{"id":28300,"date":"2026-02-01T12:08:06","date_gmt":"2026-02-01T11:08:06","guid":{"rendered":"https:\/\/sunbytes.io\/?p=28300"},"modified":"2026-02-04T08:29:42","modified_gmt":"2026-02-04T07:29:42","slug":"nis2-article-21-supply-chain-security","status":"publish","type":"post","link":"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/","title":{"rendered":"NIS2 Artikel 21 Supply Chain Security: Leveranciersrisico en Vendor Due Diligence voor EU-MKB"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_62 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >In this post<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #0d023e;color:#0d023e\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #0d023e;color:#0d023e\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#TLDR\" title=\"TL;DR\">TL;DR<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#Wat_NIS2_daadwerkelijk_van_je_vraagt\" title=\"Wat NIS2 daadwerkelijk van je vraagt\">Wat NIS2 daadwerkelijk van je vraagt<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#%E2%80%9CDirecte_leveranciers%E2%80%9D_%E2%80%94_een_scope_die_je_team_niet_verplettert\" title=\"\u201cDirecte leveranciers\u201d \u2014 een scope die je team niet verplettert\">\u201cDirecte leveranciers\u201d \u2014 een scope die je team niet verplettert<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#The_%E2%80%9CMinimum_Viable_Supplier_Risk%E2%80%9D_routine_SME-friendly_defensible\" title=\"The \u201cMinimum Viable Supplier Risk\u201d routine (SME-friendly, defensible)\">The \u201cMinimum Viable Supplier Risk\u201d routine (SME-friendly, defensible)<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#Stap_A_%E2%80%94_Maak_een_korte_lijst_met_%E2%80%9Ckritieke_leveranciers%E2%80%9D\" title=\"Stap A \u2014 Maak een korte lijst met \u201ckritieke leveranciers\u201d\">Stap A \u2014 Maak een korte lijst met \u201ckritieke leveranciers\u201d<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#Stap_B_%E2%80%94_Classificeer_leveranciers_op_toegang_en_impact_2-minutenscore\" title=\"Stap B \u2014 Classificeer leveranciers op toegang en impact (2-minutenscore)\">Stap B \u2014 Classificeer leveranciers op toegang en impact (2-minutenscore)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#Stap_C_%E2%80%94_Doe_%E2%80%9Cpassende_checks%E2%80%9D_per_categorie\" title=\"Stap C \u2014 Doe \u201cpassende checks\u201d per categorie\">Stap C \u2014 Doe \u201cpassende checks\u201d per categorie<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#Stap_D_%E2%80%94_Beslis_leg_vast_en_herzie\" title=\"Stap D \u2014 Beslis, leg vast en herzie\">Stap D \u2014 Beslis, leg vast en herzie<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#Contracten_houd_het_simpel_houd_het_echt\" title=\"Contracten: houd het simpel, houd het echt\">Contracten: houd het simpel, houd het echt<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#Waar_dit_echt_speelt_afnemersvragen_en_dealfrictie\" title=\"Waar dit \u00e9cht speelt: afnemersvragen en dealfrictie\">Waar dit \u00e9cht speelt: afnemersvragen en dealfrictie<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#Veelgemaakte_fouten_en_de_betere_aanpak\" title=\"Veelgemaakte fouten (en de betere aanpak)\">Veelgemaakte fouten (en de betere aanpak)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#Wil_je_leveranciersrisico_beheersbaar_maken_%E2%80%94_in_plaats_van_eindeloos\" title=\"Wil je leveranciersrisico beheersbaar maken \u2014 in plaats van eindeloos?\">Wil je leveranciersrisico beheersbaar maken \u2014 in plaats van eindeloos?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#Over_Sunbytes_Transform_%C2%B7_Secure_%C2%B7_Accelerate\" title=\"Over Sunbytes: Transform \u00b7 Secure \u00b7 Accelerate\">Over Sunbytes: Transform \u00b7 Secure \u00b7 Accelerate<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#FAQs\" title=\"FAQs\">FAQs<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#Laten_we_beginnen_met_Sunbytes\" title=\"Laten we beginnen met Sunbytes\">Laten we beginnen met Sunbytes<\/a><\/li><\/ul><\/nav><\/div>\n\n<p class=\" eplus-wrapper\">Veel gesprekken over NIS2 beginnen bij beleid.<br>Maar veel echte incidenten beginnen ergens anders:<\/p>\n\n\n<ul class=\" eplus-wrapper eplus-styles-uid-a10c14\">\n<li class=\" eplus-wrapper\">Een leveranciersaccount dat nooit correct is afgesloten<\/li>\n\n\n\n<li class=\" eplus-wrapper\">Een SaaS-tool waarin \u201ciedereen admin is\u201d<\/li>\n\n\n\n<li class=\" eplus-wrapper\">Een managed service provider met te veel toegang, te lang<\/li>\n<\/ul>\n\n\n<p class=\" eplus-wrapper\">Daarom behandelt NIS2 ketenrisico niet als een \u201coptionele extra\u201d. Het plaatst dit expliciet binnen de risicobeheersmaatregelen van <strong>Artikel 21<\/strong> \u2014 inclusief de beveiligingsaspecten van je relaties met <strong>directe leveranciers of dienstverleners<\/strong>.<\/p>\n\n\n\n<p class=\" eplus-wrapper\">Dit artikel is bewust praktisch opgezet. Geen juridische diepduiken, geen \u201cdownload dit template\u201d. Wel: een heldere aanpak die EU-MKB\u2019s kunnen gebruiken om vertrouwen op te bouwen en verdedigbaar te blijven wanneer klanten (en toezichthouders) vragen: Hoe beheersen jullie leveranciersrisico?<\/p>\n\n\n\n<p class=\" eplus-wrapper\">Weet je nog niet zeker of NIS2 op jouw organisatie van toepassing is? Begin hier:<strong> <\/strong><a href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/is-nis2-op-ons-van-toepassing\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Check of NIS2 van toepassing is op jouw organisatie<\/strong>.<\/a><\/p>\n\n\n\n<h2 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"TLDR\"><\/span>TL;DR<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n<ul class=\" eplus-wrapper eplus-styles-uid-fc7e89\">\n<li class=\" eplus-wrapper\">NIS2 verwacht dat je leveranciersrisico meeneemt in je cybersecurity-risicomanagement<\/li>\n\n\n\n<li class=\" eplus-wrapper\">Begin bij <strong>directe leveranciers\/dienstverleners<\/strong> \u2014 probeer niet meteen alles te omvatten<\/li>\n\n\n\n<li class=\" eplus-wrapper\">Het doel is niet \u201cperfecte leveranciers\u201d, maar <strong>herhaalbare checks + duidelijke besluiten + bewijs<\/strong><\/li>\n\n\n\n<li class=\" eplus-wrapper\">Als vragenlijsten van afnemers deals al vertragen, bouw dan een responsesysteem: <strong><a href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/vendor-security-questionnaires\/\" target=\"_blank\" rel=\"noreferrer noopener\">Vendor security questionnaires: hoe mkb\u2019s sneller reageren<\/a><\/strong><\/li>\n\n\n\n<li class=\" eplus-wrapper\">Voor het complete NIS2-overzicht en prioriteiten: <strong><a href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-compliance-readiness-checklist-voor-eu-mkb\/\" target=\"_blank\" rel=\"noreferrer noopener\">NIS2 readiness checklist voor EU-MKB\u2019s<\/a><\/strong><\/li>\n<\/ul>\n\n<ul class=\" eplus-wrapper