
NIS2 Quality Mark: Demonstrable Cybersecurity Compliance
Receive a quote tailored to your needs
To strengthen cybersecurity across Europe and prevent social and economic disruption caused by cyberattacks, the European Union has introduced the NIS2 Directive. This successor to the original NIS Directive (previously implemented in the Netherlands as the Wbni) has a broader scope and targets both essential and important entities.
Cybersecurity Act
In the Netherlands, this NIS2 directive is being converted into national law through the Cybersecurity Act (Cyberbeveiligingswet, or Cbw), which is expected to come into force in the third quarter of 2025. Although the Dutch Cybersecurity Act has not yet been passed, the government is already advising organizations to begin strengthening their cybersecurity strategies. Acting early will help prevent delays and ensure readiness for upcoming obligations.
NIS2 requirements for suppliers
A key aspect of the NIS2 legislation is that organizations are not only responsible for securing their own IT environment but also for the cybersecurity resilience of their suppliers and service providers, especially those who can directly affect the network and information systems of a NIS2-regulated organization.
Risk-based approach to cybersecurity
To help organizations demonstrate compliance with these new requirements, the NIS2 Quality Mark was developed by the Quality Innovation Foundation (Stichting Kwaliteitsinnovatie). Available for certification from 1 July 2025, the Quality Mark offers a clear, risk-based approach to cybersecurity. It is a practical tool for businesses to identify cyber risks, implement effective measures and raise employee awareness of digital threats. Kiwa is accredited to conduct audits under this quality framework, with a focus on QM20 and QM30 levels (see below).
Three levels of the NIS2 Quality Mark
Depending on your organization’s role and risk profile, three versions of the NIS2 Quality Mark are available. Kiwa certifies levels QM20 and QM30:
QM10 – Basic
QM20 – Substantial
QM30 – High
The certification process in 5 steps
Kiwa guides your organization through every step toward certification:
Register at NIS2qualitymark.eu
Prepare for the audit
Mandatory pre-audit webinar
Formal audit by Kiwa
Awarding of the NIS2 Quality Mark certificate
Why choose Kiwa for NIS2 Quality Mark certification?
- Independent assessment by Kiwa
Known for its expertise, integrity and impartial evaluations, Kiwa also offers pre-audit services, including a NIS2 GAP analysis. - Demonstrable compliance with NIS2 and the Dutch Cybersecurity Act
The Quality Mark provides clear evidence for clients and regulators. - Enhanced trust in your organization
Clients and partners see that you take cybersecurity seriously. - Improved management of cyber risks
A systematic approach helps prevent incidents and limits damage in case of threats. - Competitive edge in the supply chain
Especially the NIS2 QM30 certificate sends a strong signal to buyers who are required to vet their suppliers for cyber resilience.
Prepare with a pre-audit/GAP analysis
Are you planning to certify your organization according to a specific standard but unsure where to start? Or have you already implemented a management system in line with, for example, ISO 9001, ISO 27001, or ISO 14001, but you're uncertain if it fully meets the certification requirements? Discover more about our pre-audit/GAP analysis.

NIS2 European Cybersecurity Directive
Cybersecurity remains a hot topic, not only due to the increasing number of hacks and ransomware attacks but also from the perspective of regulators and the evolving legal framework in this area. European member states are currently preparing for the transposition of the Network and Information Security Directive 2 (NIS2) into national legislation.

Prepare for your certification with a pre-audit/GAP analysis by Kiwa
Are you planning to certify your organization according to a specific standard but unsure where to start? Or have you already implemented a management system in line with, for example, ISO 9001, ISO 27001, or ISO 14001, but you're uncertain if it fully meets the certification requirements? Then a pre-audit/GAP analysis by Kiwa is exactly what you need.

ISO 27001 certification: protect your business’ data
Working in accordance with the ISO 27001 standard helps you take a structured approach to information security. Kiwa’s experts have everything you need to prepare your organisation for ISO 27001 certification. We have extensive experience with this standard, from developing a step-by-step information security plan to implementing a full Information Security Management System (ISMS).

NEN 7510 certification: take care of your confidential information
Kiwa was the first in the Netherlands to have a NEN 7510 accreditation and has a great deal of experience with regard to the NEN 7510 certification. Look here for more info!
