{"id":10589,"date":"2025-11-17T09:00:00","date_gmt":"2025-11-17T08:00:00","guid":{"rendered":"https:\/\/msafe.co\/?p=10589"},"modified":"2025-11-19T08:14:13","modified_gmt":"2025-11-19T07:14:13","slug":"aantoonbare-compliance-in-2026-nis2-dora-ai-act","status":"publish","type":"post","link":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/","title":{"rendered":"Aantoonbare compliance: gids voor 2026 (NIS2\/DORA\/AI)"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\">Compliance 2026: van \u2018voldoen\u2019 naar \u2018aantonen\u2019<\/h1>\n\n<p><em>Hoe je NIS2, DORA en de AI Act operationeel maakt met dagelijkse bewijslast.<\/em><\/p>\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\u201cDe kernvraag verschuift van \u2018voldoen we?\u2019 naar \u2018kunnen we dat elke dag aantonen?\u2019\u201d<\/p><\/blockquote><\/figure>\n\n<p><strong><a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/eu-ai-act\" target=\"_blank\" rel=\"noreferrer noopener\">Nieuwe EU\u2011kaders <\/a><\/strong>maken van compliance een bestuursvraagstuk. Het gaat niet langer alleen om beleid, maar om doorlopend <strong>bewijs<\/strong> dat processen werken: logsporen, attesten en rapportages die realtime inzicht geven in risico\u2019s en uitzonderingen. Dit stuk schetst wat er in 2026 verandert, waarom beleid all\u00e9\u00e9n niet volstaat en hoe je met een <strong>gelaagde architectuur<\/strong> aantoonbare compliance bereikt, zonder de werkvloer te vertragen.<\/p>\n\n<h2 class=\"wp-block-heading\">Wat verandert er in 2026?<\/h2>\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/msafe.co\/blog\/nis2-is-not-just-about-cybersecurity-but-also-about-business-continuity\/\" target=\"_blank\" rel=\"noreferrer noopener\">NIS2<\/a><\/strong> vergroot de reikwijdte (o.a. energie, zorg, kritieke productie, publieke sector) en legt nadruk op risicobeheer, logging\/monitoring en <strong>meldplichten<\/strong>\u2014met verantwoordelijkheid op bestuursniveau.<\/li>\n\n\n\n<li><strong>DORA<\/strong> (sinds 17 jan 2025 van toepassing in finance) verplicht ICT\u2011risicomanagement, incidentclassificatie &amp; \u2011rapportage, resilience\u2011testing en toezicht op kritieke ICT\u2011derden.<\/li>\n\n\n\n<li><strong>EU AI Act<\/strong> wordt in 2026 breed van kracht; inzet en ontwikkeling van hoog\u2011risico\u2011AI vraagt documentatie, menselijk toezicht en traceerbaarheid.<\/li>\n<\/ul>\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\u201cCompliance verschuift van momentopname naar doorlopend bewijs.\u201d<\/p><\/blockquote><\/figure>\n\n<h2 class=\"wp-block-heading\">Van beleid naar systeem<\/h2>\n\n<p>Papier is geduldig\u2014processen niet. In de praktijk ontstaan risico\u2019s in alledaagse handelingen: een bestand dat buiten de afgesproken route wordt gedeeld, een onduidelijke retentie, een vergeten toegangsrecht. Wie aantoonbaar compliant wil zijn, vertaalt beleid naar <strong>meetbare controls<\/strong> en <strong><a href=\"https:\/\/msafe.co\/features\/connecting-compliance-how-the-msafe-api-integrates-secure-file-transfer-into-every-organization\/\" target=\"_blank\" rel=\"noreferrer noopener\">geautomatiseerde bewijslast<\/a><\/strong>.<\/p>\n\n<h3 class=\"wp-block-heading\">Wat verandert er in aanpak<\/h3>\n\n<ul class=\"wp-block-list\">\n<li>Van checklist naar <strong>control\u2011evidence<\/strong> (wie\/wat\/wanneer\/waar).<\/li>\n\n\n\n<li>Van losse tools naar <strong>koppelingen<\/strong> (IAM\/SIEM\/ITSM\/Privacy\/TPRM \u2194 GRC).<\/li>\n\n\n\n<li>Van rapport achteraf naar <strong>live dashboards<\/strong> voor bestuur en audit.<\/li>\n<\/ul>\n\n<h2 class=\"wp-block-heading\">De gelaagde architectuur (3 lagen die werken)<\/h2>\n\n<h3 class=\"wp-block-heading\">1) Besturing &amp; bewijs (GRC\/ISMS)<\/h3>\n\n<p>Integreer beleid, risicoregister, controlebibliotheek, audits en <strong>bewijslast<\/strong> in \u00e9\u00e9n platform. Map op kaders zoals NIST CSF en ISO\/IEC 27001 en lever standaardrapportages voor management, audit en toezichthouders.