CyberFundamentals Framework in Belgium: what is the relationship with NIS2?

Have you ever heard of the CyberFundamentals Framework? In this article, we explain what the framework involves and how it relates to NIS2, the European directive aimed at improving cybersecurity. This helps you assess whether the framework may be relevant for your organization.

NIS2

Given recent developments in cybersecurity, the implementation of NIS2 is important for organizations operating in the 17 designated sectors. The directive places a stronger emphasis on cybersecurity risk management and management accountability. Organizations are expected to take their responsibilities seriously and carry out a thorough assessment of their risk level.

NIS2 has applied since October 18, 2024. This makes it important for organizations to take proactive measures and strengthen their cybersecurity approach

What does this mean for my organization?

Would you like to know whether NIS2 applies to your organization? Via this link, you can find more detailed information and assess whether your organization falls within scope.

CyberFundamentals Framework

The CyberFundamentals Framework is closely related to NIS2 and was developed in Belgium. It contains concrete cybersecurity measures intended to help organizations improve data protection, reduce the risk of cyberattacks, and strengthen their overall cyber resilience. The Centre for Cybersecurity Belgium invites Belgian private and public organizations established in or active in Belgium to use the framework.

Four levels

These measures are divided into four different levels:

• SMALL
• BASIC
• IMPORTANT
• ESSENTIAL

Each level includes more measures than the previous one. The aim of the Centre for Cybersecurity Belgium is for every organization in Belgium to eventually meet the BASIC level.

Five core functions

The CCB CyberFundamentals Framework is built around five core functions:

• identify
• protect
• detect
• respond
• recover

These functions support communication about cybersecurity between technical professionals and stakeholders. They also help organizations embed cyber-related risks into their broader risk management strategy and strengthen resilience in the event of a cyberattack.

Verification and certification 

A presumption of conformity may be obtained through CyberFundamentals verification at BASIC or IMPORTANT level, through CyberFundamentals certification at ESSENTIAL level, or through ISO 27001 certification, provided that the scope and the Statement of Applicability are considered acceptable by the CCB.

Verification or certification of the CyberFundamentals Framework is carried out by an accredited and recognized certification body.

Brand Compliance & CyberFundamentals

Brand Compliance België obtained BELAC accreditation on September 4, 2025 to perform CyFun verification. This means Brand Compliance can support organizations in demonstrating presumed compliance in the context of NIS2 through CyFun verification.

Would you like to know what this could mean for your organization? Please contact us.

Need training on NIS2? BC Academy offers training courses on this topic.