eplus-styles-uid-1750f3\">\n<li class=\" eplus-wrapper\">\n<\/ul>\n\n\n<h2 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"Wat_NIS2_daadwerkelijk_van_je_vraagt\"><\/span>Wat NIS2 daadwerkelijk van je vraagt<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\" wp-block-image aligncenter size-full eplus-wrapper\"><img decoding=\"async\" width=\"1000\" height=\"533\" src=\"https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/NIS2-Article-21-Supply-Chain-Security.webp\" alt=\"NIS2 Article 21 Supply Chain Security\" class=\"wp-image-28313\" srcset=\"https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/NIS2-Article-21-Supply-Chain-Security.webp 1000w, https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/NIS2-Article-21-Supply-Chain-Security-300x160.webp 300w, https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/NIS2-Article-21-Supply-Chain-Security-768x409.webp 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<p class=\" eplus-wrapper\">Artikel 21 neemt supply chain security expliciet op in de minimale set risicobeheersmaatregelen en noemt daarbij nadrukkelijk de relatie met je <strong>directe leveranciers of dienstverleners<\/strong>.<\/p>\n\n\n\n<p class=\" eplus-wrapper\">In normaal Nederlands betekent dat:<\/p>\n\n\n\n<p class=\" eplus-wrapper\">Je moet kunnen aantonen dat je weet <strong>welke leveranciers ertoe doen<\/strong>, dat je ze <strong>op een redelijke manier beoordeelt<\/strong>, en dat je je risico niet simpelweg \u201cuitbesteedt\u201d omdat een ander een deel van je stack beheert.<\/p>\n\n\n\n<p class=\" eplus-wrapper\">Ook belangrijk: de richtlijn stuurt erop aan om <strong>cybersecuritymaatregelen op te nemen in contractuele afspraken<\/strong> met directe leveranciers en dienstverleners (opnieuw: eerst direct).<\/p>\n\n\n\n<p class=\" eplus-wrapper\">Dit is een <strong>vertrouwensmechanisme<\/strong>, geen papieren exercitie.<\/p>\n\n\n\n<h2 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"%E2%80%9CDirecte_leveranciers%E2%80%9D_%E2%80%94_een_scope_die_je_team_niet_verplettert\"><\/span>\u201cDirecte leveranciers\u201d \u2014 een scope die je team niet verplettert<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\" eplus-wrapper\">Hier gaat het vaak mis. MKB\u2019s lezen \u201csupply chain security\u201d en zien meteen een eindeloze audit van elke leverancier waar ooit een factuur van is betaald.<\/p>\n\n\n\n<p class=\" eplus-wrapper\">Dat is niet de bedoeling. NIS2 richt zich in eerste instantie op <strong>directe leveranciers\/dienstverleners<\/strong> \u2014 partijen waar je op leunt om je dienstverlening te leveren of je operatie draaiende te houden.<\/p>\n\n\n\n<p class=\" eplus-wrapper\">Een eenvoudige manier om \u201cdirect\u201d in jouw context te defini\u00ebren:<\/p>\n\n\n<ul class=\" eplus-wrapper eplus-styles-uid-c0d921\">\n<li class=\" eplus-wrapper\">leveranciers die <strong>toegang hebben tot je data<\/strong>, of<\/li>\n\n\n\n<li class=\" eplus-wrapper\">leveranciers die <strong>toegang hebben tot je systemen<\/strong>, of<\/li>\n\n\n\n<li class=\" eplus-wrapper\">leveranciers die <strong>je dienstverlening kunnen verstoren<\/strong> als zij uitvallen<\/li>\n<\/ul>\n\n\n<p class=\" eplus-wrapper\">Voldoet een leverancier aan geen van deze criteria? Dan is dat meestal niet waar je begint.<\/p>\n\n\n\n<h2 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"The_%E2%80%9CMinimum_Viable_Supplier_Risk%E2%80%9D_routine_SME-friendly_defensible\"><\/span><strong>The \u201cMinimum Viable Supplier Risk\u201d routine (SME-friendly, defensible)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\" eplus-wrapper\">Je hebt geen zwaar third-party riskprogramma nodig om serieus genomen te worden. Je hebt iets nodig dat <strong>herhaalbaar<\/strong> is.<\/p>\n\n\n\n<figure class=\" wp-block-image aligncenter size-full eplus-wrapper\"><img decoding=\"async\" width=\"1000\" height=\"667\" src=\"https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/Minimum-Viable-Supplier-Risk.webp\" alt=\"\" class=\"wp-image-28311\" srcset=\"https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/Minimum-Viable-Supplier-Risk.webp 1000w, https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/Minimum-Viable-Supplier-Risk-300x200.webp 300w, https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/Minimum-Viable-Supplier-Risk-768x512.webp 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<h3 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"Stap_A_%E2%80%94_Maak_een_korte_lijst_met_%E2%80%9Ckritieke_leveranciers%E2%80%9D\"><\/span>Stap A \u2014 Maak een korte lijst met \u201ckritieke leveranciers\u201d<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\" eplus-wrapper\">Richtlijn: <strong>maximaal 10\u201320<\/strong> om mee te starten:<\/p>\n\n\n<ul class=\" eplus-wrapper eplus-styles-uid-9b11dd\">\n<li class=\" eplus-wrapper\">cloud hosting \/ infrastructuur<\/li>\n\n\n\n<li class=\" eplus-wrapper\">identity provider \/ SSO<\/li>\n\n\n\n<li class=\" eplus-wrapper\">managed IT \/ MSP \/ MSSP<\/li>\n\n\n\n<li class=\" eplus-wrapper\">kern-SaaS waarin klantdata staat<\/li>\n\n\n\n<li class=\" eplus-wrapper\">cruciale code-afhankelijkheden (als je software levert)<\/li>\n<\/ul>\n\n\n<h3 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"Stap_B_%E2%80%94_Classificeer_leveranciers_op_toegang_en_impact_2-minutenscore\"><\/span>Stap B \u2014 Classificeer leveranciers op toegang en impact (2-minutenscore)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\" eplus-wrapper\">Stel twee vragen:<\/p>\n\n\n<ol class=\" eplus-wrapper eplus-styles-uid-f9530f\">\n<li class=\" eplus-wrapper\">Als deze leverancier wordt gecompromitteerd, kan dat de <strong>vertrouwelijkheid, integriteit of beschikbaarheid<\/strong> van onze dienst be\u00efnvloeden?<\/li>\n\n\n\n<li class=\" eplus-wrapper\">Hoeveel toegang hebben zij (data \/ systeem \/ admin)?<\/li>\n<\/ol>\n\n\n<p class=\" eplus-wrapper\">Deel ze vervolgens in drie categorie\u00ebn:<\/p>\n\n\n<ul class=\" eplus-wrapper eplus-styles-uid-0de755\">\n<li class=\" eplus-wrapper\"><strong>Kritiek<\/strong> (hoge toegang + hoge impact)<\/li>\n\n\n\n<li class=\" eplus-wrapper\"><strong>Belangrijk<\/strong><\/li>\n\n\n\n<li class=\" eplus-wrapper\"><strong>Laag risico<\/strong>Stap D \u2014 Beslis, leg vast en herzie<\/li>\n<\/ul>\n\n\n<h3 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"Stap_C_%E2%80%94_Doe_%E2%80%9Cpassende_checks%E2%80%9D_per_categorie\"><\/span>Stap C \u2014 Doe \u201cpassende checks\u201d per categorie<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\" eplus-wrapper\">Voor <strong>kritieke leveranciers<\/strong> wil je een beknopt maar stevig setje signalen:<\/p>\n\n\n<ul class=\" eplus-wrapper eplus-styles-uid-162a99\">\n<li class=\" eplus-wrapper\">hebben ze beveiligingscontacten en een incidentproces?