Skip to main content

SCOPE FinTech Solutions

The new Cybersecurity Act: Do we need to do anything? (And what about you?)

On August 15, 2026, the Cybersecurity Act (Cbw) will take effect. This is the Dutch implementation of the European NIS2 Directive. The law imposes stricter requirements on the digital resilience of organizations that are critical to society, such as banks, energy companies, and hospitals.
 
A logical question we’ve been hearing more often lately is: Does this law also apply to SCOPE? The short answer is: no, not directly. But we’ve thoroughly looked into it—and we’re ready.

We’ve checked it out

We completed the Dutch government’s official NIS2 self-assessment as part of our ISO 27001 process. The result is clear: the Cybersecurity Act does not apply to SCOPE.
 
This is mainly due to our size. We’re a small company with fewer than 50 employees. As a result, we’re exempt from the law, even though our type of service (IT services) is included among the sectors listed in the law.
 
In practical terms, this means we don’t have to register and don’t have our own reporting obligation under the Cybersecurity Act.

But “not required” is not the same as “doing nothing.”

And here lies the most important point. Many of our clients—financial institutions—are subject to strict cybersecurity regulations: the Cybersecurity Act, or, for the financial sector, the European DORA regulation. As their software provider, we are part of their supply chain. They are therefore entitled to expect that our security measures are in order.
 
Even though the law doesn’t explicitly require us to do so, we take our role in that chain seriously. In fact, we’ve been doing so for quite some time.

How we demonstrate this: ISO 27001

SCOPE has been ISO 27001:2022-certified since March 2026. This is the international standard for information security, assessed by an independent third party. Our management system covers precisely the areas that the Cybersecurity Act deems important:
  • risk management;
  • incident handling and reporting;
  • business continuity;
  • security of our own supply chain.
 
We document this, evaluate it regularly, and are happy to share the proof—our certificate—with customers who request it, for example, for their own audits or for their regulatory authority.
BC Certified Logo ISO 27001 2022 RVA ENG

In short

For SCOPE, the Cybersecurity Act doesn’t change much: we were not subject to it, and this has been confirmed following an assessment. For our clients, that’s actually good news. We are a reliable partner that has everything in order, with an independent ISO 27001 certificate to prove it.
Picture of Ruby Hovenier
Ruby Hovenier
I'm Ruby Hovenier, the digital marketer at SCOPE FinTech Solutions. My focus is on keeping up with the latest news and events within the FinTech, KYC, and Wwft markets. By constantly looking for the latest information on these topics, I ensure that our readers are always up-to-date. My goal is to offer new insights and provide readers with fresh information on developments in these industries. You can find my contributions on our website and in our newsletters.

brochure SCOPE CDD Risk Portal

Ontdek de essentiële componenten en voordelen van het SCOPE CDD Risk Portal voor een effectieve risicobeoordeling. Download de whitepaper om te leren hoe configureerbare criteria en geïntegreerde dataoplossingen uw risicomanagement kunnen versterken.

Brochure API

Maak CDD nog makkelijker, integreer CDD-controles direct in uw eigen software omgeving. Of maak gebruik van een van de oplossingen van onze partners waar de CDD controles al in geïntegreerd zijn. Download hier de brochure.

brochure Compliance Management Portal

With our knowledge and data partners, we have developed the right tools for KYC departments to make your risk assessment process faster, more efficient, and more interesting for employees. Read the benefits in our brochure.