NIS2 training for directors and supervisors
Prepare your organisation for NIS2
In today’s digital world, cybersecurity is no longer optional but a necessity. The NIS2 directive will come into effect in the Netherlands in Q2 2026. This directive imposes stricter cybersecurity requirements and applies to sectors that were previously unregulated in this area. Directors will have a legal, direct responsibility to ensure that cyber risks are identified and addressed, and that NIS2 requirements are met.
To make informed decisions and effectively steer their organisation on cybersecurity, directors and supervisory board members must have sufficient knowledge of the NIS2 directive and the principles of cybersecurity. This NIS2 training provides you with the knowledge and skills needed to meet these challenges.
Content of the learning program
Online modules
Duration: 1 hour
You will get access to our learning platform and complete the following online modules at your own pace:
- Digital legislation and regulatory landscape
- Introduction to the NIS2 Directive
- Cybersecurity Act: scoping, requirements, supervision
- Role and liability of directors
These modules cover topics that we will explore further during the classroom session. We expect the modules to be completed before the classroom session so you can participate optimally.
Classroom session
Duration: 4 hours
We will focus on practical applications. Under the guidance of our cybersecurity experts, you will translate theory into practice. Our experts will dive deeper into the following topics with you:
- Application of the NIS2 Directive
- Risk analysis (BIA, threat actors, attack methods)
- Appropriate and proportionate measures
- Integration into governance and risk management
- Third Party Risk Management
- Role of directors and supervisory board members
- (Anti-)patterns of good cybersecurity
About this course
- After the training
- For whom?
- Trainers
After the training
you understand the essence of NIS2 and its impact on your organisation;
you understand how to perform a risk analysis and select appropriate measures;
you know how to integrate risk management into existing governance;
you learn how to manage third-party risks;
you understand the main principles of organizational and managerial liability.
For whom?
This training is specifically designed for directors and supervisors of organisations, but also available to anyone with affinity with the subject.
The training is at an HBO level.
Trainers
Our trainers are experienced professionals in the field of cybersecurity and risk management. They have extensive knowledge of the NIS2 and CER directives and their application in various sectors.
Date & Location
7 April 2026 | 09:00 – 13:00 | PwC Utrecht
Costs
The price is 595 euro, including training material, catering/drinks, and certificate. The training is exempt from VAT in connection with our registration with the CRKBO.
For PwC Alumni, a discount of 10% applies. When you register as a PwC Alumnus, please mention in the comments field during registration that you would like to avail the PwC Alumni discount.
Program
| Time | Subject |
| 09:00 - 09:10 | Opening |
| 09:10 - 09:30 | NIS2 and Cybersecurity Act |
| 09:30 - 10:00 | Risk Management (Part 1) |
| 10:00 - 10:10 | Break |
| 10:10 - 11:00 | Risk Management (Part 2) |
| 11:00 - 12:00 | Cybersecurity Measures |
| 12:00 - 12:10 | Break |
| 12:10 - 12:30 | Third Party Risk Management |
| 12:30 - 12:45 | Cybersecurity: pitfalls, do’s and don’ts |
| 12:45 - 13:00 | Closing |
*This program is subject to change.
The training will take place with a minimum of 15 participants.
The registration period generally closes two weeks before the training date. Upon receiving your registration, we will send you a confirmation with additional information about the training. The number of seats available per training is limited, so we encourage you to register as soon as possible. If you are unable to attend, you may send a colleague in your place. Please notify us of this change via email at nl_pwc_academy@pwc.com.
PE-Portfolio accountants (AA and RA)
You can include this training course as a learning activity in your PE portfolio. After the training course, you will receive a certificate of participation (number of hours of training included).
PE points register controllers (RC)
At the end of the training course you will receive a certificate of participation from us with the number of hours of training followed. You can register this yourself on the VRC website.
Note: NIS2 requires, in accordance with Article 20 (included in Article 26 of the Cyberbeveiligingswet), that directors and supervisors must undergo training. The Netherlands still needs to determine the specific requirements that this prescribed training must meet. Therefore, the underlying training cannot yet be considered as proof of compliance with the requirement of Article 26.
Inhouse training
If you are interested in this topic and would like to have this training customized for your organization, we would be happy to discuss your learning objectives, case studies, and desired learning outcomes with you. We can also determine the duration, date, and location of the training in consultation with you. Please feel free to contact us to discuss the possibilities.
Contact us
