Transposition In Progress

NIS2 in Netherlands

Everything you need to know about the NIS2 directive in Nederland: transposition law, competent authority, fines, deadlines, and how Reglyze helps SMEs become compliant.

Key facts at a glance

Transposition Law

Cyberbeveiligingswet (Cbw) — replacing Wet beveiliging netwerk- en informatiesystemen (Wbni)

Adopted / in force: 2026-Q3

Competent Authority

Nationaal Cyber Security Centrum (NCSC-NL)

https://www.ncsc.nl

Fines — Essential

Up to EUR 10 million or 2% of global annual turnover

Fines — Important

Up to EUR 7 million or 1.4% of global annual turnover

Key deadlines

2024-10-17

EU transposition deadline — missed by the Netherlands.

2026-Q3

Expected entry into force of the Cyberbeveiligingswet (Cbw).

What Netherlands businesses need to know

The Netherlands is transposing NIS2 through a new law called Cyberbeveiligingswet (Cbw), replacing the existing Wbni.
Implementation has been delayed — the Ministry of Justice and Security (JenV) is leading the process.
The NCSC-NL will be the competent authority and receive all incident notifications.
Despite the delay, NCSC-NL is already publishing guidance and operational expectations for in-scope entities.
Dutch organizations should prepare now even though formal enforcement is pending.

Ready to become NIS2 compliant in Netherlands?

Reglyze is the AI-powered NIS2 compliance platform built for European SMEs. Start free — scoping, gap assessment, and policy generation tailored to NCSC-NL requirements.

NIS2 in other EU countries