<\/li>\n\n\n\n<li class=\" eplus-wrapper\">MFA\/SSO-ondersteuning en toegangsbeheer<\/li>\n\n\n\n<li class=\" eplus-wrapper\">back-up \/ BCP-aanpak waar relevant<\/li>\n\n\n\n<li class=\" eplus-wrapper\">kwetsbaarheden- en patchbeleid<\/li>\n\n\n\n<li class=\" eplus-wrapper\">bewijs of geloofwaardige attestaties waar mogelijk (niet altijd een certificaat)<\/li>\n<\/ul>\n\n\n<p class=\" eplus-wrapper\">Voor <strong>belangrijke leveranciers<\/strong>: minder checks. Voor <strong>laag risico<\/strong>: documenteer waarom ze laag risico zijn \u2014 en ga verder.<\/p>\n\n\n\n<h3 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"Stap_D_%E2%80%94_Beslis_leg_vast_en_herzie\"><\/span>Stap D \u2014 Beslis, leg vast en herzie<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\" eplus-wrapper\">De kracht zit niet in de checklist, maar in het <strong>besluitvormingsspoor<\/strong>:<\/p>\n\n\n<ul class=\" eplus-wrapper eplus-styles-uid-ebbe7b\">\n<li class=\" eplus-wrapper\">wat je hebt gecontroleerd<\/li>\n\n\n\n<li class=\" eplus-wrapper\">wat je hebt geaccepteerd<\/li>\n\n\n\n<li class=\" eplus-wrapper\">wat je hebt gemitigeerd<\/li>\n\n\n\n<li class=\" eplus-wrapper\">wat je opnieuw beoordeelt (bijv. jaarlijks of bij wijzigingen)<\/li>\n<\/ul>\n\n\n<p class=\" eplus-wrapper\">Dat <strong>bewijs\u00adspoor<\/strong> is wat je later geloofwaardig maakt.<\/p>\n\n\n\n<h2 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"Contracten_houd_het_simpel_houd_het_echt\"><\/span>Contracten: houd het simpel, houd het echt<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\" eplus-wrapper\">NIS2 benadrukt het belang van het vastleggen van cybersecurity-verwachtingen in contracten met directe leveranciers en dienstverleners.<\/p>\n\n\n\n<p class=\" eplus-wrapper\">Voor MKB\u2019s hoef je geen 20 pagina\u2019s aan clausules toe te voegen. Begin voor <strong>kritieke leveranciers<\/strong> met vier praktische afspraken:<\/p>\n\n\n<ul class=\" eplus-wrapper eplus-styles-uid-7c827b\">\n<li class=\" eplus-wrapper\">meldplicht bij beveiligingsincidenten (termijnen + contactpunten)<\/li>\n\n\n\n<li class=\" eplus-wrapper\">toegangsbeheer (least privilege, MFA waar haalbaar)<\/li>\n\n\n\n<li class=\" eplus-wrapper\">transparantie over subverwerkers\/subcontractors bij gevoelige datastromen<\/li>\n\n\n\n<li class=\" eplus-wrapper\">recht op bewijs (niet \u201calles mogen auditen\u201d, maar redelijk aantoonbaar)<\/li>\n<\/ul>\n\n\n<p class=\" eplus-wrapper\">Helderheid en consistentie wekken vertrouwen \u2014 ook als je geen enterprise-gigant bent.<\/p>\n\n\n\n<figure class=\" wp-block-image aligncenter size-full eplus-wrapper\"><img decoding=\"async\" width=\"1000\" height=\"667\" src=\"https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/security-contract.webp\" alt=\"\" class=\"wp-image-28309\" srcset=\"https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/security-contract.webp 1000w, https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/security-contract-300x200.webp 300w, https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/security-contract-768x512.webp 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<h2 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"Waar_dit_echt_speelt_afnemersvragen_en_dealfrictie\"><\/span>Waar dit \u00e9cht speelt: afnemersvragen en dealfrictie<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\" eplus-wrapper\">Zelfs als NIS2 niet rechtstreeks op jou van toepassing is, raakt het je vaak <strong>via je klanten<\/strong>.<\/p>\n\n\n\n<p class=\" eplus-wrapper\">Wanneer gereguleerde afnemers hun leveranciers scherper toetsen, merk je dat als:<\/p>\n\n\n<ul class=\" eplus-wrapper eplus-styles-uid-2068f7\">\n<li class=\" eplus-wrapper\">security questionnaires<\/li>\n\n\n\n<li class=\" eplus-wrapper\">verzoeken om bewijs<\/li>\n\n\n\n<li class=\" eplus-wrapper\">vervolgvragen als: \u201ckun je dit aantonen?\u201d<\/li>\n<\/ul>\n\n\n<p class=\" eplus-wrapper\">Precies daarom adviseren we een <strong>herhaalbaar responsesysteem<\/strong> zoals een <strong><a href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/vendor-security-questionnaires\/\" target=\"_blank\" rel=\"noreferrer noopener\">Answer Pack<\/a><\/strong>: \u00e9\u00e9n interne bron met standaardantwoorden + bewijs + veilige uitzonderingsformuleringen.<\/p>\n\n\n\n<p class=\" eplus-wrapper\">Als je deze verzoeken al krijgt, is dit een van de <strong>snelste vertrouwenswinsten<\/strong> die je kunt boeken \u2014 zonder nieuwe tooling.<\/p>\n\n\n\n<h2 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"Veelgemaakte_fouten_en_de_betere_aanpak\"><\/span>Veelgemaakte fouten (en de betere aanpak)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\" eplus-wrapper\"><strong>Fout 1: Elke leverancier proberen te beoordelen<\/strong><br>\u2192 <strong>Beter:<\/strong> Begin bij direct + kritisch<\/p>\n\n\n\n<p class=\" eplus-wrapper\"><strong>Fout 2: \u201cWe zijn compliant\u201d zeggen zonder bewijs<\/strong><br>\u2192 <strong>Beter:<\/strong> Toon bewijs en wees eerlijk over gaps, m\u00e9t plan<\/p>\n\n\n\n<p class=\" eplus-wrapper\"><strong>Fout 3: Leverancierschecks als een eenmalige actie zien<\/strong><br>\u2192 <strong>Beter:<\/strong> Maak het herhaalbaar (jaarlijks + bij wijzigingen)<\/p>\n\n\n\n<p class=\" eplus-wrapper\"><strong>Fout 4: Leveranciersrisico bij IT parkeren<\/strong><br>\u2192 <strong>Beter:<\/strong> Behandel het als een bedrijfsrisico met duidelijk eigenaarschap<\/p>\n\n\n\n<h2 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"Wil_je_leveranciersrisico_beheersbaar_maken_%E2%80%94_in_plaats_van_eindeloos\"><\/span>Wil je leveranciersrisico beheersbaar maken \u2014 in plaats van eindeloos?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\" eplus-wrapper\">Wij maken van leveranciersrisico geen bureaucratie.<br>We helpen je een <strong>pragmatische, bewijsbare aanpak<\/strong> te bouwen die past bij jouw omvang, sector en delivery-stack.<\/p>\n\n\n<ul class=\" eplus-wrapper eplus-styles-uid-faee35\">\n<li class=\" eplus-wrapper\">Praktische leveranciersrisico-routine afgestemd op Artikel 21<\/li>\n\n\n\n<li class=\" eplus-wrapper\">Documentatie die klaar is voor klant-due-diligence<\/li>\n<\/ul>\n\n\n<div class=\" wp-block-cover alignfull is-repeated eplus-wrapper\" style=\"min-height:146px\"><span aria-hidden=\"true\" class=\"wp-block-cover__background has-background-dim-40 has-background-dim\" style=\"background-color:#000000\"><\/span><div role=\"img\" class=\"wp-block-cover__image-background wp-image-24902 is-repeated\" style=\"background-position:50% 50%;background-image:url(https:\/\/sunbytes.io\/app\/uploads\/2025\/12\/test.png)\"><\/div><div class=\"wp-block-cover__inner-container is-layout-flow wp-block-cover-is-layout-flow\"><p class=\" has-text-align-center eplus-wrapper eplus-styles-uid-b908a8\" style=\"font-size:25px\"><strong>Leveringsproces conform ISO 27001<\/strong> <strong>\u2022 GDPR-bewust ontworpen<\/strong> <strong>\u2022 Ervaring met