NIS2 is Here — What Businesses Need to Know Now

The NIS2 Directive has been transposed into national law across the EU since October 2024. Many business owners ask us: "Does this apply to us at all?" The answer: probably yes.

Who is affected?

Essential and important entities in 18 sectors — including energy, health, finance, food production, chemicals, and IT service providers. Rule of thumb: if you have 50+ employees or €10M annual turnover and operate in one of the listed sectors, you are likely in scope.

What needs to be done and by when?

The key obligations:

• •Incident reporting obligation within 24/72 hours
• •Risk management documented and demonstrable
• •Supply chain security assessed
• •Management responsibility explicitly assigned
• •Employee training conducted regularly

Violations can result in fines of up to €10 million or 2% of annual turnover (whichever is higher).

Practical Checklist

If you haven't started yet, here is what you can achieve in 4 weeks:

• •Inventory: Which systems process critical data?
• •Risk analysis: What are the most likely attack vectors?
• •Incident Response Plan: Who does what when something happens?
• •Backup strategy: 3-2-1 rule — does recovery actually work?
• •Training: Phishing test + training for all employees
• •Documentation: Fix everything in writing — proof counts

How we help

We offer a NIS2 audit as a fixed-price package — in 2 weeks we deliver a clear status analysis, gap analysis, and a prioritized action plan. Including all templates for notifications, risk registers, and training materials.

Any questions — just write to us.