The NIS2 Directive massively expands the scope of the previous NIS: more sectors, more companies, more obligations. Fines reach up to €10 million or 2% of global turnover — and directors face personal liability. We assess your situation and get you compliant.
Free evaluation · Response within 24h · No commitment
NIS2 distinguishes between essential entities (high criticality) and important entities. Both are obliged — fines differ in maximum amount.
Risk analysis policies, information systems security, business continuity plans and crisis management. Not optional — it must be documented and kept up to date.
Early warning within 24 hours, full notification within 72 hours and final report within one month. Organisations must have the protocol in place before an incident occurs.
Governing bodies must approve risk management measures and oversee their implementation. Management ignorance is not an excuse — it is an aggravating circumstance.
NIS2 requires reviewing the security of suppliers and subcontractors. A breach originating from a poorly managed supplier is your responsibility — and your fine.
End-to-end encryption and multi-factor authentication (MFA) on critical systems become requirements, not recommendations. This includes voice, video and text communications.
Members of the governing body must receive regular cybersecurity training — and must actively encourage all employees to receive it too.
We assess where you are, design the roadmap and execute the technical implementation. With us, compliance is not just documentation.
We determine whether your company falls within NIS2's scope (essential vs. important) and which specific obligations apply to you based on your sector, size and type of services.
We audit your current cybersecurity posture against NIS2 requirements: existing policies, implemented technical measures, incident management, staff training and supplier security.
With the gap analysis in hand, we design an action plan with three horizons: urgent actions (first 4 weeks), structural (3 months) and continuous maturity (12 months).
MFA on all critical systems, end-to-end encryption, network segmentation, vulnerability management, SIEM, EDR and verified backups. We don't just recommend — we implement.
We design the complete procedure: detection, classification, escalation, 24h notification to the competent authority and communication to those affected. Simulation exercises included.
We review and audit critical suppliers, establish contracts with NIS2-compliant security clauses and implement a continuous third-party evaluation process.
NIS2-specific training for the governing body (legally mandatory) and operational teams. Documented certification proving compliance with the training requirement.
NIS2 is not a one-off project — it requires continuous vigilance. We provide 24/7 monitoring, quarterly compliance reviews and support during any authority inspection.
5 minutes to find out if your company is subject to NIS2 and in which category.
2 weeks. Technical and governance audit to map the gap between your current situation and NIS2 requirements.
4-6 weeks. We execute the prioritised plan: MFA, encryption, SIEM, incident protocols and training.
Monitoring, quarterly reviews and support during inspections. Compliance doesn't have an expiry date.
NIS2 applies to entities operating in the sectors defined in Annexes I and II of the Directive, that exceed certain size thresholds (generally, more than 50 employees or more than €10M in turnover). But there are exceptions: some critical organisations are obliged regardless of size. The free 5-minute test gives you an immediate answer.
GDPR regulates the protection of personal data. NIS2 regulates the cybersecurity of networks and information systems. Although they share some technical measures (such as encryption), they are different regulatory frameworks with different supervisory authorities. Many companies need to comply with both. We manage both without duplicating work.
NIS2 establishes a three-phase process: early warning within 24 hours (notification to the competent authority that a significant incident has occurred), full notification within 72 hours (with details of the incident, impact and measures taken) and a final report within one month. Without the protocol in place, meeting these deadlines is impossible.
Yes. NIS2 explicitly requires obliged organisations to manage security risks in their supply chain. This means you are responsible for verifying that your critical suppliers also have adequate security measures. A security breach originating from a supplier does not exempt you from liability.
It depends on the complexity of the systems, the sector and the current cybersecurity maturity level. For an SME of up to 50 employees in a high-criticality sector, the initial compliance project typically ranges between €8,000 and €20,000. Ongoing maintenance ranges from €2,400 to €6,000 per year. We do a free gap analysis first.
The NIS2 Directive entered into force at EU level in October 2024. Member states are in the process of transposing it into national law. Obliged organisations must comply with the requirements regardless of the status of national transposition — legislative delays do not exempt you from European obligations.
The free 5-minute test tells you whether your company falls within NIS2's scope, in which category and what your main obligations are. You receive the report by email.