ondersteuning van ISO 27001<\/strong><\/p>\n\n\n<div class=\" wp-block-buttons eplus-wrapper is-content-justification-center is-layout-flex wp-container-core-buttons-layout-1 wp-block-buttons-is-layout-flex\"><div class=\" wp-block-button eplus-wrapper eplus-styles-uid-4417d6\"><a class=\"wp-block-button__link has-luminous-vivid-amber-background-color has-background wp-element-button\" href=\"https:\/\/sunbytes.io\/nl\/cybersecurity-service-provider\/sunbytes-compliance-readiness\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Plan een gesprek over naleving van regelgeving<\/strong><\/a><\/div><\/div>\n<\/div><\/div>\n\n\n\n<h2 class=\" wp-block-heading eplus-wrapper\"><span class=\"ez-toc-section\" id=\"Over_Sunbytes_Transform_%C2%B7_Secure_%C2%B7_Accelerate\"><\/span>Over Sunbytes: Transform \u00b7 Secure \u00b7 Accelerate<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\" eplus-wrapper\"><strong><a href=\"https:\/\/sunbytes.io\/nl\/\" target=\"_blank\" rel=\"noreferrer noopener\">Sunbytes<\/a><\/strong> is gebouwd rond drie pijlers die elkaar versterken:<\/p>\n\n\n<ul class=\" eplus-wrapper eplus-styles-uid-92945d\">\n<li class=\" eplus-wrapper\"><strong><a href=\"https:\/\/sunbytes.io\/nl\/tech-service\/\" target=\"_blank\" rel=\"noreferrer noopener\">Transform:<\/a><\/strong> We moderniseren producten en delivery \u2014 zodat groei geen verborgen kwetsbaarheid introduceert<\/li>\n\n\n\n<li class=\" eplus-wrapper\"><strong><a href=\"https:\/\/sunbytes.io\/nl\/cybersecurity-service-provider\/\" target=\"_blank\" rel=\"noreferrer noopener\">Secure:<\/a><\/strong> We maken cybersecurity praktisch en operationeel \u2014 zodat risicobeheersing onderdeel wordt van hoe je levert<\/li>\n\n\n\n<li class=\" eplus-wrapper\"><strong><a href=\"https:\/\/sunbytes.io\/nl\/hr-diensten\/\" target=\"_blank\" rel=\"noreferrer noopener\">Accelerate<\/a>:<\/strong> We helpen organisaties schalen met de juiste mensen en systemen \u2014 zodat snelheid niet ten koste gaat van kwaliteit of compliance<\/li>\n<\/ul>\n\n\n<p class=\" eplus-wrapper\">Samen helpen deze pijlers EU-MKB\u2019s om te bewegen van <strong>\u201cwe denken dat het wel goed zit\u201d<\/strong> naar <strong>\u201cwe kunnen het aantonen\u201d<\/strong> \u2014 zeker wanneer leveranciersrisico de kortste route naar echte incidenten blijkt.<\/p>\n\n\n<div\n    class=\"block-faq row justify-content-lg-center \"\n    id=\"block_2cf6f615aadc493f854cd562b6558221\"\n  >\n    <div class=\"col-lg-10\">\n      <h2 class=\"block-faq__title\"><span class=\"ez-toc-section\" id=\"FAQs\"><\/span>FAQs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n      <div class=\"block-faq__content\" id=\"faq-accordion\">\n                              <div class=\"block-faq__item\">\n              <div class=\"block-faq__question\" role=\"button\" data-toggle=\"collapse\" data-target=\"#faq-0\" aria-expanded=\"false\" aria-controls=\"faq-0\">\n                Wat bedoelt NIS2 met \u201csupply chain security\u201d?\n                <span class=\"block-faq__icon\"><\/span>\n              <\/div>\n              <div id=\"faq-0\" class=\"block-faq__answer collapse\" data-parent=\"#faq-accordion\">\n                <div class=\"block-faq__inner\"><p>Het omvat beveiligingsaspecten van je relaties met directe leveranciers of dienstverleners als onderdeel van je risicobeheersmaatregelen.<\/p>\n<\/div>\n              <\/div>\n            <\/div>\n                                        <div class=\"block-faq__item\">\n              <div class=\"block-faq__question\" role=\"button\" data-toggle=\"collapse\" data-target=\"#faq-1\" aria-expanded=\"false\" aria-controls=\"faq-1\">\n                Hebben EU-MKB\u2019s een volledig third-party riskprogramma nodig voor NIS2?\n                <span class=\"block-faq__icon\"><\/span>\n              <\/div>\n              <div id=\"faq-1\" class=\"block-faq__answer collapse\" data-parent=\"#faq-accordion\">\n                <div class=\"block-faq__inner\"><p>Niet per se. Een herhaalbare, proportionele aanpak met focus op directe kritieke leveranciers, duidelijke besluiten en bewijs is vaak de sterkste start.<\/p>\n<\/div>\n              <\/div>\n            <\/div>\n                                        <div class=\"block-faq__item\">\n              <div class=\"block-faq__question\" role=\"button\" data-toggle=\"collapse\" data-target=\"#faq-2\" aria-expanded=\"false\" aria-controls=\"faq-2\">\n                Hoe verhouden security questionnaires van afnemers zich tot NIS2?\n                <span class=\"block-faq__icon\"><\/span>\n              <\/div>\n              <div id=\"faq-2\" class=\"block-faq__answer collapse\" data-parent=\"#faq-accordion\">\n                <div class=\"block-faq__inner\"><p>Omdat afnemers verantwoordelijk worden voor hun eigen leveranciersrisico, vragen zij om bewijs. Een <a href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/vendor-security-questionnaires\/\" target=\"_blank\" rel=\"noopener\">Answer Pack<\/a> verhoogt snelheid en consistentie.<\/p>\n<\/div>\n              <\/div>\n            <\/div>\n                                        <div class=\"block-faq__item\">\n              <div class=\"block-faq__question\" role=\"button\" data-toggle=\"collapse\" data-target=\"#faq-3\" aria-expanded=\"false\" aria-controls=\"faq-3\">\n                Moeten cybersecurity-eisen in leverancierscontracten worden opgenomen?\n                <span class=\"block-faq__icon\"><\/span>\n              <\/div>\n              <div id=\"faq-3\" class=\"block-faq__answer collapse\" data-parent=\"#faq-accordion\">\n                <div class=\"block-faq__inner\"><p>NIS2 onderstreept het belang van het opnemen van cybersecuritymaatregelen in contractuele afspraken met directe leveranciers en dienstverleners.<\/p>\n<\/div>\n              <\/div>\n            <\/div>\n                        <\/div>\n    <\/div>\n  <\/div>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" id=\"contact\" class=\"contact wp-block-spacer eplus-wrapper\"><\/div>\n\n\n<section\n    class=\"conversion-form \"\n    id=\"block_84c7c3e297f7f6ac53f1fe4728e2ba81\"\n    style=\"background-image: url(https:\/\/sunbytes.io\/app\/uploads\/2018\/05\/background-network-1.png)\"\n  >\n    <div class=\"container\">\n      <div class=\"row justify-content-md-center\">\n        <div class=\"col-md-10 col-lg-8\">\n          <div class=\"conversion-form__inner\">\n            <div class=\"col-12 col-sm-10 offset-sm-1\">\n              <h2 class=\"conversion-form__title\"><span class=\"ez-toc-section\" id=\"Laten_we_beginnen_met_Sunbytes\"><\/span>Laten we beginnen met Sunbytes<span class=\"ez-toc-section-end\"><\/span><\/h2>\n                              <p>Laat ons uw eisen voor het team weten en wij nemen meteen contact met u op.