A new chapter in NIS2 preparation
The Netherlands has taken another step toward implementing the European NIS2 Directive. In collaboration with NOREA and in alignment with the Ministry of the Interior and Kingdom Relations (BZK), the Auditdienst Rijk (ADR) has launched the official Cbw (NIS2)
Control Framework.
This framework marks a key milestone on the road to the Cyberbeveiligingswet (Cbw), the Dutch law that will put NIS2 obligations into national effect, expected in 2026.
For many organisations, this new framework is the first clear, structured tool to assess cyber-resilience, identify gaps, and prepare for compliance.
What the Cbw (NIS2) Control Framework offers
The Control Framework is designed to help boards, IT leaders, and auditors quickly understand where their organisation stands in relation to the Cyberbeveiligingswet (Cbw) and the Cyberbeveiligingsbesluit (Cbb).
It provides:
- Structured insight into the key articles and expectations of the Cbw (NIS2).
- A gap-analysis tool to identify weaknesses in governance, process, and control.
- Actionable steps toward compliance and stronger cyber-resilience.
Built with a modular structure, the framework is flexible enough for both public and private sectors. It already includes mappings to major sectoral standards such as BIO2 (for government) and DORA (for the financial sector).
Importantly, it is a living document, meaning it will evolve as new European or sector-specific requirements emerge.
Why this matters now
Even though the Cyberbeveiligingswet has not yet come into force, the message from Dutch authorities is clear: organisations should start preparing now.
The NIS2 Directive greatly expands the scope of who falls under cybersecurity regulation, from energy and transport to ICT service providers, healthcare, and manufacturing. Under NIS2 and the upcoming Cbw, executive accountability is explicitly defined: leadership teams are responsible for ensuring appropriate cyber-risk management and reporting.
The new framework provides a practical way to get ahead: organisations can already start measuring their maturity, prioritising improvements, and documenting progress, all before the law becomes binding.
Connecting ITAM and NIS2 compliance
For ITAM solutions, the release of this framework highlights something we’ve long believed: effective cybersecurity starts with comprehensive asset visibility.
NIS2 requirements around risk management, patching, supply-chain control, and incident handling all depend on knowing:
- What assets exist and where they are located.
- Who owns or operates them.
- How they are configured and maintained.
- Which suppliers provide critical components or services.
In other words, strong IT Asset Management (ITAM) is foundational to achieving and maintaining NIS2 compliance
Without reliable ITAM data, even the best frameworks or audits can’t deliver real assurance.
How to get started
1. Download the official framework from the Auditdienst Rijk website.
2. Perform a quick-scan or self-assessment using the Excel tool to identify current maturity levels.
3. Map your existing ITAM and security processes to the control domains (governance, operations, supply chain, incident management, etc.).
4. Prioritise remediation actions, start with visibility and governance first.
5. Engage stakeholders early, compliance isn’t just an IT task; it’s a board-level responsibility.
Looking ahead
With the launch of the Cbw (NIS2) Control Framework, Dutch organisations finally have a tangible, structured way to prepare for the Cyberbeveiligingswet. It brings clarity, consistency, and a common language for discussing, assessing and improving cyber-resilience across sectors.
For ITAM solutions, this development reinforces the crucial link between asset intelligence and compliance readiness. By aligning ITAM practices with frameworks like Cbw (NIS2), organisations can move beyond baseline compliance toward genuine, sustainable cyber-resilience.
Want to know how ITAM solutions can help align your asset management and compliance strategy with NIS2? Get in touch with our experts, and we’ll help you turn insight into action.
