The Center for Cybersecurity Belgium (CCB) announced on Monday that since the implementation of the NIS2 legislation last October, 2,410 organizations from critical sectors have registered, contributing to a total of over 4,500 organizations across various sectors. The initiative signifies the launch of the most extensive cybersecurity initiative in the country’s history.
According to an estimate based on figures from the FPS Economy, approximately 2,500 organizations fall within the scope of NIS2. Consequently, it can be concluded that the vast majority have timely aligned themselves by registering.
The CCB said that registered organizations receive free access to several services, including priority alerts, where basic information is gathered after registration. If a vulnerable system is detected on a registered domain name or IP address, the organization is alerted quickly, with NIS2 organizations receiving priority over others. Cyber Threat Alerts assist organizations in investigating and mitigating potential cyber threats on their network by providing structural notifications of vulnerabilities and infections.
Also, a Quick Scan Report offers an overview of security weaknesses and opportunities for improvement. Additionally, a self-assessment questionnaire helps identify weaknesses and provides targeted recommendations, while policy templates offer ready-to-use cybersecurity policies.
Belgium was the first European member state to fully implement the new NIS2 directive. Belgian organizations covered by the NIS2 legislation have till Tuesday to register on the website on a mandatory basis and are currently taking the necessary security measures such as protection against cyber-attacks and data breaches.
“During this period, reports of cyber incidents increased by 80%,” the CCB said in a news statement. “Cybercrime is set to explode in the coming years. The new European Network and Information Security Directive (NIS2) aims to improve the cybersecurity and resilience of essential and key services in well-defined sectors in the EU.”
“We expect that the number of NIS2 organizations’ registrations and reports of cyber incidents or threats will continue to increase in the coming months and later stabilize,” Miguel De Bruycker, director general of the Center for Cybersecurity Belgium (CCB), said. “The relevant organizations in our country are working hard to take their cyber security to the next level.”
Over the past 18 months, the CCB received a total of 556 reports of cyber incidents. From August 2023 through September 2024, the agency received an average of 25 reports per month. Since the introduction of the NIS2 legislation last year, there have been 226 incidents, an average of 45 per month. 80 percent more compared to the period before. Incident reporting has increased due to the implementation of the NIS2 legislation. There are no indications that there are effectively more cyber attacks on Belgian organizations.
“We find that organizations used to not know their way around or didn’t feel it necessary to report incidents,” De Bruycker points out. “There was underreporting in the past. The number of significant reports by itself has not increased.”
“In February 2025, we faced a cyber attack and, thanks to our registration, we were able to count on a quick and efficient intervention by the CCB,” Dirk Declerck, CEO at the Port of Ostend, stated. “Its usefulness has since been proven. The additional services also come in handy.”
Earlier this month, the European Union Agency for Cybersecurity (ENISA) published its initial NIS360 report, which identifies areas for improvement and tracking of progress across NIS2 Directive sectors. The NIS360 assesses the maturity and criticality of NIS2 sectors, providing both a comparative and a more in-depth analysis. It provides a cross-sectoral overview and a detailed sector-by-sector analysis of the criticality and maturity of assessed sectors.
