participate simultaneously, creating shared understanding and joint ownership of the NIS2 approach.
Tailored to your sector
Whether you operate in healthcare, government, energy or financial services: we adapt the examples, case studies and sector-specific supervisors to your specific situation.
Is this training right for your organisation?
The NIS2 training is intended for everyone who plays a role in the implementation and governance of information security within an NIS2-obligated organisation.
Board & Management
Board members are personally liable under NIS2. Understand your responsibilities, the risks of non-compliance and how to demonstrably steer your cybersecurity strategy.
Compliance & Legal
Translate legal requirements into policy, procedures and demonstrable compliance. Learn how to conduct a gap analysis, build documentation and be ready for supervision and audit.
IT-security & CISO
Translate the ten mandatory measures into technical implementations. Learn how to assess your current security measures against NIS2 requirements and which gaps to address first.
Risk Management
Integrate NIS2 requirements into your existing risk management framework. Learn how to conduct a NIS2 risk analysis and link it to your business continuity plan.
Everything you need to know
How it works
The training combines clear explanation of the legislation with practical case studies and working methods. Participants work on a gap analysis for their own organisation and leave with a personal action plan for NIS2 implementation. There is ample time for questions and discussion of your organisation's specific situation.
Preparation
We ask participants to complete a short questionnaire in advance about the organisation's sector, size and current security measures. This allows us to tailor the training optimally and work directly with recognisable situations.
Prior knowledge
A technical or legal background is not required. The training is deliberately designed to be accessible, so that both board members without an IT background and IT professionals without legal experience benefit fully.
Materials & follow-up
Each participant receives a comprehensive handout with the ten NIS2 measures, a gap analysis template, a reporting procedure template and an overview of relevant guidelines and sources. Follow-up is available after the training for further questions or a deepening session.
Custom combinations
Would you like to combine the NIS2 training with a Cybersecurity Awareness training for your employees, an SC-900 Microsoft Security Fundamentals certification or a technical deep-dive into Microsoft 365 security? We are happy to put together a suitable programme.
Everything about the NIS2 Compliance training
The training is intended for board members, compliance officers, CISOs, IT managers, risk managers and everyone responsible for NIS2 implementation within an essential or important entity. No technical or legal prior knowledge is required.
The NIS2 directive applies to medium and large organisations in 18 designated sectors, including energy, transport, banking, healthcare, drinking water, digital infrastructure, ICT services and government. During the training we assess the scope for your specific situation together.
The Dutch implementing legislation is expected in the second quarter of 2026. Organisations are wise to prepare now, so that they are demonstrably compliant on the date of entry into force.
For essential entities, maximum fines are €10 million or 2% of global annual turnover (whichever is higher). For important entities, this is €7 million or 1.4% of annual turnover. Board members may also be held personally liable.
Article 21 of the NIS2 directive requires organisations to implement: (1) risk analysis and security policy, (2) incident handling, (3) business continuity and crisis management, (4) supply chain security, (5) security in systems acquisition and development, (6) assessment of the effectiveness of measures, (7) cyber hygiene and cybersecurity training, (8) cryptography and encryption, (9) personnel security and access control, and (10) use of multi-factor authentication and secure communications.
In the event of a significant incident, you must submit an early warning to the CSIRT or competent supervisor within 24 hours. Within 72 hours, a full notification follows with an initial assessment of severity and impact. Within a maximum of one month, a final report must be submitted with a complete description, root cause analysis and measures taken.
Yes, all our training courses are available in-company, at your location or online. Content, sector-specific examples and level are fully tailored to your organisation and your specific NIS2 challenges.
Absolutely. Popular combinations include the NIS2 Compliance training for management combined with a Cybersecurity Awareness training for all employees, or a deep-dive into SC-900 Microsoft Security Fundamentals for the IT team. We are happy to put together a suitable programme.
Make your organisation NIS2-compliant
Fill in the form on our contact page or call us directly. We will contact you within two business days to discuss your needs. Completely without obligation.