Deadline · April 18, 2026

NIS2 goes into effect April 18.
Is your SME ready?

The European NIS2 directive becomes mandatory for thousands of Belgian SMEs. Fines up to 10 million euros or 2% of global revenue.

--
Days
--
Hours
--
Minutes
--
Seconds
Or call +32 489 59 42 27

Book your free NIS2 audit

30 minutes · No commitment · Video call or on-site

Free audit · No commitment · 30 minutes

Qualification

Are you affected by NIS2?

If you mentally check at least one of these boxes, the NIS2 directive affects you directly or indirectly.

You have more than 50 employees or 10 M€ in annual revenue.
You operate in one of the 18 critical sectors: energy, transport, health, banking, water, digital, food, public administration, industry…
You are a supplier or subcontractor of a large company that will request NIS2 guarantees from you.
You handle sensitive client data: personal, financial, technical, medical.
You want to secure your business before being exposed to a fine.
Obligations

What NIS2 requires you to do

The directive imposes 10 minimum cyber risk management measures. Here they are in short, concrete form.

01
Information security policy
02
Cyber risk management
03
Security incident handling
04
Business continuity and disaster recovery
05
Supply chain security
06
HR security and training
07
Access control and identity management
08
IT asset management
09
Encryption and cryptography
10
Incident reporting: 24h alert, 72h report
Penalties

What you risk in case of non-compliance

The NIS2 directive provides for heavy financial and personal penalties. Authorities can act without prior notice.

10 M€
Financial fines
Up to 10 million euros or 2% of annual global revenue. The higher amount applies.
CEO
Personal liability
Executives can be held personally liable in case of proven failure to meet security obligations.
24h
Unannounced audits
Authorities can carry out audits without prior notice and require proof of compliance at any time.
STOP
Activity suspension
In the event of an untreated critical risk, the authority can order a temporary suspension of activity.
-50%
Reputation damage
NIS2 sanctions are public. An unreported incident can cause lasting loss of customer trust.
72h
Reporting deadline
Initial alert within 24h, full report within 72h for any significant incident. Exceeding = penalty.
Our offer

Our free NIS2 audit

30 minutes with a senior technician to map your compliance level and your priorities.

  • Diagnostic of your current compliance level against the 10 NIS2 obligations.
  • Personalised checklist of the 10 NIS2 obligations tailored to your sector and size.
  • Identification of the 3 critical priorities to address immediately.
  • Budget estimate for the compliance effort.
  • 30-day action plan to get started concretely.
100% free, no commitment, by video call or on-site across Brussels-Brabant.
Why KA IT

A local, experienced and reachable IT partner

A compact team specialised in B2B IT support, network and security for Belgian SMEs.

Experienced technicians

A compact team, experienced working on professional hardware.

Brussels and Brabant

On-site intervention across Brussels-Capital, Walloon Brabant and Flemish Brabant.

One single number

A single point of contact for all your IT: support, network, security, workstations, printers.

25 to 80 € / user / month

Three transparent packs based on your needs: Essential, Business, Managed. No surprises, no hidden fees.

Multi-brand experience

Experienced at working on your professional hardware while following best practices.

Fast response

Audit bookable within 24h, priority intervention for compliance emergencies before April 18.

Frequently Asked Questions

Everything you need to know about NIS2

The 6 questions every Belgian SME is asking us right now.

NIS2 applies to any entity operating in one of the 18 critical sectors (energy, transport, health, banking, water, digital, food, public administration, industry, etc.) that exceeds the medium enterprise thresholds (50+ employees or 10 M€ revenue). Suppliers and subcontractors of these entities are also affected indirectly, as their clients will request contractual guarantees.
Essential entities risk up to 10 million euros or 2% of annual global revenue. Important entities risk up to 7 million euros or 1.4% of revenue. The higher amount applies. Executives can also be held personally liable, with possible temporary suspension of their duties.
The cost varies depending on the SME's size and current maturity level. For a 20-50 employee SME with a sound IT base, the budget typically starts between 3,000 and 15,000 € for initial implementation, then 100 to 400 €/month for ongoing supervision. The free audit gives you a precise estimate tailored to your context.
No, NIS2 does not require a DPO (Data Protection Officer), which remains a GDPR obligation. However, NIS2 does require that an information security officer be clearly designated within the organisation, and that executive management assumes direct responsibility for validating cyber risk management measures.
GDPR protects personal data. NIS2 protects the continuity and security of essential services against cyberattacks. Both are complementary and mandatory. If you are already GDPR compliant, part of the work is done (registry, notification procedures), but NIS2 adds further technical and organisational requirements.
Don't panic, but act immediately. Belgian authorities prioritise entities that demonstrate an active compliance process. The urgency is to document a credible action plan with short milestones. That is exactly what our free audit delivers in 30 minutes: a concrete plan you can present in case of inspection.
-- days remaining until the deadline

Book your free audit now

30 minutes to secure your SME before April 18, 2026. No commitment, no fees, no fluff.

Book my NIS2 audit
Free diagnostic