Skip to main content
B-Brave GatekeeperB-Brave Gatekeeper

Use Cases

IT ManagersAsset visibility, compliance & ITSMSecurity TeamsSIEM, threat intel & incident responseMSPsMulti-tenant management at scale

Solutions

NIS2 for MunicipalitiesArt. 21–23 compliance for local governmentBIO for GovernmentBaseline Informatiebeveiliging OverheidMSP Multi-tenantMulti-tenant architecture for service providersAir-gapped DeploymentFully isolated, zero internet dependencyOn-prem vs HybridChoose the right deployment modelHealthcareMedical device security & NEN 7510Finance & DORAICT risk management for financial servicesUtilities & OTSCADA/ICS security for critical infrastructureEducationCampus network security & BYOD management

Resources

CustomersAPI & DevelopersDocumentationCompareResource Centre
PricingAboutSupport
Datacenters
Try Demo EnvironmentSign In Follow us on LinkedIn
HomeNIS2 for Municipalities
NIS2 / Wbni compliance

NIS2 compliance for
municipalities and public bodies

The NIS2 Directive — implemented in the Netherlands as Wbni — classifies municipalities with more than 50 employees as "important entities" with binding cybersecurity obligations. Gatekeeper maps directly to Articles 20–23 and automates the incident detection, reporting, and risk management requirements your organisation must meet.

  • Art. 21 risk management
  • Art. 23 incident reporting (24h/72h/1m)
  • MFA & access control
  • Audit-trail & evidence
Start NIS2 compliance

Article-by-article coverage

How Gatekeeper satisfies NIS2 obligations

Each card shows the directive requirement and the specific Gatekeeper capability that covers it.

Art. 21

Risk Management

“Implement technical and organisational measures proportionate to cybersecurity risks.”

Gatekeeper coverage

Auto-discovered CMDB, CVE-to-asset mapping, risk scoring per device, and continuous vulnerability tracking across your entire network.

Art. 23

Incident Reporting

“24h early warning, 72h detailed report, and 1-month final report to CSIRT / NCSC-NL.”

Gatekeeper coverage

SIEM alerts trigger incident creation and start the NIS2 reporting clock. Automated escalation fires before each deadline. One-click PDF export for NCSC submissions.

Art. 21(2)(d)

Supply Chain Security

“Address cybersecurity in relationships with direct suppliers and service providers.”

Gatekeeper coverage

Network discovery maps every vendor device. CVE tracking flags vulnerabilities by manufacturer. Dark web monitoring checks for leaked supplier credentials.

Art. 29

Access Control & MFA

“Multi-factor authentication and secure communication channels are mandatory for important entities.”

Gatekeeper coverage

Built-in TOTP MFA for all users, role-based access control per tenant, encrypted credentials vault, and Active Directory integration with policy enforcement.

Art. 20

Governance & Oversight

“Management bodies must approve cybersecurity measures and receive adequate training.”

Gatekeeper coverage

Executive compliance dashboards, automated AI-generated reports, full audit-trail activity logs, and one-click evidence packages for councillors and auditors.

Art. 21(2)(j)

Vulnerability Disclosure

“Maintain policies for handling and disclosing vulnerabilities.”

Gatekeeper coverage

Centralised vulnerability register with SIEM correlation. SOAR playbooks automate triage, assignment, and remediation workflows per CVE severity.

Art. 23 reporting obligations

Never miss a reporting deadline

Gatekeeper starts the NIS2 reporting clock the moment a significant incident is detected or created. Automated escalation notifications fire ahead of each legal deadline.

≤ 24 hours

Early warning

Initial notification to CSIRT / NCSC-NL. Gatekeeper auto-drafts the summary from SIEM alert data and incident metadata.

≤ 72 hours

Incident notification

Full incident report with preliminary impact assessment, classification (significant/major), and initial containment measures.

≤ 1 month

Final report

Detailed report with root cause analysis, full impact scope, lessons learned, and permanent mitigations. PDF export included.

Built-in capabilities

Everything municipalities need

NIS2 compliance framework

Pre-mapped NIS2 control set with evidence upload and coverage percentage tracking per control.

24 / 72h SLA timers

Reporting clock starts at SIEM alert creation. Escalation notifications fire automatically before deadline.

Asset register (CMDB)

Auto-discovered inventory across all sites and network segments, required by Art. 21.

CVE-to-asset mapping

CISA KEV and NVD feeds flagged against every device in your CMDB in real time.

Dark web monitoring

Continuous scanning for leaked credentials tied to your municipality's email domains.

Audit-ready reports

AI-generated PDF reports for college van B&W, auditors, and NCSC-NL submissions.

Ready to comply

Bring your municipality into NIS2 compliance

Contact us for a tailored demo for your organisation or gemeentelijk samenwerkingsverband.

Sign in to Gatekeeper

Explore more solutions

See how Gatekeeper fits your specific environment

BIO for Government

Baseline Informatiebeveiliging Overheid

Learn more

MSP Multi-tenant

Multi-tenant architecture for service providers

Learn more

Air-gapped Deployment

Fully isolated, zero internet dependency

Learn more

On-prem vs Hybrid

Choose the right deployment model

Learn more

Healthcare

Medical device security & NEN 7510

Learn more

Finance & DORA

ICT risk management for financial services

Learn more

Utilities & OT

SCADA/ICS security for critical infrastructure

Learn more

Education

Campus network security & BYOD management

Learn more

Cookie Preferences

We use cookies to ensure the platform works correctly, remember your settings, and improve your experience.

© B-Brave Gatekeeper 2026