New European cybersecurity rules will have a major impact on Belgian organisations in the coming years. With the introduction of the NIS2 directive, thousands of companies and institutions must demonstrate that they manage their cyber risks structurally and that their security measures are effective.

According to registrations with national cybersecurity authorities, more than 7,000 organisations in Belgium will fall under the new rules. These include companies in sectors such as energy, transport, healthcare, digital infrastructure and financial services.

Belgium highly exposed

Belgium is relatively highly exposed to this regulation. Belgium hosts a large concentration of European institutions, international organisations and digital infrastructure, making cybersecurity a strategic priority. At the same time, the country has many companies in sectors such as logistics, energy, industry and chemicals that are considered essential or important entities under NIS2.

The regulation requires organisations not only to better secure their systems, but also to demonstrate that their controls are effective. This means that companies must be able to continuously provide evidence of their cybersecurity measures.

These new obligations are also creating a growing demand for technology that can automate compliance processes.

Aegis: continuous compliance monitoring

Flemish AI startup Euraika developed a software platform to help organisations continuously monitor their compliance. The platform, Aegis, automatically collects evidence from IT systems and maps it to legal obligations.

When controls are missing or when systems deviate from policies, the software can detect those situations and help organisations take corrective action more quickly.

According to co-founder Irene Personne, the way organisations handle compliance is changing fundamentally.

“Traditionally, compliance mainly takes place around audit moments. Documents are collected when auditors request them and controls are carried out periodically. With regulation such as NIS2, this is becoming increasingly difficult. Organisations must be able to continuously demonstrate that their controls are working.”

AI-powered analysis

The platform uses artificial intelligence to analyse regulation, identify evidence sources and detect deviations more quickly. According to the company, the responsibility for compliance always remains with the organisation itself.

“Software can help organisations better manage complex regulation. But the decisions always remain with people. Technology supports governance; it does not replace it.”

Growing market for compliance software

According to sector analysts, the introduction of new European regulation around cybersecurity and digital governance is creating a rapidly growing market for compliance and security software.

In addition to NIS2, organisations are also confronted with other European rules, such as the Digital Operational Resilience Act (DORA) for the financial sector and the new EU AI Act for the use of artificial intelligence.

Many existing compliance platforms were originally developed for American regulation and were later adapted to European frameworks. According to Euraika, their software was designed from the outset with European regulation as its foundation.

The platform can also run on organisations’ own infrastructure, allowing companies to retain control over their data and systems.

Supported by VLAIO

The development of the technology received support from the Flanders Innovation & Entrepreneurship agency (VLAIO) through the Innovative Starter Support programme.

Euraika is a Flemish AI software developer building applications in governance, compliance and artificial intelligence. The company focuses on software that organisations can deploy on their own infrastructure.