NIS2 does not mandate specific certifications, but it encourages organizations to:
- Use certifications as assurance evidence
- Prefer suppliers with recognized standards (ISO 27001, EU certification schemes)
👉 Certification helps demonstrate security maturity but is not mandatory.