<\/p>\n\n<h3 class=\"wp-block-heading\">2) Dagelijkse samenwerking &amp; veilige bestandsuitwisseling (secure\/managed file transfer)<\/h3>\n\n<p>Een groot deel van incidenten ontstaat rond <strong>gegevensdeling<\/strong>. Eisen voor secure\/managed file transfer: end\u2011to\u2011end <strong>encryptie<\/strong>, sterke authenticatie, <strong>volledige audit\u2011trail<\/strong>, <strong>retentie\/vernietiging<\/strong> en <strong>koppelbaarheid<\/strong> met SIEM en GRC. Doel: delen net zo eenvoudig als e\u2011mail, maar met aantoonbaarheid ingebouwd.<\/p>\n\n<h3 class=\"wp-block-heading\">3) Keten &amp; privacy (TPRM + AVG\u2011hygi\u00ebne)<\/h3>\n\n<p>Zorg voor een actueel verwerkingsregister (RoPA), DPIA\u2011workflows, rechtenverzoeken en datalekprocessen. Beheer <strong>derdepartij\u2011risico<\/strong> via vragenlijsten, contractclausules en opvolging. Sectorregels (zoals finance) kunnen opname\/archivering en retentie\u2011eisen toevoegen.<\/p>\n\n<p><em>Uitkomst: deze drie lagen vormen samen een <strong>bewijsfabriek<\/strong>, geen snapshots, maar continu zicht op naleving.<\/em><\/p>\n\n<h2 class=\"wp-block-heading\">Integratie boven fragmentatie<\/h2>\n\n<ul class=\"wp-block-list\">\n<li>Secure\u2011transfer\u2011logs \u2192 <strong>GRC<\/strong> (control\u2011evidence).<\/li>\n\n\n\n<li>IAM\u2011afwijkingen \u2192 <strong>risicoraamwerk<\/strong> (automatische issues).<\/li>\n\n\n\n<li>SIEM\u2011events \u2192 <strong>incidentflows<\/strong> (meldplichten &amp; rapportage).<\/li>\n\n\n\n<li>DPIA\u2011uitkomsten \u2192 <strong>project\/change\u2011management<\/strong> (go\/no\u2011go met bewijs).<\/li>\n<\/ul>\n\n<p><strong>Praktijkhint:<\/strong> werk met vaste <code>control\u2011ID\u2019s<\/code> (bijv. <code>SEC-FT-LOG-001<\/code>) in alle systemen; zo herleid je elk event tot de control die erop toeziet.<\/p>\n\n<h2 class=\"wp-block-heading\">De menselijke factor<\/h2>\n\n<p>Techniek helpt, maar gedrag beslist. Processen moeten begrijpelijk en eenvoudig zijn; anders zoeken teams omwegen (mail, gedeelde drives, gratis tools). Kies oplossingen die naadloos in het dagelijkse werk passen en versterk met <strong>rol\u2011specifieke awareness<\/strong>.<\/p>\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\u201cMaak het juiste gedrag de makkelijkste optie.\u201d<\/p><\/blockquote><\/figure>\n\n<div class=\"wp-block-group expertkader-msafe is-layout-flow wp-block-group-is-layout-flow\">\n<h2 class=\"wp-block-heading\">Expertkader \u2014 Msafe (kennisbijdrage)<\/h2>\n\n\n\n<p><em>Geen verkooppraatje, w\u00e9l lessen uit de praktijk van secure file transfer.<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Waar compliance vaak stukloopt bij datadeling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Bewijs ontbreekt<\/strong>: onvolledige of niet\u2011herleidbare logs.<\/li>\n\n\n\n<li><strong>Beleid \u2260 praktijk<\/strong>: retentie en toegangsrechten niet technisch afdwingbaar.<\/li>\n\n\n\n<li><strong>Ketenlek<\/strong>: externe partijen halen het beveiligings\u2011 en logging\u2011niveau niet.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Msafe\u2019s best\u2011practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Encryptie + sleutelbeheer<\/strong> onder EU\u2011jurisdictie; SSO\/MFA als norm.<\/li>\n\n\n\n<li><strong>Volledige audit\u2011trail<\/strong> (onveranderbaar), export naar SIEM\/GRC en evidence on demand.<\/li>\n\n\n\n<li><strong>Policy\u2011based retentie<\/strong> en legal hold\/eDiscovery waar nodig.<\/li>\n\n\n\n<li><strong>Integraties<\/strong> (API\/webhooks\/connectoren) om bewijslast te automatiseren.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\u201cEchte aantoonbaarheid ontstaat waar beleid, techniek en logs samenkomen.