NIS2 Quality Mark: Demonstrable Cybersecurity Compliance

NIS2 certification is set to become an essential requirement for companies operating in critical supply chains or providing services to NIS2-regulated organizations. With the NIS2 Quality Mark, your organization demonstrates both cybersecurity resilience and compliance with the new legal obligations. As an independent certification body, Kiwa not only assures compliance with the directive but also strengthens trust among customers, partners and regulators.

Receive a quote tailored to your needs

+31 (0)88 998 49 00 Contact us Get a quote

To strengthen cybersecurity across Europe and prevent social and economic disruption caused by cyberattacks, the European Union has introduced the NIS2 Directive. This successor to the original NIS Directive (previously implemented in the Netherlands as the Wbni) has a broader scope and targets both essential and important entities.

Cybersecurity Act

In the Netherlands, this NIS2 directive is being converted into national law through the Cybersecurity Act (Cyberbeveiligingswet, or Cbw), which is expected to come into force in the third quarter of 2025. Although the Dutch Cybersecurity Act has not yet been passed, the government is already advising organizations to begin strengthening their cybersecurity strategies. Acting early will help prevent delays and ensure readiness for upcoming obligations.

NIS2 requirements for suppliers

A key aspect of the NIS2 legislation is that organizations are not only responsible for securing their own IT environment but also for the cybersecurity resilience of their suppliers and service providers, especially those who can directly affect the network and information systems of a NIS2-regulated organization.

Risk-based approach to cybersecurity

To help organizations demonstrate compliance with these new requirements, the NIS2 Quality Mark was developed by the Quality Innovation Foundation (Stichting Kwaliteitsinnovatie). Available for certification from 1 July 2025, the Quality Mark offers a clear, risk-based approach to cybersecurity. It is a practical tool for businesses to identify cyber risks, implement effective measures and raise employee awareness of digital threats. Kiwa is accredited to conduct audits under this quality framework, with a focus on QM20 and QM30 levels (see below).

QM10 – Basic

Designed for SMEs with limited risk exposure that are indirectly connected to the supply chain of NIS2-regulated entities.

QM20 – Substantial

For suppliers that provide direct services to NIS2 entities and have access to sensitive systems or data.

QM30 – High

Intended for organizations playing a critical role in the supply chain, where disruption or failure could have major societal or economic consequences.

Register at NIS2qualitymark.eu

Prepare for the audit

Collect relevant documentation and perform a risk assessment, either independently or with external support. All required guidelines are available at NIS2qualitymark.eu.

Mandatory pre-audit webinar

This interactive webinar helps identify gaps in your information security policy. Participation is required for certification and provides valuable insights and recommendations.

Formal audit by Kiwa

A certified Kiwa auditor visits your site, evaluates processes, interviews staff and verifies the implementation of cybersecurity measures.

Awarding of the NIS2 Quality Mark certificate

Kiwa’s certification board will review the audit results and issue formal approval. Upon successful assessment, you will receive the official certificate.

Why choose Kiwa for NIS2 Quality Mark certification?

Independent assessment by Kiwa
Known for its expertise, integrity and impartial evaluations, Kiwa also offers pre-audit services, including a NIS2 GAP analysis.
Demonstrable compliance with NIS2 and the Dutch Cybersecurity Act
The Quality Mark provides clear evidence for clients and regulators.
Enhanced trust in your organization
Clients and partners see that you take cybersecurity seriously.
Improved management of cyber risks
A systematic approach helps prevent incidents and limits damage in case of threats.
Competitive edge in the supply chain
Especially the NIS2 QM30 certificate sends a strong signal to buyers who are required to vet their suppliers for cyber resilience.

Prepare with a pre-audit/GAP analysis

Are you planning to certify your organization according to a specific standard but unsure where to start? Or have you already implemented a management system in line with, for example, ISO 9001, ISO 27001, or ISO 14001, but you're uncertain if it fully meets the certification requirements? Discover more about our pre-audit/GAP analysis.

Related services

NIS2 European Cybersecurity Directive

Cybersecurity remains a hot topic, not only due to the increasing number of hacks and ransomware attacks but also from the perspective of regulators and the evolving legal framework in this area. European member states are currently preparing for the transposition of the Network and Information Security Directive 2 (NIS2) into national legislation.

Prepare for your certification with a pre-audit/GAP analysis by Kiwa

Prepare your certification with a pre-audit or GAP analysis

ISO 27001 certification: protect your business’ data

Working in accordance with the ISO 27001 standard helps you take a structured approach to information security. Kiwa’s experts have everything you need to prepare your organisation for ISO 27001 certification. We have extensive experience with this standard, from developing a step-by-step information security plan to implementing a full Information Security Management System (ISMS).

NEN 7510 certification: take care of your confidential information

Kiwa was the first in the Netherlands to have a NEN 7510 accreditation and has a great deal of experience with regard to the NEN 7510 certification. Look here for more info!