We use cookies to understand how the site is used and to improve your experience. Privacy policy

    Skip to main content

    NIS2 & DORA Compliance Consulting

    NIS2 and DORA readiness, plus ISO 27001, SOC 2 and GDPR, delivered through our vetted network of specialists and validated by our own offensive testing.

    Our in-house team brings deep expertise in scoping and project management, matching you with the ideal specialist from our carefully vetted network. We manage every engagement end-to-end, ensuring you get world-class consulting tailored to your exact requirements. Whether you need compliance expertise, security architecture review, or strategic guidance, we connect you with proven experts. Our network includes specialists who have guided dozens of organizations through SOC 2, GDPR, and NIS2 certifications with hands-on implementation support.

    Our Network Advantage

    We've spent years building relationships with the industry's most experienced security professionals. Our in-house team evaluates your needs, handpicks the perfect match from our trusted network, and manages the entire project to ensure exceptional results.

    NIS2 and DORA readiness

    Two EU regimes are reshaping security obligations across the Netherlands. We help you work out whether they apply to you, where your gaps are, and how to close them, and we prove the technical measures with our own penetration testing.

    NIS2 readiness

    NIS2 widens cybersecurity obligations to many more sectors and introduces a duty of care, incident reporting, and management accountability. In the Netherlands it lands as the Cyberbeveiligingswet, passed by the Tweede Kamer in April 2026 and expected to enter into force on 1 July 2026. We scope whether you are an essential or important entity, run a gap analysis against the framework, and build a prioritised roadmap to compliance before enforcement begins.

    DORA readiness

    DORA has applied to the financial sector since January 2025, covering ICT risk management, incident reporting, third-party risk, and threat-led penetration testing (TLPT). We help in-scope financial entities and their critical ICT providers close gaps and meet the testing requirements with our offensive security team.

    Our Services

    Security Architecture Review

    Comprehensive evaluation of your security infrastructure and recommendations for improvement.

    Compliance Consulting

    Specialized expertise in SOC 2, GDPR, NIS2, and other regulatory frameworks with proven implementation success.

    Security Program Development

    Build and enhance your security program with policies, procedures, and best practices.

    Risk Assessment

    Identify, analyze, and prioritize security risks across your organization.

    Incident Response Planning

    Develop comprehensive incident response plans and procedures.

    Cloud Security Strategy

    Secure cloud migration and implementation strategies for AWS, Azure, and GCP.

    How We Deliver Excellence

    1

    Discovery & Scoping

    Our in-house team thoroughly understands your security challenges, business objectives, and compliance requirements.

    2

    Expert Matching

    We handpick the ideal specialist from our vetted network based on your specific needs and industry context.

    3

    Roadmap & Strategy

    Create actionable roadmap with prioritized recommendations, timelines, and clear deliverables.

    4

    Managed Delivery

    We oversee the entire engagement, ensuring quality, timeline adherence, and exceptional outcomes.

    NIS2 & DORA Consulting FAQ

    The questions organisations ask us most often about NIS2 and DORA, answered straight.

    What is NIS2?

    NIS2 is the European directive on network and information security, the successor to NIS1. In the Netherlands it is implemented through the Cyberbeveiligingswet. NIS2 imposes a duty of care (appropriate technical and organisational measures) and a duty to report significant incidents on essential and important entities, and introduces supervision and management accountability.

    Does my organisation fall under NIS2?

    That depends on your sector and size. NIS2 has a far broader scope than NIS1 and covers areas such as energy, transport, healthcare, drinking water, digital infrastructure, government, postal services, waste management, and the manufacture of critical products. Whether you are an essential or important entity determines the intensity of supervision: essential entities are under proactive supervision, important entities under reactive supervision. We establish your scope in a readiness scan.

    What is the difference between NIS2 and the old legislation?

    NIS2 widens the scope to more sectors, strengthens the duty of care, introduces explicit management accountability, sets a phased reporting obligation (an initial report typically within 24 hours), and gives supervisors broader enforcement and sanctioning powers than were available under NIS1.

    What is DORA?

    DORA (the Digital Operational Resilience Act) is a European regulation governing the digital operational resilience of the financial sector, applicable since 17 January 2025. DORA sets requirements for ICT risk management, incident reporting, resilience testing (including threat-led penetration testing), and the management of third-party ICT provider risk.

    Who falls under DORA?

    DORA applies to a wide range of financial entities, including banks, insurers, payment institutions, investment firms, and crypto-asset service providers, and extends to the critical third-party ICT providers of those entities.

    What does a NIS2 or DORA readiness engagement look like at HackersHub?

    We start with a gap analysis against the relevant framework, prioritise the findings by risk, and build a concrete roadmap. We then support implementation through a matched specialist from our network and validate the technical measures with our offensive services (a penetration test or, where required, threat-led penetration testing). You keep a single point of contact; we manage the engagement end to end.

    What role does a penetration test or audit play in compliance?

    Most frameworks, including NIS2, DORA, ISO 27001, and SOC 2, expect demonstrable technical testing of your controls. A penetration test, and under DORA a threat-led penetration test, provides that evidence. We connect the readiness engagement directly to our offensive services so that compliance is genuinely tested rather than only documented.

    What are the deadlines and possible sanctions?

    DORA has applied since 17 January 2025. NIS2 is being implemented in the Netherlands through the Cyberbeveiligingswet (Cbw). The Tweede Kamer passed the bill on 15 April 2026; it is now before the Eerste Kamer for final review, with entry into force expected on 1 July 2026. Preparation can and should begin now, because the duty of care applies from entry into force without a generous transition period. Fines are substantial: up to 10 million euro or 2% of global annual turnover for essential entities, and up to 7 million euro or 1.4% of turnover for important entities, whichever is higher. Directors are also personally accountable: they must approve the measures and oversee their implementation.

    Ready to start your NIS2 or DORA readiness?

    Schedule a scoping call with our team to map your obligations, your gaps, and a clear path to compliance.