<\/p>\n                                            <script type=\"text\/javascript\">var gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,initializeOnLoaded:function(o){gform.domLoaded&&gform.scriptsLoaded?o():!gform.domLoaded&&gform.scriptsLoaded?window.addEventListener(\"DOMContentLoaded\",o):document.addEventListener(\"gform_main_scripts_loaded\",o)},hooks:{action:{},filter:{}},addAction:function(o,n,r,t){gform.addHook(\"action\",o,n,r,t)},addFilter:function(o,n,r,t){gform.addHook(\"filter\",o,n,r,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,n){gform.removeHook(\"action\",o,n)},removeFilter:function(o,n,r){gform.removeHook(\"filter\",o,n,r)},addHook:function(o,n,r,t,i){null==gform.hooks[o][n]&&(gform.hooks[o][n]=[]);var e=gform.hooks[o][n];null==i&&(i=n+\"_\"+e.length),gform.hooks[o][n].push({tag:i,callable:r,priority:t=null==t?10:t})},doHook:function(n,o,r){var t;if(r=Array.prototype.slice.call(r,1),null!=gform.hooks[n][o]&&((o=gform.hooks[n][o]).sort(function(o,n){return o.priority-n.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==n?t.apply(null,r):r[0]=t.apply(null,r)})),\"filter\"==n)return r[0]},removeHook:function(o,n,t,i){var r;null!=gform.hooks[o][n]&&(r=(r=gform.hooks[o][n]).filter(function(o,n,r){return!!(null!=i&&i!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][n]=r)}});<\/script>\n                <div class='gf_browser_gecko gform_wrapper gravity-theme gform-theme--no-framework' data-form-theme='gravity-theme' data-form-index='0' id='gform_wrapper_11' ><div id='gf_11' class='gform_anchor' tabindex='-1'><\/div><form method='post' enctype='multipart\/form-data' target='gform_ajax_frame_11' id='gform_11'  action='\/nl\/wp-json\/wp\/v2\/posts\/28300#gf_11' data-formid='11' novalidate> \r\n <input type='hidden' class='gforms-pum' value='{\"closepopup\":false,\"closedelay\":0,\"openpopup\":false,\"openpopup_id\":0}' \/>\n                        <div class='gform-body gform_body'><div id='gform_fields_11' class='gform_fields top_label form_sublabel_below description_below'><div id=\"field_11_12\" class=\"gfield gfield--type-text gfield--input-type-text gfield--width-full hidden_label gfield_contains_required field_sublabel_below gfield--no-description field_description_below hidden_label gfield_visibility_visible\"  data-js-reload=\"field_11_12\" ><label class='gfield_label gform-field-label' for='input_11_12'>Uw naam<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Vereist)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_12' id='input_11_12' type='text' value='' class='large'    placeholder='Uw naam' aria-required=\"true\" aria-invalid=\"false\"   \/> <\/div><\/div><div id=\"field_11_2\" class=\"gfield gfield--type-text gfield--input-type-text gfield--width-half hidden_label gfield_contains_required field_sublabel_below gfield--no-description field_description_below gfield_visibility_visible\"  data-js-reload=\"field_11_2\" ><label class='gfield_label gform-field-label' for='input_11_2'>Organization<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Vereist)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_2' id='input_11_2' type='text' value='' class='large'    placeholder='Organisatie' aria-required=\"true\" aria-invalid=\"false\"   \/> <\/div><\/div><div id=\"field_11_16\" class=\"gfield gfield--type-text gfield--input-type-text gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below hidden_label gfield_visibility_visible\"  data-js-reload=\"field_11_16\" ><label class='gfield_label gform-field-label' for='input_11_16'>Functietitel<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Vereist)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_16' id='input_11_16' type='text' value='' class='large'    placeholder='Functietitel' aria-required=\"true\" aria-invalid=\"false\"   \/> <\/div><\/div><div id=\"field_11_3\" class=\"gfield gfield--type-email gfield--input-type-email gfield--width-half hidden_label gfield_contains_required field_sublabel_below gfield--no-description field_description_below hidden_label gfield_visibility_visible\"  data-js-reload=\"field_11_3\" ><label class='gfield_label gform-field-label' for='input_11_3'>Email<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Vereist)<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_3' id='input_11_3' type='email' value='' class='large'   placeholder='E-mailadres' aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/div><div id=\"field_11_13\" class=\"gfield gfield--type-phone gfield--input-type-phone gfield--width-half field_sublabel_below gfield--no-description field_description_below hidden_label gfield_visibility_visible\"  data-js-reload=\"field_11_13\" ><label class='gfield_label gform-field-label' for='input_11_13'>Phone<\/label><div class='ginput_container ginput_container_phone'><input name='input_13' id='input_11_13' type='tel' value='' class='large'  placeholder='Telefoonnummer'  aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_11_17\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full gfield_contains_required field_sublabel_below gfield--no-description field_description_below hidden_label gfield_visibility_visible\"  data-js-reload=\"field_11_17\" ><label class='gfield_label gform-field-label' for='input_11_17'>Land<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Vereist)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_17' id='input_11_17' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected' class='gf_placeholder'>Land<\/option><option value='Australia\/New Zealand (ANZ)' >Australia\/New Zealand (ANZ)<\/option><option value='Canada' >Canada<\/option><option value='Germany' >Germany<\/option><option value='Hong Kong' >Hong Kong<\/option><option value='Netherlands' >Netherlands<\/option><option value='Singapore' >Singapore<\/option><option value='United Kingdom' >United Kingdom<\/option><option value='United States of America' >United States of America<\/option><option value='Vietnam' >Vietnam<\/option><option value='Anders...' >Anders&#8230;<\/option><\/select><\/div><\/div><div id=\"field_11_11\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full gfield_contains_required field_sublabel_below gfield--no-description field_description_below hidden_label gfield_visibility_visible\"  data-js-reload=\"field_11_11\" ><label class='gfield_label gform-field-label' for='input_11_11'>Requirements<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Vereist)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_11' id='input_11_11' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected' class='gf_placeholder'>Waar heeft u interesse in?<\/option><option value='Maatwerk Software ontwikkeling' >Maatwerk Software ontwikkeling<\/option><option value='Dedicated specialisten' >Dedicated specialisten<\/option><option value='Cybersecurity diensten' >Cybersecurity diensten<\/option><option value='HR Diensten' >HR Diensten<\/option><option value='Anders...' >Anders&#8230;<\/option><\/select><\/div><\/div><div id=\"field_11_18\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full gfield_contains_required field_sublabel_below gfield--no-description field_description_below hidden_label gfield_visibility_visible\"  data-js-reload=\"field_11_18\" ><label class='gfield_label gform-field-label' for='input_11_18'>Hoe heb je over ons gehoord?