Full compliance and no fines
Company fully NIS2 / local cyber law compliant. Zero risk of fines up to EUR 10 million.
NIS2 implementation — full compliance with the directive and local law
We implement NIS2 / local cybersecurity law compliance. Readiness audit, cybersecurity policy, risk management plan, incident response procedures, reporting. Full package for essential and important entities.
01
Fines up to EUR 10 million or 2% of turnover
02
Obligation to report incidents within 24h
03
Personal liability of leadership
Customer problem
NIS2 is here — your company has 12 months for full compliance
The NIS2 Directive and local cybersecurity law require essential and important entities to have: cybersecurity policy, risk management plan, incident response procedures, CSIRT reporting, training, audits. Non-compliance = fines up to EUR 10 million or 2% of turnover.
NIS2 implementation is a 6–12 month project in a typical company. We run it in stages: readiness audit, organization-tailored policy design, technical and organizational safeguards rollout, leadership and employee training, CSIRT reporting preparation. Pace depends on the baseline maturity of cybersecurity, organization scale and availability of the client-side team.
Why it matters
Fines up to EUR 10 million or 2% of turnover
Obligation to report incidents within 24h
Personal liability of leadership
NIS2 audits conducted by CSIRT
Need for cybersecurity policy and procedures
What we deliver
What we deliver in the implementation
Full NIS2 compliance package — from audit to operational readiness.
01
NIS2 readiness audit (gap analysis)
Assessing current cybersecurity state against NIS2 requirements. List of 50–100 recommendations prioritized by risk and obligation.
02
Cybersecurity policy
Full policy document tailored to organization. Covers: risk management, access control, data protection, supply chain security.
03
Risk management plan
Asset inventory, threat identification, per-asset risk analysis, risk mitigation plan. Annual update.
04
Incident response procedures
Incident classification, escalation paths, CSIRT reporting procedures within 24h, crisis communication. Procedure testing.
05
Technical safeguards implementation
Implementation/audit of safeguards: IAM (Microsoft Entra ID), MFA, monitoring (SIEM), backup 3-2-1, network segmentation, encryption. Working with your IT.
06
Supply chain security
IT supplier inventory, NIS2 readiness assessment, contract templates with cybersecurity clauses, regular audits.
07
Leadership and employee training
Session for leadership on NIS2 liability, awareness training for employees (phishing, social engineering), phishing tests.
08
Reporting and documentation
NIS2 dashboard for leadership with key metrics. NIS2-required documentation: incident register, procedures, audits, training.
Technology stack
Technologies we use
Technology stack matched to company's scale and current infrastructure.
Microsoft Entra ID (IAM, MFA)Microsoft Defender (XDR, monitoring)Microsoft Purview (DLP, labels, audit)SIEM (Microsoft Sentinel or other)Backup 3-2-1 (Veeam, Acronis, Microsoft Backup)VPN, network segmentation, firewallPhishing simulation (Hoxhunt, KnowBe4)
Your solution
Typical NIS2 scenarios
Essential entity (energy, transport, finance)
Full NIS2 rollout with highest requirements. Policies, 24/7 monitoring, procedures, external audits, CSIRT reporting.
Important entity (medical, education, manufacturing)
NIS2 rollout for important entities. Lower threshold than essential, but still full policy, procedure and reporting scope.
IT service provider (B2B)
Companies providing services to essential/important entities — must themselves be NIS2 compliant (supply chain security).
Capital group (multiple NIS2 entities)
Shared group policy, integrated procedures, central monitoring and reporting. Each entity meets NIS2 requirements simultaneously.
Solution fit
Sprawdźmy, które elementy rozwiązania najszybciej ograniczą pracę manualną i uporządkują procesy w Twojej organizacji.
Impact and metrics
Effects of NIS2 implementation
Clients we have implemented NIS2 for report similar effects after the first 3 months.
100%
compliance with NIS2 and local cyber law
0
risk of fines up to EUR 10 million
24h
incident reporting time compliant with requirements
1
coherent policy and procedure package
Business benefits
Professional incident response
Ready procedures, escalation paths, CSIRT reporting. In case of incident — company acts professionally.