\u201d<\/p><\/blockquote><\/figure>\n<\/div>\n\n<h2 class=\"wp-block-heading\">Vijf stappen naar aantoonbare compliance<\/h2>\n\n<ul class=\"wp-block-list\">\n<li><strong>Scope &amp; deadlines<\/strong> bepalen (NIS2, DORA, AI Act, AVG).<\/li>\n\n\n\n<li><strong>GRC\/ISMS<\/strong> als kapstok: controles, owners, toetskalender, rapportage.<\/li>\n\n\n\n<li><strong>Beveilig uitwisseling<\/strong>: secure file transfer met end\u2011to\u2011end logging.<\/li>\n\n\n\n<li><strong>Automatiseer bewijslast<\/strong>: IAM\/SIEM\/TPRM\/Privacy \u2194 GRC.<\/li>\n\n\n\n<li><strong>Oefen &amp; verbeter<\/strong>: tabletop\u2011oefeningen en periodieke managementreviews.<\/li>\n<\/ul>\n\n<h2 class=\"wp-block-heading\">Checklist voor bestuurders (snelle board\u2011scan)<\/h2>\n\n<ul class=\"wp-block-list\">\n<li><strong>Meldprocessen<\/strong> met harde deadlines (early warning, melding, eindrapport).<\/li>\n\n\n\n<li><strong>GRC\u2011dashboard<\/strong> met live status per control en open issues.<\/li>\n\n\n\n<li>Secure file transfer levert <strong>forensisch bruikbare logs<\/strong> (exporteerbaar).<\/li>\n\n\n\n<li><strong>RoPA\/DPIA\u2019s<\/strong> actueel en gekoppeld aan projecten\/changes.<\/li>\n\n\n\n<li><strong>Derdepartijen<\/strong> contractueel op beveiliging\/logging getoetst.<\/li>\n\n\n\n<li><strong>Retentie\/back\u2011ups<\/strong> beleidsgestuurd en aantoonbaar getest.<\/li>\n\n\n\n<li><strong>Awareness<\/strong> rol\u2011specifiek en meetbaar (attesten, simulaties).<\/li>\n\n\n\n<li><strong>Evidence\u2011export<\/strong> voor audit\/toezichthouder binnen handbereik.<\/li>\n<\/ul>\n\n<h2 class=\"wp-block-heading\">FAQ<\/h2>\n\n<h3 class=\"wp-block-heading\">Wanneer geldt de AI Act?<\/h3>\n\n<p>De AI Act kent een gefaseerde toepassing van 2025 tot en met 2027. De meeste kernverplichtingen vallen in 2026; raadpleeg de offici\u00eble tijdlijn voor details.<\/p>\n\n<h3 class=\"wp-block-heading\">Wat vraagt NIS2 praktisch van ons?<\/h3>\n\n<p><a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/nis2\"><strong>Governance op bestuursniveau<\/strong><\/a>, risicobeheer, logging\/monitoring en tijdige melding van incidenten. Integreer meldprocessen in je incident\u2011 en GRC\u2011flows.<\/p>\n\n<h3 class=\"wp-block-heading\">Wat verandert DORA voor financi\u00eble instellingen en leveranciers?<\/h3>\n\n<p>Sinds 17 januari 2025 van toepassing: uniforme eisen voor ICT\u2011risico, incidentrapportage, resilience\u2011testing (incl. TLPT waar relevant) en toezicht op kritieke ICT\u2011dienstverleners.<\/p>\n\n<h3 class=\"wp-block-heading\">Is EU\u2011datahosting verplicht onder de AVG?<\/h3>\n\n<p>Nee. Data\u2011lokalisatie is niet verplicht. Doorgiften buiten de EER zijn toegestaan onder voorwaarden (bijv. adequaatheidsbesluit, SCC\u2019s en aanvullende maatregelen). EU\u2011hosting kan wel risico\u2019s verlagen.<\/p>\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-fill\"><a class=\"wp-block-button__link has-theme-color-link-color has-theme-color-bg-color-background-color has-text-color has-background has-link-color has-border-color has-theme-color-link-border-color wp-element-button\" href=\"https:\/\/msafe.co\/contact\/\" style=\"border-width:3px\">Plan een 30\u2011minuten kennisgesprek<\/a><\/div>\n\n\n\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/msafe.co\/wp-content\/uploads\/2025\/11\/Msafe-White-paper-Aantoonbare-compliance-in-2026.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Download onze whitepaper<\/strong><\/a><\/div>\n<\/div>\n\n<p><em>Door het Msafe Research &amp; Compliance Team<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nieuwe EU\u2011kaders maken van compliance een bestuursvraagstuk. Het gaat niet langer alleen om beleid, maar om doorlopend bewijs dat processen werken: logsporen, attesten en rapportages die realtime inzicht geven in risico\u2019s en uitzonderingen. Dit stuk schetst wat er in 2026 verandert, waarom beleid all\u00e9\u00e9n niet volstaat en hoe je met een gelaagde architectuur aantoonbare compliance bereikt, zonder de werkvloer te vertragen.