<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Vereist)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_18' id='input_11_18' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected' class='gf_placeholder'>Hoe heb je over ons gehoord?<\/option><option value='LinkedIn' >LinkedIn<\/option><option value='Clutch' >Clutch<\/option><option value='Newsletter' >Newsletter<\/option><option value='Doorverwijzing' >Doorverwijzing<\/option><option value='Zoekmachine (Google, Bing, etc)' >Zoekmachine (Google, Bing, etc)<\/option><option value='Email' >Email<\/option><option value='Anders...' >Anders&#8230;<\/option><\/select><\/div><\/div><div id=\"field_11_19\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield--width-full field_sublabel_below gfield--no-description field_description_below hidden_label gfield_visibility_visible\"  data-js-reload=\"field_11_19\" ><label class='gfield_label gform-field-label' for='input_11_19'>Aanvullende informatie over uw verzoek.<\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_19' id='input_11_19' class='textarea large'    placeholder='Aanvullende informatie over uw verzoek.'  aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/div><fieldset id=\"field_11_7\" class=\"gfield gfield--type-checkbox gfield--type-choice gfield--input-type-checkbox hidden_label contact-form__agree mb-0 gfield_contains_required field_sublabel_below gfield--no-description field_description_below gfield_visibility_visible\"  data-js-reload=\"field_11_7\" ><legend class='gfield_label gform-field-label screen-reader-text gfield_label_before_complex' ><span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Vereist)<\/span><\/span><\/legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_11_7'><div class='gchoice gchoice_11_7_1'>\n\t\t\t\t\t\t\t\t<input class='gfield-choice-input' name='input_7.1' type='checkbox'  value='Ik geef Sunbytes toestemming om telefonisch of per e-mail contact op te nemen.'  id='choice_11_7_1'   \/>\n\t\t\t\t\t\t\t\t<label for='choice_11_7_1' id='label_11_7_1' class='gform-field-label gform-field-label--type-inline'>Ik geef Sunbytes toestemming om telefonisch of per e-mail contact op te nemen.<\/label>\n\t\t\t\t\t\t\t<\/div><\/div><\/div><\/fieldset><fieldset id=\"field_11_14\" class=\"gfield gfield--type-checkbox gfield--type-choice gfield--input-type-checkbox hidden_label contact-form__agree gfield_contains_required field_sublabel_below gfield--no-description field_description_below gfield_visibility_visible\"  data-js-reload=\"field_11_14\" ><legend class='gfield_label gform-field-label gfield_label_before_complex' >Untitled<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Vereist)<\/span><\/span><\/legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_11_14'><div class='gchoice gchoice_11_14_1'>\n\t\t\t\t\t\t\t\t<input class='gfield-choice-input' name='input_14.1' type='checkbox'  value='Ik ga akkoord met &lt;a href=&quot;https:\/\/sunbytes.io\/general-terms-and-conditions\/&quot;&gt;de algemene voorwaarden &lt;\/a&gt;'  id='choice_11_14_1'   \/>\n\t\t\t\t\t\t\t\t<label for='choice_11_14_1' id='label_11_14_1' class='gform-field-label gform-field-label--type-inline'>Ik ga akkoord met <a href=\"https:\/\/sunbytes.io\/general-terms-and-conditions\/\">de algemene voorwaarden <\/a><\/label>\n\t\t\t\t\t\t\t<\/div><\/div><\/div><\/fieldset><div id=\"field_11_15\" class=\"gfield gfield--type-captcha gfield--input-type-captcha gfield--width-full d-none field_sublabel_below gfield--no-description field_description_below hidden_label gfield_visibility_visible\"  data-js-reload=\"field_11_15\" ><label class='gfield_label gform-field-label' for='input_11_15'>Captcha<\/label><div id='input_11_15' class='ginput_container ginput_recaptcha' data-sitekey='6LeTwBcdAAAAAKDurfTYCHGQQNGUBiDURxfjNI3V'  data-theme='light' data-tabindex='-1' data-size='invisible' data-badge='bottomright'><\/div><\/div><div id=\"field_11_20\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below gfield_visibility_visible\"  data-js-reload=\"field_11_20\" ><label class='gfield_label gform-field-label' for='input_11_20'>Name<\/label><div class='ginput_container'><input name='input_20' id='input_11_20' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_11_20'>Dit veld is bedoeld voor validatiedoeleinden en moet niet worden gewijzigd.<\/div><\/div><\/div><\/div>\n        <div class='gform_footer top_label'> <input type='submit' id='gform_submit_button_11' class='gform_button button' value='Verstuur!'  onclick='if(window[\"gf_submitting_11\"]){return false;}  if( !jQuery(\"#gform_11\")[0].checkValidity || jQuery(\"#gform_11\")[0].checkValidity()){window[\"gf_submitting_11\"]=true;}  ' onkeypress='if( event.keyCode == 13 ){ if(window[\"gf_submitting_11\"]){return false;} if( !jQuery(\"#gform_11\")[0].checkValidity || jQuery(\"#gform_11\")[0].checkValidity()){window[\"gf_submitting_11\"]=true;}  jQuery(\"#gform_11\").trigger(\"submit\",[true]); }' \/> <input type='hidden' name='gform_ajax' value='form_id=11&amp;title=&amp;description=&amp;tabindex=0&amp;theme=gravity-theme' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_11' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='11' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_11' value='WyJbXSIsImMzZmY3ZDRjNjM0NWY0MGNlNjVlNjMzNWJlZThmMWVlIl0=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_target_page_number_11' id='gform_target_page_number_11' value='0' \/>\n            <input type='hidden' class='gform_hidden' name='gform_source_page_number_11' id='gform_source_page_number_11' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <p style=\"display: none !important;\" class=\"akismet-fields-container\" data-prefix=\"ak_\"><label>&#916;<textarea name=\"ak_hp_textarea\" cols=\"45\" rows=\"8\" maxlength=\"100\"><\/textarea><\/label><input type=\"hidden\" id=\"ak_js_1\" name=\"ak_js\" value=\"220\"\/><script>document.getElementById( \"ak_js_1\" ).setAttribute( \"value\", ( new Date() ).getTime() );<\/script><\/p><\/form>\n                        <\/div>\n\t\t                <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_11' id='gform_ajax_frame_11' title='Dit iframe bevat de vereiste logica om Ajax aangedreven Gravity Forms te verwerken.'><\/iframe>\n\t\t                <script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n gform.initializeOnLoaded( function() {gformInitSpinner( 11, 'https:\/\/sunbytes.io\/app\/plugins\/gravityforms\/images\/spinner.svg', true );jQuery('#gform_ajax_frame_11').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_11');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_11').