For organizations covered by NIS2 — directly or through their chain
The NIS2 directive requires you to take appropriate measures to secure your supply chain. Exposentry delivers continuous, forensically grounded vulnerability monitoring — defensible evidence that you demonstrably manage your digital attack surface.
NIS2 (implemented in the Netherlands through the Cyberbeveiligingswet) requires essential and important entities to manage risks in their supply chain. You are responsible not only for your own security, but also for overseeing the baseline security of your suppliers and service providers.
The obligation affects tens of thousands of organizations — directly as an essential or important entity, and indirectly as a supplier to such an entity. Regulators expect you to demonstrate which measures you take and to provide evidence of them.
Weekly or monthly scans of your public attack surface, so new vulnerabilities surface quickly instead of once a year.
OpenKAT records how and when a finding was detected. Timestamped evidence you can present to auditors, clients and insurers.
From Professional you export your findings in a format aligned with the management measures of article 21 of the NIS2 directive.
Alongside your own domains, monitor the public attack surface of critical suppliers — an affordable evidence layer for your chain responsibility.
Exposentry is a necessary building block for your vulnerability management and supply chain duty of care — defensible evidence that you continuously monitor your vulnerabilities. It is not a full compliance guarantee: NIS2 also covers governance, incident reporting and organizational measures. We provide the technical evidence, not a legal seal of approval.
No. Exposentry provides a demonstrable technical building block — continuous vulnerability monitoring with forensically grounded evidence. NIS2 also requires governance, incident reporting and organizational measures that fall outside the scope of a scan.
If you are an essential or important entity, the duty applies directly. If you provide services to such an entity, they will likely set requirements for your security — meaning the supply chain duty affects you indirectly.
With timestamped scan evidence and a NIS2 art. 21 export you show that you continuously monitor your public attack surface and address vulnerabilities — evidence you can present to regulators, clients and insurers.
Yes. Alongside your own domains you can monitor the public attack surface of critical suppliers as an affordable evidence layer next to your existing questionnaires.
Begin with a one-time scan from €149 or continuous monitoring from €79/month. NIS2 art. 21 export included from Professional.
Start nowPrefer to run OpenKAT yourself or need your own implementation? Hasecon provides implementation, management and custom development →