Employee awareness
Regular training, phishing tests, security culture. People are weakest link — much stronger after rollout.
Who this is for
Who this is for
NIS2 essential and important entities
Companies in sectors: energy, transport, finance, health, drinking water, digital infrastructure, ICT, space, telecom, administration.
NIS2 service providers
Companies providing IT, advisory, logistics services to essential entities — must themselves comply (supply chain).
Mid-sized 50+ companies with critical infrastructure
Organizations 50–500 people in NIS2 sectors — must implement full package in 12 months.
Capital groups with multiple NIS2 entities
Groups with several entities being NIS2 entities — shared approach saves costs and ensures consistency.
Implementation process
NIS2 implementation process
We implement the solution in a structured model that clarifies project stages, integration with the current environment and further development across the organization.
Stage01
Readiness audit (2–3 weeks)
Gap analysis against NIS2 requirements. Asset inventory, gap identification. Report with 50–100 prioritized recommendations.
Stage02
Policy and risk plan (2–3 weeks)
Cybersecurity policy design, risk management plan, response procedures. Leadership approval.
Stage03
Safeguard implementation (3–6 weeks)
Technical and organizational safeguard rollout. IAM, MFA, monitoring, backup, segmentation, encryption.
Stage04
Training and tests (1–2 weeks)
Leadership training on NIS2 liability. Awareness training for employees. Phishing tests, response procedure tests.
Stage05
External audit and 30 days of support
NIS2 audit simulation. Post-audit corrections. 30 days of support with documentation and procedure updates.
Stage 1 of 5
NIS2 qualification of your company
Readiness audit (preliminary gap analysis)
Implementation plan with concrete phases
FAQ
FAQ about NIS2 implementation
Is my company covered by NIS2?
NIS2 covers 18 sectors (essential and important). Threshold: 50+ employees OR EUR 10 million turnover. Full list in local cybersecurity law. We do free qualification of your company.
How long does NIS2 implementation take?
Typically 6–12 months for a mid-sized company. The law gives 12 months from qualification as an essential or important entity. Pace depends on the baseline cybersecurity state, organization scale, client-side IT team availability and the scope of required technical safeguards.
What's the penalty for non-compliance?
Administrative fines up to EUR 10 million or 2% of annual turnover (higher amount). Plus personal liability of leadership. Plus CSIRT audits with additional obligations.
Do I have to report incidents?
Yes. Significant incidents must be reported to CSIRT within 24h (preliminary) and 72h (full). We implement procedures and train the team.
What technology do I have to deploy?
NIS2 requires: IAM with MFA, monitoring (SIEM), backup compliant with 3-2-1, network segmentation, encryption, access control. Most often Microsoft Defender + Entra ID + Purview is enough.
Are trainings in the package?
Yes. Sessions for leadership (NIS2 liability), employees (security awareness), IT (technical procedures). Plus phishing tests.
What after 30 days of support?
We can offer vCISO retainer (ongoing compliance support), annual audits, documentation updates. NIS2 requires annual reviews.
Related materials
Related solutions
Kontakt
Let’s talk about your needs!
Filling out the form takes just a moment, and we will get in touch to understand your requirements.
In-depth analysis
NIS2 implementation — what to know
NIS2 is the EU directive on information system security, transposed into local cybersecurity law. Covers 18 sectors: energy, transport, finance, health, digital infrastructure, ICT, telecom and others. Threshold: 50+ employees or EUR 10 million turnover. Non-compliance = fines up to EUR 10 million or 2% of turnover.
A good NIS2 rollout is a project covering: readiness audit (gap analysis), cybersecurity policy, risk management plan, incident response procedures, safeguards implementation (IAM, MFA, monitoring, backup, segmentation), training, documentation. Without these elements you risk fines and personal liability. Implementation pace depends on baseline environment maturity and typically fits within the 6–12 month window mandated by law.
NIS2 implementation delivers biggest impact in companies in directive-covered sectors (essential and important) and providers of services to these companies (supply chain). Typical ROI: full compliance, zero fines, professional incident response, competitive advantage in B2B tenders.