NIS2 - 2 Countries, 1 Directive, Very Different Answers
| 0 comments ]

Belgium published first, France went deeper. Belgium's CCB released CyFun well before the October 2024 NIS 2 transposition deadline, built on NIST CSF and officially mapped to ISO 27001/27002. France's ANSSI published ReCyF, but as of March 2026 the underlying legislation still has not passed - making it a technically superior but legally unenforceable framework.Bottom line: ISO 27001-certified organisations in Belgium are largely compliant with a manageable gap list. The same organisations in France still have significant work ahead - and no hard deadline yet to do it by.

Table of Contents

  1. Introduction
  2. Belgium - The Head Start (4 Level Architecture, Control Counts, ISO27002 clusters, What are key measure and why do they matter, self-assessment)
  3. France - The Thorough Approach (The objective and means architecture, still waiting for the law, ISO Alignement ANSSIs own assessment
  4. ISO27002 Mapping as a common Anchor
  5. The Divergences
  6. Practical Impliaction

Part I: Introduction - One Directive, Two Answers

When the EU adopted NIS 2 (Directive 2022/2555) in December 2022, it set a clear expectation: member states had until October 17, 2024 to transpose its requirements into national law. What followed, at least across the Franco-Belgian border, is a study in contrasting regulatory cultures, institutional histories, and practical philosophies.

NIS 2 expanded covered sectors from 7 to 18, lowered size thresholds, made supply chain security and multi-factor authentication explicit obligations, and - most significantly - introduced Article 21's detailed list of required risk management measures. What the directive deliberately does not do is specify how each measure should be implemented. That granularity was left to member states, producing genuine policy diversity: two technically credible frameworks that are compatible at the technical level but structurally different in regulatory philosophy, timing, and practical demands.

The timeline below tells the story at a glance. Belgium formalised an existing, mature framework and published its official cross-framework mapping nine months before the deadline. France is still working through its legislative process 18 months after that same deadline.

Article content

Figure 1 : NIS2 Transposition timeline. Belgium met the Octobre 2024 deadline, France Transposing law remains a bill of March 2026.


Read more »


Cyber Incidents Have Exploded 650% — But Why?
| 0 comments ]

Introduction

For years, we’ve all heard it: “Cyber threats are on the rise.” But how much is hype, and how much is reality ?

According to the IRIS 2025 report by Cyentia, it’s not hype. Since 2008, the number of publicly reported cyber incidents has increased by over 650%, climbing from 450 to nearly 3,000 per quarter.

But here’s the nuance that matters: this rise isn’t just about more attacks. It’s also about how attackers evolve, how we detect threats, and how regulation drives transparency. From the stealthy era of APTs to the ransomware boom and the pandemic’s IT transformation, every major spike has a cause.

As risk managers and CISOs, this isn’t just trivia—it’s critical context. Understanding these shifts helps us future-proof our strategies, rather than plan for a past that no longer exists.

Read more »