Itdaily - AI widens NIS2 gap for Dutch organizations

AI widens NIS2 gap for Dutch organizations

the Netherlands

More and more Dutch organizations are struggling with NIS2 compliance due to the integration of AI. Research shows that AI not only increases complexity but also widens the gap between IT and management.

The implementation of the NIS2 directive presents organizations with new challenges, especially now that AI systems are increasingly being used in business processes. Research by Veeam among 300 Dutch IT and C-level decision-makers shows that one in five organizations is not actively working on compliance, or only reacts once legislation imposes obligations. The growing use of AI widens the gap between companies that invest in data resilience and those that do not.

The adoption of NIS2 in the Netherlands was already somewhat difficult. In the Netherlands, it took 1.5 years after the official deadline for the NIS2 directive to be transposed into law, while Belgium is more of a frontrunner.

Faster Recovery

Organizations that do invest in resilience recover seven times faster from disruptions and experience less downtime and data loss. At the same time, AI creates more complexity regarding compliance, governance, and transparency of data flows. 62% of organizations expect that meeting legal requirements such as NIS2 and DORA will become more challenging as a result.

Lack of insight and governance

A large proportion of the organizations surveyed have insufficient insight into which AI tools are being used, which data these systems have access to, and the security risks this entails. This lack of transparency makes it difficult to demonstrate that data is reliable, secure, and recoverable. This increases the risk of data breaches, loss of intellectual property, and manipulation by malicious actors.

The study also shows a gap between IT leaders and business decision-makers. Eighty percent of IT leaders say their organization uses AI tools, while only just over half of business leaders acknowledge this. This difference manifests in a different assessment of compliance risks: IT leaders see cyber threats, data breaches, and insider threats as major risks, while business leaders recognize these less.