<\/p>\n","protected":false},"author":1,"featured_media":10591,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[79],"tags":[83,105,92],"class_list":["post-10589","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-compliance","tag-nis2-dora-aiact","tag-secure-file-sharing-nl"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Aantoonbare compliance in 2026: NIS2, DORA &amp; AI Act<\/title>\n<meta name=\"description\" content=\"Zo bouw je aantoonbare compliance met een 3\u2011lagenmodel (GRC, secure file transfer, privacy\/keten) en integreer je bewijs in dashboards.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/\" \/>\n<meta property=\"og:locale\" content=\"nl_NL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Aantoonbare compliance in 2026: NIS2, DORA &amp; AI Act\" \/>\n<meta property=\"og:description\" content=\"Zo bouw je aantoonbare compliance met een 3\u2011lagenmodel (GRC, secure file transfer, privacy\/keten) en integreer je bewijs in dashboards.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/\" \/>\n<meta property=\"og:site_name\" content=\"Msafe\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-17T08:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-19T07:14:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/msafe.co\/wp-content\/uploads\/2025\/11\/Aantoonbare-compliance-in-2026-NIS2-DORA-AI-Act.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"562\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Msafe redactie\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Geschreven door\" \/>\n\t<meta name=\"twitter:data1\" content=\"Msafe redactie\" \/>\n\t<meta name=\"twitter:label2\" content=\"Geschatte leestijd\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/\"},\"author\":{\"name\":\"Msafe redactie\",\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/#\\\/schema\\\/person\\\/d4741d07e631a9f7b964edc746538f7a\"},\"headline\":\"Aantoonbare compliance: gids voor 2026 (NIS2\\\/DORA\\\/AI)\",\"datePublished\":\"2025-11-17T08:00:00+00:00\",\"dateModified\":\"2025-11-19T07:14:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/\"},\"wordCount\":841,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/msafe.co\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Aantoonbare-compliance-in-2026-NIS2-DORA-AI-Act.webp\",\"keywords\":[\"Compliance\",\"NIS2\\\/DORA\\\/AiAct\",\"Secure File Sharing\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"nl-NL\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/\",\"url\":\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/\",\"name\":\"Aantoonbare compliance in 2026: NIS2, DORA & AI Act\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/msafe.co\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Aantoonbare-compliance-in-2026-NIS2-DORA-AI-Act.webp\",\"datePublished\":\"2025-11-17T08:00:00+00:00\",\"dateModified\":\"2025-11-19T07:14:13+00:00\",\"description\":\"Zo bouw je aantoonbare compliance met een 3\u2011lagenmodel (GRC, secure file transfer, privacy\\\/keten) en integreer je bewijs in dashboards.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/#breadcrumb\"},\"inLanguage\":\"nl-NL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/#primaryimage\",\"url\":\"https:\\\/\\\/msafe.co\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Aantoonbare-compliance-in-2026-NIS2-DORA-AI-Act.webp\",\"contentUrl\":\"https:\\\/\\\/msafe.co\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Aantoonbare-compliance-in-2026-NIS2-DORA-AI-Act.webp\",\"width\":1000,\"height\":562,\"caption\":\"Aantoonbare compliance in 2026: NIS2, DORA & AI