
Does NIS2 apply to you?
The new EU directive affects more companies than you’d expect
If you’re unsure what it means for your business, we’ll help you understand it clearly. Take a quick self-assessment to see if your company falls under the regulation and what steps you should consider next.
What is NIS2and why it matters
NIS2 (Network and Information Security 2) is the EU’s updated cybersecurity directive, adopted in January 2023. It sets out rules for how companies in critical sectors must handle cyber risks. If your company is in scope, you will need to meet strict requirements for risk management, incident reporting, and supplier oversight.
EU member states were required to transpose the directive into national law by October 17, 2024. This means companies must have already taken action to comply with these requirements. But it’s not just about compliance. NIS2 is a push to raise the bar across industries. If your operations rely on IT or you’re part of a wider supply chain, the directive could apply to you even if you’re not in a typical “critical” sector.

How to comply with NIS2
If your company is subject to NIS2, there are clear actions you must take to comply with the directive. These steps are designed to improve your cybersecurity posture, protect your operations, and ensure you meet legal requirements. Below are the key actions your company should focus on.
1.
Implement cybersecurity risk management policies (e.g. incident response, business continuity, access controls)
2.
Deploy security monitoring and detection systems (SIEM, endpoint protection, intrusion detection, etc.)
3.
Conduct regular employee training on cybersecurity
4.
Ensure your suppliers and third-party vendors are also compliant
5.
Report significant cyber incidents
- Initial report: within 24 hours
- Detailed follow-up: within 72 hours
Failure to comply can result in regulatory fines, reputational damage, or operational disruptions.
Want to have all the ABCs?
Smart support for a safer, smarter businesses
Even if you’re early in your NIS2 journey, the right guidance and tools can help you move fast, stay secure, and build real operational resilience.
Cybersecurity consulting and training
Practical help from people who’ve seen it all.
We’ve been working with cyber risks since 2007. We explain what matters, help you understand where the real issues are, and work with your team to fix them. From one-on-one advice to team training, everything is built around how your company actually works.
AI solutions
Less busywork, more time for real work.
We build custom AI agents and help companies integrate AI into their day-to-day work. That includes reviewing your current tools, finding the right use cases, and making sure the solutions support your goals. You don’t need to figure it all out alone.
PEN testing
Find the weak spots before others do.
We help you identify and fix potential security gaps in your systems by simulating real-world cyberattacks. Our penetration testing services are designed to give you an in-depth view of your vulnerabilities, so you can proactively strengthen your defenses before a real threat emerges.
Not sure where you stand with NIS2?
Estonian Office
A.H. Tammsaare tee 92
Tallinn 13423
Estonia
German Office
Am Bäckerhörn 53
18146 Rostock
Germany