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){jQuery('#gform_wrapper_11').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_11').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_11').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/ jQuery(document).scrollTop(jQuery('#gform_wrapper_11').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_11').val();gformInitSpinner( 11, 'https:\/\/sunbytes.io\/app\/plugins\/gravityforms\/images\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [11, current_page]);window['gf_submitting_11'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}setTimeout(function(){jQuery('#gform_wrapper_11').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_11').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [11]);window['gf_submitting_11'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_11').text());}, 50);}else{jQuery('#gform_11').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"11\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);                if (event.defaultPrevented) {                return;         }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_11\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_11\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_11\" );        let postRenderFired = false;                function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            jQuery( document ).trigger( 'gform_post_render', [11, current_page] );            gform.utils.trigger( { event: 'gform\/postRender', native: false, data: { formId: 11, currentPage: current_page } } );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} ); \n\/* ]]> *\/\n<\/script>\n\n                          <\/div>\n          <\/div>\n        <\/div>\n      <\/div>\n    <\/div>\n  <\/section>\n","protected":false},"excerpt":{"rendered":"<p>Veel gesprekken over NIS2 beginnen bij beleid.Maar veel echte incidenten beginnen ergens anders: Daarom behandelt NIS2 ketenrisico niet als een \u201coptionele extra\u201d. Het plaatst dit expliciet binnen de risicobeheersmaatregelen van Artikel 21 \u2014 inclusief de beveiligingsaspecten van je relaties met directe leveranciers of dienstverleners. Dit artikel is bewust praktisch opgezet. Geen juridische diepduiken, geen \u201cdownload &hellip; <a href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/\">Read more<\/a><\/p>\n","protected":false},"author":15,"featured_media":28307,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"editor_plus_copied_stylings":"{}","footnotes":""},"categories":[18,110],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>NIS2 Artikel 21 Supply Chain Security: Leveranciersrisico en Vendor Due Diligence voor EU-MKB<\/title>\n<meta name=\"description\" content=\"Een praktische, vertrouwen-gedreven gids voor NIS2 supply chain security (Artikel 21): wat \u201cdirecte leveranciers\u201d betekent, wat afnemers verwachten, en hoe EU-MKB-bedrijven verdedigbaar leveranciersrisico opbouwen.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/\" \/>\n<meta property=\"og:locale\" content=\"nl_NL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIS2 Artikel 21 Supply Chain Security: Leveranciersrisico en Vendor Due Diligence voor EU-MKB\" \/>\n<meta property=\"og:description\" content=\"Een praktische, vertrouwen-gedreven gids voor NIS2 supply chain security (Artikel 21): wat \u201cdirecte leveranciers\u201d betekent, wat afnemers verwachten, en hoe EU-MKB-bedrijven verdedigbaar leveranciersrisico opbouwen.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Tech and Talent Solutions - Sunbytes\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/sunbytes\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-01T11:08:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-04T07:29:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/NIS2-Article-21-Supply-Chain-Security-Supplier-Risk-Vendor-Due-Diligence-for-EU-SMEs.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Uyen Pham\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sunbytes\" \/>\n<meta name=\"twitter:site\" content=\"@sunbytes\" \/>\n<meta name=\"twitter:label1\" content=\"Geschreven door\" \/>\n\t<meta name=\"twitter:data1\" content=\"Uyen Pham\" \/>\n\t<meta name=\"twitter:label2\" content=\"Geschatte leestijd\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"name\":\"Sunbytes\",\"url\":\"https:\/\/sunbytes.io\/nl\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl\",\"@id\":\"https:\/\/sunbytes.io\/nl\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sunbytes.io\/app\/uploads\/2021\/10\/cropped-sunbytes-favicon.png\",\"contentUrl\":\"https:\/\/sunbytes.io\/app\/uploads\/2021\/10\/cropped-sunbytes-favicon.png\",\"width\":512,\"height\":512,\"caption\":\"Sunbytes\"},\"image\":{\"@id\":\"https:\/\/sunbytes.io\/nl\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/sunbytes\/\",\"https:\/\/twitter.com\/sunbytes\",\"https:\/\/www.linkedin.com\/company\/sunbytes\/\",\"https:\/\/www.linkedin.com\/company\/sunbytes-talent-solutions\/\"],\"knowsAbout\":[\"HR Solutions\",\"Payroll service\",\"EOR service\",\"Tech services\",\"Security services\"]},{\"@type\":\"Article\",\"@id\":\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/\"},\"author\":{\"name\":\"Uyen Pham\",\"@id\":\"https:\/\/sunbytes.io\/nl\/#\/schema\/person\/b83af19a3936b115f738a143c24bf4f2\"},\"headline\":\"NIS2 Artikel 21 Supply Chain Security: Leveranciersrisico en Vendor Due Diligence voor EU-MKB\",\"datePublished\":\"2026-02-01T11:08:06+00:00\",\"dateModified\":\"2026-02-04T07:29:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/\"},\"wordCount\":1042,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/sunbytes.io\/nl\/#organization\"},\"articleSection\":[\"Blog\",\"Cyberbeveiliging\"],\"inLanguage\":\"nl\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/\",\"url\":\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/\",\"name\":\"NIS2 Artikel 21 Supply Chain Security: Leveranciersrisico en Vendor Due Diligence voor EU-MKB\",\"isPartOf\":{\"@id\":\"https:\/\/sunbytes.io\/nl\/#website\"},\"datePublished\":\"2026-02-01T11:08:06+00:00\",\"dateModified\":\"2026-02-04T07:29:42+00:00\",\"description\":\"Een praktische, vertrouwen-gedreven gids voor NIS2 supply chain security (Artikel 21): wat \u201cdirecte leveranciers\u201d betekent, wat afnemers verwachten, en hoe EU-MKB-bedrijven verdedigbaar leveranciersrisico opbouwen.