NIS2 Security Audits Consulting Training About Legal Notice Privacy Policy Contact Book Free Consultation →
EU Directive 2022/2555

NIS2
Compliance.

The NIS2 directive significantly raises IT security requirements – and affects significantly more organisations than its predecessor. I help you get compliant before fines and reporting obligations become a problem.

Check your NIS2 status → What is NIS2?
⚠️
Are you affected?
NIS2 applies to medium and large organisations in 18 critical sectors – including energy, transport, healthcare, water, digital infrastructure, manufacturing and more. Suppliers and service providers may also be indirectly affected. An early scope assessment avoids surprises.
My approach

The path to NIS2 compliance

01
Scope Analysis
We determine together whether and to what extent NIS2 applies to your organisation – sector, size, services.
02
Gap Analysis
I review your existing security measures against NIS2 requirements and identify concrete gaps.
03
Roadmap & Actions
You receive a prioritised action plan with realistic implementation steps – tailored to your resources.
04
Audit Preparation
I support you with documentation, evidence management and preparation for regulatory audits and reporting obligations.
Requirements

What NIS2 requires from you

  • Risk management and security policies
  • Incident response and reporting (24h/72h deadlines)
  • Business continuity and crisis management
  • Supply chain security and supplier management
  • Access control and multi-factor authentication
  • Encryption and cryptographic measures
  • Security in acquisition, development and maintenance
  • Staff training and awareness
  • Management responsibility and accountability
🏢 Thresholds (scope)
Employees≥ 50 (medium)
Annual turnover≥ €10M
Balance sheet total≥ €10M
Critical sectors18 sectors
Fine (important entities)up to €7M
Fine (essential entities)up to €10M
Frequently asked questions

FAQ on NIS2

Does NIS2 apply to my small business?
Generally, NIS2 applies from 50 employees or €10M turnover in critical sectors. However, smaller companies may also fall within scope as suppliers or service providers to affected organisations. A short scope assessment provides clarity.
By when must NIS2 be implemented?
The EU directive was transposed into national law by October 2024. Germany did so with the NIS2UmsuCG. The requirements are now in force – anyone who hasn't yet started should act now.
What happens if we don't comply with NIS2?
Fines of up to €10 million or 2% of global annual turnover for essential entities. In addition, management can be held personally liable. There is also the reputational risk in the event of a security incident.
How long does a NIS2 consultation take?
It depends on your starting point. An initial scope assessment and gap analysis is often completed in 2–4 weeks. Full implementation can take 3–12 months depending on maturity. I'm happy to provide a realistic estimate.

Get your NIS2 status assessed.

In a free initial call we'll clarify whether and how NIS2 is relevant for your organisation.

Book free consultation →