Act\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/blog\\\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/msafe.co\\\/nl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Aantoonbare compliance: gids voor 2026 (NIS2\\\/DORA\\\/AI)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/#website\",\"url\":\"https:\\\/\\\/msafe.co\\\/nl\\\/\",\"name\":\"Msafe\",\"description\":\"Secure Software Solutions\",\"publisher\":{\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/msafe.co\\\/nl\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"nl-NL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/#organization\",\"name\":\"Msafe\",\"url\":\"https:\\\/\\\/msafe.co\\\/nl\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/msafe.co\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/mSafe-Logo-2025-scaled.png\",\"contentUrl\":\"https:\\\/\\\/msafe.co\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/mSafe-Logo-2025-scaled.png\",\"width\":2560,\"height\":842,\"caption\":\"Msafe\"},\"image\":{\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/msafe.co\\\/nl\\\/#\\\/schema\\\/person\\\/d4741d07e631a9f7b964edc746538f7a\",\"name\":\"Msafe redactie\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4985b4db7a48f7f525709d82749666e7f9dab32cd8ffb673e37f75bae5f49ba9?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4985b4db7a48f7f525709d82749666e7f9dab32cd8ffb673e37f75bae5f49ba9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4985b4db7a48f7f525709d82749666e7f9dab32cd8ffb673e37f75bae5f49ba9?s=96&d=mm&r=g\",\"caption\":\"Msafe redactie\"},\"sameAs\":[\"https:\\\/\\\/msafe.co\"],\"url\":\"https:\\\/\\\/msafe.co\\\/nl\\\/author\\\/hennie_zcnxdom9\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Aantoonbare compliance in 2026: NIS2, DORA & AI Act","description":"Zo bouw je aantoonbare compliance met een 3\u2011lagenmodel (GRC, secure file transfer, privacy\/keten) en integreer je bewijs in dashboards.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/","og_locale":"nl_NL","og_type":"article","og_title":"Aantoonbare compliance in 2026: NIS2, DORA & AI Act","og_description":"Zo bouw je aantoonbare compliance met een 3\u2011lagenmodel (GRC, secure file transfer, privacy\/keten) en integreer je bewijs in dashboards.","og_url":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/","og_site_name":"Msafe","article_published_time":"2025-11-17T08:00:00+00:00","article_modified_time":"2025-11-19T07:14:13+00:00","og_image":[{"width":1000,"height":562,"url":"https:\/\/msafe.co\/wp-content\/uploads\/2025\/11\/Aantoonbare-compliance-in-2026-NIS2-DORA-AI-Act.webp","type":"image\/webp"}],"author":"Msafe redactie","twitter_card":"summary_large_image","twitter_misc":{"Geschreven door":"Msafe redactie","Geschatte leestijd":"4 minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/#article","isPartOf":{"@id":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/"},"author":{"name":"Msafe redactie","@id":"https:\/\/msafe.co\/nl\/#\/schema\/person\/d4741d07e631a9f7b964edc746538f7a"},"headline":"Aantoonbare compliance: gids voor 2026 (NIS2\/DORA\/AI)","datePublished":"2025-11-17T08:00:00+00:00","dateModified":"2025-11-19T07:14:13+00:00","mainEntityOfPage":{"@id":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/"},"wordCount":841,"commentCount":0,"publisher":{"@id":"https:\/\/msafe.co\/nl\/#organization"},"image":{"@id":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/#primaryimage"},"thumbnailUrl":"https:\/\/msafe.co\/wp-content\/uploads\/2025\/11\/Aantoonbare-compliance-in-2026-NIS2-DORA-AI-Act.webp","keywords":["Compliance","NIS2\/DORA\/AiAct","Secure File Sharing"],"articleSection":["Blog"],"inLanguage":"nl-NL","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/","url":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/","name":"Aantoonbare compliance in 2026: NIS2, DORA & AI