The Cybersecurity Act (NIS2) is coming: how Linqur safeguards your security

What does the new Cybersecurity Act involve?

The Cybersecurity Act is the Dutch implementation of the European NIS2 directive. Its goal is straightforward: strengthening Europe’s digital resilience. Where its predecessor focused mainly on a small group of critical operators, this new legislation applies to a much broader range of organisations.

The law requires organisations to demonstrate that they operate securely. This means not only responding to incidents after they occur, but taking appropriate preventive measures to reduce risk. It also introduces a strict obligation to report digital incidents.

Many organisations using Linqur either fall directly under this law or provide services to organisations that do. This means your supply chain security must be in order. You need confidence that your suppliers, including Linqur, meet the required standards.

Linqur is fully prepared for the future

Transparency matters to us. We want you to know exactly where you stand. The good news is that Linqur has been working according to strict international information security standards for years. We do not wait for legislation to take effect. Security is built into how we operate.

The foundation of our security approach is our ISO 27001 certified management system. This allows us to meet the core requirements that the Cybersecurity Act places on suppliers.

Risk management and continuity

Risk management is at the heart of the new legislation. You must understand potential threats and how to mitigate them. At Linqur we address this through several concrete measures.

1. Annual risk assessments: We proactively identify potential vulnerabilities and address them.
2. Regular testing: Our security controls are tested on a recurring basis to ensure they work as intended.
3. Incident and data breach procedures: If something does go wrong, clear protocols are activated to limit impact and inform relevant parties.
4. Backups and failover: Continuity is a priority. With robust backup strategies and failover systems, our services remain available even during disruptions.

Concrete security measures: how we protect your data

Compliance goes beyond policies and documentation. It also depends on how the platform is built and operated. To provide strong protection, we apply a layered security approach.

Monitoring, logging and detection

Understanding what happens on the platform is a key part of security. We maintain detailed logs of all critical actions, allowing us to respond quickly to unusual behaviour. System availability is monitored around the clock and we actively scan for threats.

Access to management systems is tightly controlled. Only authorised staff have access and this is always protected by multi factor authentication. This ensures that access points remain secure.

Supply chain control: supplier assessment

Just as you rely on Linqur, we rely on our own suppliers. Under the Cybersecurity Act you are responsible for your entire supply chain. All third parties processing data on our behalf operate under strict data processing agreements. We assess critical suppliers annually against ISO criteria to confirm that their security standards match our own.

Privacy by design

Security is not an afterthought in our development process. We apply Privacy by Design and Security by Design principles. Every new feature is assessed against risk, data minimisation and security requirements drawn from GDPR, NIS2 and CIS Controls.

What does this mean for you as a customer?

You may wonder how all of this affects your daily work. In short, it makes your work simpler and safer.

1. Confident use in regulated sectors

Do you work with clients in healthcare, government, education or critical infrastructure? These sectors demand high security standards. Because Linqur meets these requirements, you can use our platform without concerns about compliance gaps.

2. Support during audits

Facing an audit or internal compliance review? We support you with up to date processing agreements, a clear data processing register and relevant security documentation. We can also assist with Data Protection Impact Assessments when needed.

3. No technical burden

We handle the technical and organisational requirements for you. There is no need to build complex solutions or implement heavy security controls around the distribution platform yourself. This saves time, cost and unnecessary effort.

4. Demonstrable quality

With ISO 27001 certification and alignment with the Cybersecurity Act, you have a strong story for your own customers. You can clearly show that your digital learning environment meets recognised standards.

Security and continuity in practice

To make this even more concrete, below is an overview of the technical measures we apply by default to keep your data secure.

• Hosting fully in the Netherlands, ensuring data sovereignty and privacy.
• Encryption of all connections using modern TLS standards.
• Daily automated backups to prevent data loss.
• Secure integrations through protected API connections and LTI 1.3.
• Vulnerability management through periodic penetration testing to identify weaknesses early.

Building a secure future together

The introduction of the Cybersecurity Act marks an important step for digital security across the Netherlands. At Linqur we see this not as a burden but as confirmation of the direction we have followed for years.

We continue to invest in cybersecurity, continuity and compliance so you meet all requirements today and in the future. You can focus on creating and distributing high quality training, while we make sure the infrastructure behind it remains secure.

Would you like to know more about our security approach or discuss your specific situation? Feel free to get in touch. We are happy to help.