For organizations covered by NIS2, directly or through their chain
The NIS2 directive requires you to take appropriate measures to secure your supply chain, and is enforceable in the Netherlands from 15 August 2026 through the Cyberbeveiligingswet. Exposentry delivers continuous, forensically grounded vulnerability monitoring: defensible evidence that you demonstrably manage your digital attack surface.
NIS2 (implemented in the Netherlands through the Cyberbeveiligingswet, in force from 15 August 2026) requires essential and important entities to manage risks in their supply chain. You are responsible not only for your own security, but also for overseeing the baseline security of your suppliers and service providers.
The obligation affects tens of thousands of organizations: directly as an essential or important entity, and indirectly as a supplier to such an entity. Regulators expect you to demonstrate which measures you take and to provide evidence of them.
Weekly or monthly scans of your public attack surface, so new vulnerabilities surface quickly instead of once a year.
OpenKAT records how and when a finding was detected. Timestamped evidence you can present to auditors, clients and insurers.
From NIS2 Monitoring you export your findings in a format aligned with the management measures of article 21 of the NIS2 directive.
Alongside your own domains, monitor the public attack surface of critical suppliers: an affordable evidence layer for your chain responsibility.
Exposentry is a necessary building block for your vulnerability management and supply chain duty of care: defensible evidence that you continuously monitor your vulnerabilities. It is not a full compliance guarantee: NIS2 also covers governance, incident reporting and organizational measures. We provide the technical evidence, not a legal seal of approval.
Demonstrating supply chain due care with a report from the party that manages your environment does not hold up with a critical auditor: that party is judging its own work. Exposentry therefore reports directly to you, never through your IT provider, and has laid down the separation from management and remediation work in its terms and conditions.
No. Exposentry provides a demonstrable technical building block: continuous vulnerability monitoring with forensically grounded evidence. NIS2 also requires governance, incident reporting and organizational measures that fall outside the scope of a scan.
If you are an essential or important entity, the duty applies directly. If you provide services to such an entity, they will likely set requirements for your security, meaning the supply chain duty affects you indirectly. From 15 August 2026, when the Cyberbeveiligingswet is in force, the regulator can also enforce this.
With timestamped scan evidence and a NIS2 art. 21 export you show that you continuously monitor your public attack surface and address vulnerabilities: evidence you can present to regulators, clients and insurers.
Yes. Alongside your own domains you can monitor the public attack surface of critical suppliers as an affordable evidence layer next to your existing questionnaires.
The Cyberbeveiligingswet is in force from 15 August 2026. Start with a €495 baseline scan (fully credited against a yearly subscription) or continuous monitoring from €249/month.
Start nowPrefer to run OpenKAT yourself or need your own implementation? Hasecon provides implementation, management and custom development →