In early 2026, the NIS2 Quality Mark was renamed NIS2 Supply Chain. This name change, implemented by the Quality Innovation Foundation, emphasizes the need to ensure digital security throughout the supply chain. It is a quality mark that allows SMEs in particular to demonstrate that they meet the requirements of the upcoming Cybersecurity Act (NIS2).
The change only concerns the name. The content of the standards, the working method and the assessment frameworks for certification remain the same. Ongoing processes, audits already carried out and existing certificates retain their validity. The new name is more in line with the focus on the security of the entire supply chain, a crucial part of the NIS2 directive.
Demonstrably comply with NIS2
The NIS2 Supply Chain is a quality mark that helps organizations demonstrably comply with the cybersecurity requirements of the European NIS2 directive.
These are the most important functions of the quality mark:
- Burden of Proof for Suppliers: It is specifically designed for SMEs that supply to large, NIS2-liable companies. These large customers are legally obliged to check their supply chain, and with this quality mark you can easily demonstrate that your cybersecurity is in order.
- Step-by-step Certification: The quality mark works with levels (QM10, QM20, QM30), allowing companies to gradually grow towards full compliance.
- Practical Guidelines: In contrast to abstract legal texts, the quality mark offers concrete measures for information security and incident reporting.
- Supervision and Audits: Certification takes place via recognized audit agencies, which ensures an independent assessment of the security measures.
In short, it functions as a ‘cyber passport’ to guarantee business continuity within the stricter European legislation. Organizations that want to be NIS2 Supply Chain certified use the RiskStudio Platform to get started quickly and automatically. RiskStudio is a partner of NIS2 Supply Chain.
