NIS2
No reason to panic
NIS2 is an EU directive and, in effect, a binding law. If there is a legal issue, it needs to be addressed—just like any other regulatory challenge. As with most topics, it all starts with asking the right questions. With NIS2, however, there are also wrong ones.
1
What we want to know
Where do you stand? What have you already put in place? What are you preparing?
We assume that cybersecurity is not an entirely new topic for you. That’s why we build on what you already have. Rarely does anything need to be discarded—most of the time, existing measures can be consolidated, streamlined, and implemented at different levels to take meaningful action.
2
What you want to know
…we can only assume. Most often, it is about assessing the relevance of the directive for your company. The answer, in a clear and perhaps unsettling word: Irrelevant.
If your question is "How?"—then this is where we continue. Due to supply chain dependencies, most companies will need to comply with NIS2. Once the analysis is complete, it won’t take long to develop your tailored solution with a concept optimized for efficiency and effectiveness. This is followed by project management, which you can implement with us or by using our playbook.
3
What third parties want to know
In one sentence: Are you sure? Compliance is not only a question from authorities but also from customers and suppliers within your supply chain. That is why it hardly matters whether your company formally falls within the regulated industry classifications.
It should come as no surprise that third parties will not take the time to investigate whether NIS2 compliance applies to you. It will be required, and proof will be expected. If you can provide that proof, you can also use it as a competitive advantage—securing contracts that others may lose simply because they are not compliant.
4
What marks the beginning of the solution
Get started. Establish a structure for achieving compliance. Assess what you already have and identify who can help structure and refine it. Develop a timeline and determine who, internally and externally, will be responsible for each part of the implementation. What you need to implement is outlined in Article 21 of the directive. What is not explicitly stated: Document your efforts and interactions with information and IT security service providers. This will allow you to demonstrate that you are actively working on compliance and making progress in implementing the requirements.
Your security
in focus:
You steer,
we navigate.
You define the framework, resources, and objectives – we deliver clarity, solutions, and execution. With clear explanations, concrete actions, and efficient project management, we guide your NIS2 project to success—on time, within budget, and at eye level.