We turn the NIS2 Directive from a regulatory burden into a stronger, board-backed cybersecurity posture: gap analysis, risk-management measures, incident reporting and supply-chain assurance — without disrupting your operations.
NIS2 makes management formally accountable for cybersecurity, with significant fines and the possibility of a temporary ban on holding management roles. Most organisations are unsure whether they are in scope and where their gaps are.
You are not sure whether NIS2 applies to your company by sector, size, or because you supply an entity that is in scope.
Management is personally accountable for compliance but lacks a clear map of obligations and risks.
There is no incident-reporting process that meets the 24-hour, 72-hour and one-month deadlines.
Your customers already require contractual cybersecurity assurances as part of their own supply chain.
A pragmatic programme covering the two pillars of NIS2 — risk management and incident reporting — plus supply-chain security and management governance.
We assess your sector, size and supply-chain position to determine whether you are in scope, and compare your current measures against the directive's requirements.
We implement proportionate technical and organisational measures: security policies, business continuity, access control and encryption.
We design the reporting process around the 24-hour, 72-hour and one-month milestones, with clearly assigned owners.
We assess your suppliers and cascade contractual cybersecurity requirements, as the directive demands.
We define the board's role in approving and overseeing the measures and train management on their accountability.
We leverage an ISO 27001-based management system to cover much of the required measures and ease the evidence of compliance.
The figures that define the stakes of non-compliance — straight from the Directive.
€10M / 2%
Maximum fine for essential entities (€10M or 2% of global annual turnover, whichever is higher)
Source: Directive (EU) 2022/2555
€7M / 1.4%
Maximum fine for important entities (€7M or 1.4% of global turnover, whichever is higher)
Source: Directive (EU) 2022/2555
18
Strategic sectors in scope (Annexes I and II), plus their supply chains
Source: Directive (EU) 2022/2555
An ordered project, not a last-minute scramble — designed around the 24h / 72h / one-month reporting deadlines.
We analyse your sector, size and position in the supply chain of entities in scope.
We compare your current measures against the directive's requirements and identify the gaps.
We deploy technical and organisational measures proportionate to risk: incidents, continuity, access, encryption and suppliers.
We establish the incident-reporting process with the 24-hour and 72-hour deadlines and the final report.
We train the board and define its role in the ongoing approval and oversight of the measures.
It depends on your scope, sector and starting maturity. We begin with a free diagnostic that sizes the effort and deliver a phased proposal, so you invest first where the risk is highest rather than all at once.
The diagnostic and gap analysis are completed in weeks; implementation is planned in phases based on your risk. We build the timeline around the 24-hour, 72-hour and one-month reporting deadlines so you arrive prepared, not against the clock.
It applies to entities in 18 strategic sectors above the medium-enterprise threshold, with exceptions for SMEs in critical sectors. You may also be in scope de facto if you supply an entity that is. The diagnostic clarifies your exact situation.
No. Our goal is to leave your team and board self-sufficient: we document the system, train the responsible people and hand over the process. You can rely on us for ongoing support, but by choice, not by lock-in.
NIS2 states that management bodies must approve and oversee cybersecurity measures and can be barred from management roles in case of serious non-compliance. That is why we engage the board from the start, not only the technical team.
Get a free NIS2 compliance diagnostic: we assess your scope, map your gaps and outline a realistic action plan.
Request free NIS2 diagnosticNo commitment — a clear read on your NIS2 exposure.