DIGITAL SME launches guide to position SMEs as trusted NIS2 suppliers
-
New SME Supplier Guide on NIS2: A dedicated guide has been launched to help SMEs strengthen their security measures and meet clients’ expectations under the updated Network and Information Systems Directive (NIS2).
-
Over 50% of SMEs surveyed are unclear about NIS2 requirements, especially on how to prove their trustworthiness within the supply chain. This challenge is compounded by poor communication with the critical entities they serve, particularly regarding cybersecurity obligations in contracts.
-
Supporting SMEs: This uncertainty has made it difficult for SMEs to allocate cybersecurity resources wisely. The new DIGITAL SME guide provides practical guidance and a clear framework to help SMEs demonstrate their reliability as suppliers to NIS2-regulated entities.
The Network and Information Systems Directive Update (so-called ‘NIS2 Directive’), a major update of the legislation first introduced by the European Union in 2016, aims to enhance the level of cybersecurity across all member states significantly. While small and micro enterprises are generally exempt from direct obligations, NIS2 places a strong emphasis on supply chain security, meaning that many SMEs will face higher cybersecurity expectations from their clients.
Findings from the European DIGITAL SME Alliance’s survey confirm that many SMEs, whether directly regulated under NIS2 or not, still face uncertainty about what is expected of them, particularly in relation to their clients’ cybersecurity obligations.
In response, DIGITAL SME has launched the “DIGITAL SME Blueprint Guide to the NIS2 Directive for SMEs“. It aims to provide practical steps, examples, and checklists to help SMEs – especially those needing to demonstrate cybersecurity readiness to clients – understand and align with NIS2 requirements. The guide focuses on key areas where ISO/IEC 27001 controls align with NIS2 requirements, offering a streamlined approach for suppliers who are already compliant with this international standard.
This initiative is an important step towards building resilient digital ecosystems across Europe. It reinforces the role of SMEs as a key pillar of secure and trustworthy supply chains. The guide encourages SMEs to proactively address cybersecurity risks and adopt best practices, enhancing their competitiveness and supporting their compliance efforts.
To further explore SMEs’ needs and learn more about the cybersecurity systems they currently use, DIGITAL SME is running a technical consultation.
If you would like to participate in this survey and receive the findings, please visit this webpage.
DIGITAL SME has also created a dedicated NIS2 Hub — a central resource platform designed to help SMEs understand and comply with the NIS2 Directive. The Hub brings together practical tools, guidance materials, and updates to support small and medium-sized enterprises in navigating the new cybersecurity requirements.
