Skip to main content

      As organizations across Belgium continue to navigate the implications of the EU NIS2 Directive and its transposition into Belgian law, the focus has clearly shifted from awareness to execution. NIS2 compliance is no longer a future ambition but a regulatory expectation. Organizations are now required to demonstrate tangible, auditable progress.

      During this webinar, KPMG experts explored how organizations can accelerate their NIS2 journey by combining clear regulatory interpretation, structured execution, and enabling technology such as ServiceNow.

      NIS2 in Belgium: From awareness to execution

      In Belgium, NIS2 is now transitioning into the execution phase, with organizations expected to demonstrate concrete progress towards compliance. This includes defining scope, establishing governance, and initiating implementation of required controls.

      NIS2 compliance is about defensible readiness rather than perfection: organizations must justify decisions, evidence control implementation, and demonstrate that measures operate effectively in practice.

      Regardless of the chosen compliance pathway (Cyber Fundamentals CyFun, ISO 27001, or inspection), organizations must establish a clear and auditable link between requirements, controls, and evidence.

      Anthony Van de Ven

      Partner, Technology Advisory

      KPMG in Belgium

      Why organizations struggle with NIS2

      As organizations move into execution, several recurring challenges emerge:

      • Unclear or inconsistent scope definition
      • Fragmented ownership and accountability
      • Scattered evidence across tools and teams
      • Heavy reliance on manual tracking (e.g. Excel)
      • Limited real-time visibility on compliance status
      • Risk of “paper compliance” without operational control adoption
      • Difficulty balancing risk, cost, and resources

      NIS2 requires a fundamental shift from documentation-driven compliance to operational and evidence-based cybersecurity governance.

      Understanding proportionality: The core concept

      Under NIS2:

      • Scope is organization-wide
      • Control implementation depth is risk-based

      Baseline controls must always be implemented, with additional rigor applied to more critical assets and services.

      Proportionality means deploying controls intelligently and defensibly based on risk and business impact. This principle is key to ensuring that compliance efforts remain both cost-effective and regulator-defensible.

      Turning proportionality into practice

      To operationalize proportionality, organizations should adopt a structured approach:

      • Confirm full organizational scope
      • Perform risk and impact assessments (e.g. BIA)
      • Identify critical assets (“crown jewels”)
      • Tier assets based on criticality
      • Define control applicability and implementation depth per tier
      • Document decisions in a Statement of Applicability (SoA)

      This ensures consistency, traceability, and defensibility under regulatory review.

      The role of technology: Enabling scalable compliance

      A key success factor for NIS2 programs is the ability to manage compliance at scale. Governance, risk, and compliance (GRC) platforms such as ServiceNow IRM enable organizations to:

      • Centralize compliance, risk, and control data
      • Automate evidence collection and workflows
      • Provide real-time visibility through dashboards
      • Ensure clear traceability from requirement to control to evidence
      • Strengthen collaboration across teams and lines of defense

      This transforms compliance from a fragmented exercise into an integrated and scalable operating model.

      From tool to accelerator: KPMG's ServiceNow NIS2 core package

      KPMG offers a ServiceNow IRM NIS2 core package designed to accelerate implementation and enable rapid transition from design to execution.

      This includes:

      • Setup of ServiceNow IRM tailored to NIS2
      • Integration with Cyber Fundamentals (CyFun) or ISO frameworks
      • Predefined control libraries and structured data models
      • Training and enablement for internal teams

      This approach allows organizations to leverage proven practices and out-of-the-box capabilities, significantly accelerating time-to-value.

      How KPMG can support you

      KPMG combines regulatory expertise, proven methodologies, and technology enablement to support organizations across the full NIS2 lifecycle in a pragmatic and defensible manner.

      Our support includes:

      • Regulatory interpretation and scope definition
      • Proportionality design and control framework definition
      • Implementation of governance frameworks and operating models
      • Deployment of ServiceNow IRM solutions
      • Audit readiness and ongoing compliance support

      By combining deep regulatory expertise with hands-on implementation and technology enablement, KPMG helps organizations build compliance programs that are both effective and sustainable.

      Final thought

      NIS2 is not a one-off initiative but the operationalization of cybersecurity governance. Organizations that succeed will combine clear regulatory interpretation, structured execution, and scalable technology enablement ultimately achieving its sought cyber maturity targeted levels.

      Download

      Accelerate your NIS2 compliance journey with our ServiceNow core package

      Download the presentation slides here.


      Enterprise Solutions

      An integrated IT landscape with the right solutions helps organizations make better and faster decisions.
      Enterprise Solutions visual

      Stay informed

      Be the first to know about top business trends that can drive success for your company.

      stay informed