NIS2 Compliance
Consulting & Implementation
The new EU cybersecurity directive affects your business
The NIS2 directive has been in force since October 2024. We support you with gap analysis, action planning and complete implementation of all NIS2 requirements. Avoid fines up to €10 million or 2% of annual turnover.
⚠️ Act Now!
- NIS2 is mandatory since October 2024
- Fines up to €10 million or 2% annual turnover
- Personal liability for management
- Mandatory incident reporting (24h!)
Are You Affected by NIS2?
These sectors fall under the NIS2 directive
Essential Entities
Energy
Electricity, gas, oil, district heating, hydrogen
Transport
Air, rail, water, road
Banking
Credit institutions, payment service providers
Health
Hospitals, laboratories, pharma, medical devices
Digital Infrastructure
DNS, TLD, cloud, data centers, CDN
Public Administration
Central and regional authorities
Important Entities
Postal & Courier
Postal services, package delivery
Waste Management
Disposal, recycling
Chemicals
Chemical production and distribution
Food
Production, processing, distribution
Manufacturing
Medical devices, electronics, vehicles, machinery
Digital Services
Online marketplaces, search engines, social media
Size Criteria
You fall under NIS2 if you have:
- At least 50 employees OR
- Annual turnover > €10 million OR
- Annual balance sheet > €10 million
NIS2 Requirements Overview
These measures you must implement
Risk Management
Systematic analysis and treatment of cybersecurity risks according to recognized standards
Incident Response
Processes for detection, analysis, containment and recovery from security incidents
Business Continuity
Backup management, disaster recovery, crisis management to maintain operations
Supply Chain Security
Security requirements for suppliers and service providers, third-party risk management
Secure Development
Security by design in procurement, development and maintenance of IT systems
Reporting Obligations
Early warning within 24h, notification within 72h, final report within 1 month
Our NIS2 Services
Comprehensive support from analysis to certification
NIS2 Gap Analysis
Where does your company stand? We analyze your current maturity level and identify all gaps to NIS2 compliance.
- Current state analysis
- Compliance gap identification
- Risk assessment
- Prioritized action list
NIS2 Roadmap & Planning
Based on the gap analysis, we create a realistic implementation plan with clear milestones.
- Prioritized measures
- Time and resource planning
- Budget estimation
- Quick wins identification
NIS2 Implementation
We accompany you in implementing all technical and organizational measures.
- Policies & processes
- Technical measures
- Employee training
- Documentation
NIS2 Audit & Certification
Preparation for audits by authorities and support for ISO 27001 certification.
- Audit preparation
- Internal audits
- Certification support
- Continuous improvement
NIS2 Implementation Timeline
Typical project timeline for mid-sized companies
Kick-off & Scoping
Project start, stakeholder interviews, scope definition
Gap Analysis
Current state analysis, document review, interviews, gap report
Roadmap
Action planning, prioritization, resource planning
Implementation
Implementation of measures, policies, technical controls
Testing & Audit
Internal audits, penetration tests, audit preparation
Continuous Improvement
Monitoring, regular reviews, adjustments
Frequently Asked Questions about NIS2
Frequently Asked Questions
Have more questions? Our team is happy to help.
Get in TouchRelated Insights for NIS2 Readiness
Practical guides for incident response, supplier risk, and NIS2 requirements.
Third-Party Risk Management (TPRM) 2025
Assess and govern supplier risk with a structured program.
Read the guideIncident Response Playbook
72-hour response guide aligned with reporting obligations.
Read the guideNIS2 Directive Compliance Guide
Requirements, timelines, and implementation steps in depth.
Read the guideStart Your NIS2 Compliance Today
Schedule a free initial consultation. We analyze if and how NIS2 affects you and create an initial implementation plan.