NIS2 Directive Foundation – Belgian Edition with CyFun® Understanding and Implementing NIS2 in Belgium – CyFun & ISO 27001 Pathways

What's Included in your NIS2 & CyberFundamentals (CyFun®) Foundation course?

• A clear summary of the key legal requirements for NIS2 in Belgium: scope, types of entities (essential vs. important), obligations, incident reporting timelines and the supervisory role of the CCB.
• A walkthrough — in detail — of the essential cybersecurity principles needed to act on NIS2: defining the scope of an ISMS (Information Security Management System), identifying assets, conducting a risk analysis, performing a gap analysis, and designing security controls.
• A presentation and analysis of the two main frameworks recognised by the CCB to demonstrate NIS2 compliance in Belgium: (1) an ISMS based on ISO/IEC 27001 and (2) an ISMS based on the CyFun framework developed by the CCB — including scoping, assurance levels, controls, self-assessment vs. third-party certification, and the compliance timeline.
• Guidance on planning, implementing, supporting and auditing a cybersecurity programme (business case, gap analysis, project set-up best practices), so you leave with a clear view of what a NIS2/CyFun implementation looks like in your organisation.
• Lunches and coffee breaks, offering extra time for discussion, networking and knowledge sharing with peers and the trainer.

NIS2 & CyFun Foundation Course Objectives

NIS2 is redefining cybersecurity obligations for thousands of organisations across Europe, and Belgium has now transposed the directive into national law, with its own legal framework, its own supervisory authority (the CCB) and recognised compliance pathways. Generic NIS2 training courses are useful, but rarely answer the question that really concerns Belgian teams: ‘What do we need to do, by when, and how?’

This B2B Learning Foundation course builds a solid understanding of the NIS2 requirements and helps participants support their organisations in the early stages of planning, implementing, and managing a cybersecurity program.

Because NIS2 obligations are implemented through national legislation, the course includes an essential Belgian specialisation, covering the Belgian NIS2 Law, the Centre for Cybersecurity Belgium (CCB) and its supervisory role, as well as the main national compliance frameworks — CyFun and ISO/IEC 27001.

By the end of the course, participants will be able to:

• Explain the key concepts, principles, and definitions related to the NIS2 Directive.

• Interpret the main NIS2 requirements for establishing and managing a cybersecurity program.

• Identify practical methods and implementation techniques aligned with NIS2.

• Understand how NIS2 is transposed in Belgium — including scope, obligations, incident reporting, and CCB supervision.

• Select an appropriate Belgian compliance pathway, such as CyFun assurance levels or ISO/IEC 27001 certification.

Course Agenda

The course combines theoretical input, hands-on exercises, case studies, quizzes, and group discussions to ensure active learning and strong preparation for certification success.

Day 1 — Cybersecurity & NIS2 fundamentals (Foundation)

Basics (context + shared language)

• Why cybersecurity matters (recent cases, business impact)

• Basic cyber hygiene for ICT users (optional, depending on audience maturity)

Core concepts and building blocks

• CIA / CIANA (+ privacy & safety considerations)

• Risk management essentials

• Controls: organisational, technical, physical, people

• Policies, procedures, documentation, evidence

• PDCA cycle and continuous improvement

• Key frameworks overview: positioning ISO/IEC 27001, CyFun and how an ISMS is structured 

NIS2 Directive overview

• NIS2 in perspective: EU regulatory landscape (and why transposition matters)

• NIS2 concepts & high-level requirements (kept concise to prioritise Belgium implementation)

Day 2 — Belgian implementation, compliance routes & practical rollout

NIS2 transposition in Belgian law (what changes in practice)

• Belgian NIS2 Law (Law of 26 April 2024, in force since 18 October 2024): how it transposes the EU Directive and what it changes in practice

• Role of the CCB (national authority / CSIRT), supervision logic, and what “good” looks like in practice 

• Obligations overview, including the 24h / 72h / 1-month incident notification timeline and the proportionality principle

Frameworks recognised/used for compliance in Belgium

• CyFun: why it is recommended and how it maps to NIS2 risk-management measures 

  • Assurance levels (Basic / Important / Essential) and roadmap approach 

  • Scoping, risk analysis, control selection, evidence expectations

  • Self-assessment and external verification/certification

• ISO/IEC 27001 as an alternative/parallel route (scope + Statement of Applicability must be acceptable) 

• Conformity assessment in Belgium: verification/certification performed by accredited and authorised bodies 
  

Implementation workshop (from requirements to action plan)

• From asset definition → risk assessment → control implementation

• Typical project elements: business case, gap analysis, governance & roles, project set-up best practices

• Building a pragmatic compliance roadmap (what to do first, what to evidence, how to prepare for assessment)

A 20-question online quiz at the end of day 2 (optional) to consolidate and self-test what you've learned.

Who should attend?

Cybersecurity, IT, risk, compliance, legal, internal audit, procurement and project professionals in Belgian organisations that fall — or may fall — under NIS2, as well as their suppliers and service providers. No prior NIS2 knowledge is required.

Note: This course supports compliance readiness; it does not replace legal advice.

Course materials

All participants gain access to our Learner Portal, where they will find: the training materials developed by our Lead Trainer; practical exercises and quizzes; and the CyFun® standards and self-assessment tools (available in English, Dutch and French).

Optional Add-On

At check-out, you can add the PECB NIS 2 Directive Foundation self-study and certification pack in your cart (295 € ex vat): for participants who wish to obtain an internationally recognised credential, we offer an optional pack including the PECB NIS 2 Directive Foundation self-study course material and the PECB exam voucher with one free retake. Our 2-day course covers the key concepts of the PECB Foundation syllabus and adapts them to the Belgian reality; the PECB self-study material complements the training and supports your exam preparation.

Please note: all PECB course material is in English or French. The B2B Learning training itself is delivered in Dutch and French depending on the session.

This course is also available on an in-company basis. Contact us to receive your personalised offer.