Get compliant. Stay compliant. No security department required.

Veillart tells you what applies to your company, what to do first, and builds the proof file as you work.

Belgian and EU rules like NIS2 now reach thousands of companies that never had a CISO. Veillart turns the legal text into a prioritised to-do list in plain language, collects evidence automatically, and produces the reports your board, insurer and regulator actually ask for.

Am I in scope? Live check
Live
Time before the CyFun verification bottleneck
285
days
22
hours
35
mins

Belgian supervision under NIS2 is already active. Assessor capacity is limited — companies that start early get verified calmly; companies that wait pay rush rates.

Check your company in ten seconds
EssentialHigh likelihood your company is in NIS2 scope

Annex I sector plus large-entity profile points toward Essential treatment and the higher consequence band under Belgian NIS2 execution.

Maximum fine exposureVeillart per year
EUR10M / 2%

The comparison that matters: a year of Veillart costs a fraction of one supervisory incident handled with a weak file.

0

security hires needed — guided workflows in plain language, not security jargon

1

platform for NIS2, CyFun, CRA and supplier duties, so nothing is done twice

3

languages — Dutch, French and English across the product and every report

24/7

monitoring of your domains, email and suppliers, running while you do your actual job

The four jobs the law gives you — handled in one place.

SCOPE

Know exactly what applies

Answer plain questions about your company. Veillart maps them to Belgian NIS2 law, your CyFun level and — if you ship digital products — the CRA, and tells you what you owe and by when.

live from the platformok
10 min

from first login to a documented scope verdict

Belgian NIS2 classification and CyFun level determined for you
CRA duties flagged if you sell hardware or software
Registration and notification deadlines tracked automatically
BASELINE

Reach a defensible baseline

CyFun controls become a prioritised task list your IT person can actually execute — what to do, why it matters, and what counts as done.

live from the platformwarning
1 list

every control translated into plain-language tasks with owners

Tasks ordered by risk reduction, not by paragraph number
Templates for the policies you are expected to have
Progress visible to management without asking IT
EVIDENCE

Collect proof automatically

Screenshots and spreadsheets do not survive scrutiny. Veillart gathers evidence from your systems on a schedule and stores it in a tamper-evident file.

live from the platformok
auto

evidence refreshed on schedule, sealed and dated

Domain, email and perimeter checks run continuously
Supplier answers and attestations filed in one place
Every item timestamped — nothing reconstructed after the fact
REPORT

Report without writing

Board updates, insurer questionnaires and regulator responses are generated from the same evidence file — current, consistent, and ready when someone asks.

live from the platformcritical
1 click

board, insurer and audit outputs from live data

Board pack in the language your board reads
Insurer questionnaires pre-filled from real posture
Incident reporting clocks and drafts ready if the day comes

The deadlines are not waiting for your next budget round.

This is not a future problem. Supervision is running today, and the next waves — verification and product rules — are already scheduled.

In force now

NIS2 is Belgian law and supervision is active.

The CCB expects conformity through the CyberFundamentals framework. In-scope companies must be registered, and inspections have begun.

2026 – 2027

The CyFun verification wave peaks.

Verified labels and audits concentrate in a short window. Assessor calendars fill with prepared companies first — the unprepared queue at rush rates.

From 2027

The CRA adds product-level duties.

If you sell hardware or software in the EU, the Cyber Resilience Act stacks on top. The same evidence spine in Veillart carries you into it without starting over.

A predictable subscription against an unpredictable downside.

Compare the annual cost with what it replaces: recurring consultant projects, insurance friction, and the exposure of facing a regulator with a weak file.

Essential tier, indicative
€42k / year

Roughly one recurring specialist project — except the file stays current every month instead of expiring the day the consultant leaves.

  • Board-ready oversight pack, always current
  • CyFun gap and evidence tracking with owners and dates
  • One reusable narrative for insurer, auditor and regulator
Downside removed
€10M+

The fine ceiling is only part of it. Weak files also mean higher premiums, annual consultant clean-ups, and personal liability for management under NIS2.

  • A supervision file that collapses under questioning
  • Evidence scattered across inboxes and screenshots
  • Yearly consultant rebuilds instead of a living posture

Everyone sees the same file — through their own responsibility.

I need to know we are covered — without becoming a cyber expert myself.

General management
  • A single readiness score you can read in ten seconds
  • Management liability under NIS2 tracked and addressed explicitly
  • Decisions and their dates on record, in your language

See your scope, your gaps and your first 30 days — in one briefing.

Bring your managing director and whoever wears the IT hat. We run the scope check live on your company and show the exact reports your board and insurer will receive.