Act","isPartOf":{"@id":"https:\/\/msafe.co\/nl\/#website"},"primaryImageOfPage":{"@id":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/#primaryimage"},"image":{"@id":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/#primaryimage"},"thumbnailUrl":"https:\/\/msafe.co\/wp-content\/uploads\/2025\/11\/Aantoonbare-compliance-in-2026-NIS2-DORA-AI-Act.webp","datePublished":"2025-11-17T08:00:00+00:00","dateModified":"2025-11-19T07:14:13+00:00","description":"Zo bouw je aantoonbare compliance met een 3\u2011lagenmodel (GRC, secure file transfer, privacy\/keten) en integreer je bewijs in dashboards.","breadcrumb":{"@id":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/#breadcrumb"},"inLanguage":"nl-NL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/"]}]},{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/#primaryimage","url":"https:\/\/msafe.co\/wp-content\/uploads\/2025\/11\/Aantoonbare-compliance-in-2026-NIS2-DORA-AI-Act.webp","contentUrl":"https:\/\/msafe.co\/wp-content\/uploads\/2025\/11\/Aantoonbare-compliance-in-2026-NIS2-DORA-AI-Act.webp","width":1000,"height":562,"caption":"Aantoonbare compliance in 2026: NIS2, DORA & AI Act"},{"@type":"BreadcrumbList","@id":"https:\/\/msafe.co\/nl\/blog\/aantoonbare-compliance-in-2026-nis2-dora-ai-act\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/msafe.co\/nl\/"},{"@type":"ListItem","position":2,"name":"Aantoonbare compliance: gids voor 2026 (NIS2\/DORA\/AI)"}]},{"@type":"WebSite","@id":"https:\/\/msafe.co\/nl\/#website","url":"https:\/\/msafe.co\/nl\/","name":"Msafe","description":"Secure Software Solutions","publisher":{"@id":"https:\/\/msafe.co\/nl\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/msafe.co\/nl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"nl-NL"},{"@type":"Organization","@id":"https:\/\/msafe.co\/nl\/#organization","name":"Msafe","url":"https:\/\/msafe.co\/nl\/","logo":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/msafe.co\/nl\/#\/schema\/logo\/image\/","url":"https:\/\/msafe.co\/wp-content\/uploads\/2025\/11\/mSafe-Logo-2025-scaled.png","contentUrl":"https:\/\/msafe.co\/wp-content\/uploads\/2025\/11\/mSafe-Logo-2025-scaled.png","width":2560,"height":842,"caption":"Msafe"},"image":{"@id":"https:\/\/msafe.co\/nl\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/msafe.co\/nl\/#\/schema\/person\/d4741d07e631a9f7b964edc746538f7a","name":"Msafe redactie","image":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/secure.gravatar.com\/avatar\/4985b4db7a48f7f525709d82749666e7f9dab32cd8ffb673e37f75bae5f49ba9?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4985b4db7a48f7f525709d82749666e7f9dab32cd8ffb673e37f75bae5f49ba9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4985b4db7a48f7f525709d82749666e7f9dab32cd8ffb673e37f75bae5f49ba9?s=96&d=mm&r=g","caption":"Msafe redactie"},"sameAs":["https:\/\/msafe.co"],"url":"https:\/\/msafe.co\/nl\/author\/hennie_zcnxdom9\/"}]}},"_links":{"self":[{"href":"https:\/\/msafe.co\/nl\/wp-json\/wp\/v2\/posts\/10589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/msafe.co\/nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/msafe.co\/nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/msafe.co\/nl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/msafe.co\/nl\/wp-json\/wp\/v2\/comments?post=10589"}],"version-history":[{"count":12,"href":"https:\/\/msafe.co\/nl\/wp-json\/wp\/v2\/posts\/10589\/revisions"}],"predecessor-version":[{"id":10629,"href":"https:\/\/msafe.co\/nl\/wp-json\/wp\/v2\/posts\/10589\/revisions\/10629"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/msafe.co\/nl\/wp-json\/wp\/v2\/media\/10591"}],"wp:attachment":[{"href":"https:\/\/msafe.co\/nl\/wp-json\/wp\/v2\/media?parent=10589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/msafe.co\/nl\/wp-json\/wp\/v2\/categories?post=10589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/msafe.co\/nl\/wp-json\/wp\/v2\/tags?post=10589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}