NIS-2: More than
a compliance checkbox.
The EU directive NIS-2 dramatically raises cybersecurity requirements – and now applies to many SMBs too. We make you compliant without drowning you in bureaucracy.
What is NIS-2 – and does it affect you?
The NIS-2 directive is the EU's second directive on network and information security. For the first time it puts concrete cybersecurity obligations on many SMBs – with steep fines for violations (up to €10M or 2% of annual revenue).
Affected sectors include energy, transport, banking, healthcare, digital infrastructure, administrative services, postal, food, chemicals, research, and IT service providers. Many „critical" suppliers of these sectors are indirectly affected too.
What you need to do
The management team is personally liable for implementation. Requirements include: risk management, incident response plans, supply chain security, employee training, encryption, multi-factor authentication and much more.
Our NIS-2 program
1. Assessment
We analyze your IT landscape, processes, and existing security measures. Result: a clear picture of your status quo.
2. Gap analysis
What's missing? What needs improvement? We deliver a prioritized list of concrete measures with effort estimates.
3. Implementation
We implement the technical and organizational measures – from MFA rollout to backup design to employee training.
4. Audit & documentation
We document everything audit-ready and prepare you for possible inspections. Templates for reporting obligations included.
Management coaching
Since leadership is personally liable, we coach them specifically on their duties and authority.
Ongoing support
NIS-2 isn't a project with an end date. We stay at your side and adapt the program to new threats.
Sounds like what you need?
Let's talk. We offer a free initial consultation – no obligation, peer-to-peer.