\",\"breadcrumb\":{\"@id\":\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#breadcrumb\"},\"inLanguage\":\"nl\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sunbytes.io\/nl\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\/\/sunbytes.io\/nl\/blog\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyberbeveiliging\",\"item\":\"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"NIS2 Artikel 21 Supply Chain Security: Leveranciersrisico en Vendor Due Diligence voor EU-MKB\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sunbytes.io\/nl\/#website\",\"url\":\"https:\/\/sunbytes.io\/nl\/\",\"name\":\"Sunbytes -Transform \u00b7 Secure \u00b7 Accelerate\",\"description\":\"Sunbytes is een bedrijf dat IT-personeelsuitbreiding en dedicated team ontwikkelaars op afstand aanbiedt\",\"publisher\":{\"@id\":\"https:\/\/sunbytes.io\/nl\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sunbytes.io\/nl\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"nl\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/sunbytes.io\/nl\/#\/schema\/person\/b83af19a3936b115f738a143c24bf4f2\",\"name\":\"Uyen Pham\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl\",\"@id\":\"https:\/\/sunbytes.io\/nl\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/31d5b4e1e1c2acb5adfbb5994df49738?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/31d5b4e1e1c2acb5adfbb5994df49738?s=96&d=mm&r=g\",\"caption\":\"Uyen Pham\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NIS2 Artikel 21 Supply Chain Security: Leveranciersrisico en Vendor Due Diligence voor EU-MKB","description":"Een praktische, vertrouwen-gedreven gids voor NIS2 supply chain security (Artikel 21): wat \u201cdirecte leveranciers\u201d betekent, wat afnemers verwachten, en hoe EU-MKB-bedrijven verdedigbaar leveranciersrisico opbouwen.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/","og_locale":"nl_NL","og_type":"article","og_title":"NIS2 Artikel 21 Supply Chain Security: Leveranciersrisico en Vendor Due Diligence voor EU-MKB","og_description":"Een praktische, vertrouwen-gedreven gids voor NIS2 supply chain security (Artikel 21): wat \u201cdirecte leveranciers\u201d betekent, wat afnemers verwachten, en hoe EU-MKB-bedrijven verdedigbaar leveranciersrisico opbouwen.","og_url":"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/","og_site_name":"Tech and Talent Solutions - Sunbytes","article_publisher":"https:\/\/www.facebook.com\/sunbytes\/","article_published_time":"2026-02-01T11:08:06+00:00","article_modified_time":"2026-02-04T07:29:42+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/sunbytes.io\/app\/uploads\/2026\/02\/NIS2-Article-21-Supply-Chain-Security-Supplier-Risk-Vendor-Due-Diligence-for-EU-SMEs.webp","type":"image\/webp"}],"author":"Uyen Pham","twitter_card":"summary_large_image","twitter_creator":"@sunbytes","twitter_site":"@sunbytes","twitter_misc":{"Geschreven door":"Uyen Pham","Geschatte leestijd":"6 minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","name":"Sunbytes","url":"https:\/\/sunbytes.io\/nl\/","logo":{"@type":"ImageObject","inLanguage":"nl","@id":"https:\/\/sunbytes.io\/nl\/#\/schema\/logo\/image\/","url":"https:\/\/sunbytes.io\/app\/uploads\/2021\/10\/cropped-sunbytes-favicon.png","contentUrl":"https:\/\/sunbytes.io\/app\/uploads\/2021\/10\/cropped-sunbytes-favicon.png","width":512,"height":512,"caption":"Sunbytes"},"image":{"@id":"https:\/\/sunbytes.io\/nl\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/sunbytes\/","https:\/\/twitter.com\/sunbytes","https:\/\/www.linkedin.com\/company\/sunbytes\/","https:\/\/www.linkedin.com\/company\/sunbytes-talent-solutions\/"],"knowsAbout":["HR Solutions","Payroll service","EOR service","Tech services","Security services"]},{"@type":"Article","@id":"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#article","isPartOf":{"@id":"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/"},"author":{"name":"Uyen Pham","@id":"https:\/\/sunbytes.io\/nl\/#\/schema\/person\/b83af19a3936b115f738a143c24bf4f2"},"headline":"NIS2 Artikel 21 Supply Chain Security: Leveranciersrisico en Vendor Due Diligence voor EU-MKB","datePublished":"2026-02-01T11:08:06+00:00","dateModified":"2026-02-04T07:29:42+00:00","mainEntityOfPage":{"@id":"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/"},"wordCount":1042,"commentCount":0,"publisher":{"@id":"https:\/\/sunbytes.io\/nl\/#organization"},"articleSection":["Blog","Cyberbeveiliging"],"inLanguage":"nl","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/","url":"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/","name":"NIS2 Artikel 21 Supply Chain Security: Leveranciersrisico en Vendor Due Diligence voor EU-MKB","isPartOf":{"@id":"https:\/\/sunbytes.io\/nl\/#website"},"datePublished":"2026-02-01T11:08:06+00:00","dateModified":"2026-02-04T07:29:42+00:00","description":"Een praktische, vertrouwen-gedreven gids voor NIS2 supply chain security (Artikel 21): wat \u201cdirecte leveranciers\u201d betekent, wat afnemers verwachten, en hoe EU-MKB-bedrijven verdedigbaar leveranciersrisico opbouwen.","breadcrumb":{"@id":"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#breadcrumb"},"inLanguage":"nl","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/nis2-article-21-supply-chain-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sunbytes.io\/nl\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/sunbytes.io\/nl\/blog\/"},{"@type":"ListItem","position":3,"name":"Cyberbeveiliging","item":"https:\/\/sunbytes.io\/nl\/blog\/cyberbeveiliging\/"},{"@type":"ListItem","position":4,"name":"NIS2 Artikel 21 Supply Chain Security: Leveranciersrisico en Vendor Due Diligence voor EU-MKB"}]},{"@type":"WebSite","@id":"https:\/\/sunbytes.io\/nl\/#website","url":"https:\/\/sunbytes.io\/nl\/","name":"Sunbytes -Transform \u00b7 Secure \u00b7 Accelerate","description":"Sunbytes is een bedrijf dat IT-personeelsuitbreiding en dedicated team ontwikkelaars op afstand aanbiedt","publisher":{"@id":"https:\/\/sunbytes.io\/nl\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sunbytes.io\/nl\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"nl"},{"@type":"Person","@id":"https:\/\/sunbytes.io\/nl\/#\/schema\/person\/b83af19a3936b115f738a143c24bf4f2","name":"Uyen Pham","image":{"@type":"ImageObject","inLanguage":"nl","@id":"https:\/\/sunbytes.io\/nl\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/31d5b4e1e1c2acb5adfbb5994df49738?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/31d5b4e1e1c2acb5adfbb5994df49738?s=96&d=mm&r=g","caption":"Uyen Pham"}}]}},"_links":{"self":[{"href":"https:\/\/sunbytes.io\/nl\/wp-json\/wp\/v2\/posts\/28300"}],"collection":[{"href":"https:\/\/sunbytes.io\/nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sunbytes.io\/nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sunbytes.io\/nl\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/sunbytes.io\/nl\/wp-json\/wp\/v2\/comments?post=28300"}],"version-history":[{"count":0,"href":"https:\/\/sunbytes.io\/nl\/wp-json\/wp\/v2\/posts\/28300\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sunbytes.io\/nl\/wp-json\/wp\/v2\/media\/28307"}],"wp:attachment":[{"href":"https:\/\/sunbytes.io\/nl\/wp-json\/wp\/v2\/media?parent=28300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sunbytes.io\/nl\/wp-json\/wp\/v2\/categories?post=28300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sunbytes.io\/nl\/wp-json\/wp\/v2\/tags?post=28300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}