Our NIS2 Compliance Suite helps businesses meet the requirements of the NIS2 Directive and national cybersecurity laws in a structured and practical way. We support you with cyber resilience, cyber risk management, incident reporting obligations, and management training. From assessing whether your business is affected to identifying the necessary technical and organisational measures and supporting implementation, we help you achieve compliance while integrating requirements efficiently into your existing processes and business operations.

NIS2 Compliance Suite
Fixed-price modular consulting to help EU businesses comply with the NIS2 Directive and national cybersecurity laws.
NIS2 Start Module – Are We Affected and What Needs to Be Done?
Applicability Assessment and Requirements Analysis
A structured assessment to determine whether your organisation falls within the scope of the NIS2 Directive and to identify the specific requirements that apply.
Objective
Determine whether your organisation is subject to NIS2 and to what extent, including classification as a Critical Entity (KRITIS), Essential Entity, or Important Entity, where applicable.
Scope of Services
- Analysis of your company size, activities, and business profile
- Classification into the relevant NIS2 category (Critical, Essential, or Important Entity)
- Assessment of registration obligations in Germany and, where applicable, other EU Member States
- Support with the registration process
- Initial workshop with management, IT, and compliance stakeholders
- Identification of the legal, technical, and operational requirements applicable to your organisation
Deliverables
- Documented assessment of your NIS2 applicability
- Confirmation and support regarding registration obligations
- Initial roadmap for your NIS2 implementation journey
NIS2 – What Is Still Missing?
NIS2 Gap Assessment and Compliance Audit
A structured assessment to identify compliance gaps and develop a practical roadmap for achieving NIS2 compliance.
Objective
Gain a clear understanding of your organisation’s current level of cyber resilience, IT security, and cyber risk management, together with a prioritised action plan for closing identified gaps.
Scope of Services
- Comprehensive audit of your existing cyber risk management from technical, organisational, and legal perspectives
- Review of policies, procedures, and their practical implementation across IT, OT, and business functions
- Close collaboration with your IT security teams and technical advisors
- Gap analysis comparing your current state with NIS2 requirements
- Development of a prioritised implementation and remediation plan
Deliverables
- Clear overview of outstanding compliance gaps
- Tailored action and priority plan
- Solid foundation for the successful implementation of NIS2
NIS2 for Management – Training and Awareness
Management Training
Practical training for executives and board members to meet the legal training requirements under the NIS2 Directive and applicable national laws, while strengthening their ability to oversee and manage cyber risks effectively.
Objective
Enable management to fulfil its legal training obligations and build the knowledge needed to oversee cyber risk management with confidence. The training is practical, business-focused, and easy to understand—without requiring legal or technical expertise.
Scope of Services
- Design and delivery of tailored training sessions for management
- Explanation of the regulatory requirements under NIS2 and the German Cyber Security Act (BSIG), including Section 38 BSIG where applicable
- Overview of key governance, oversight, and liability responsibilities
- Practical guidance on governance, cyber risk management, and internal controls
- Awareness of common cyber threats and effective risk management practices
- Interactive sessions with the opportunity to discuss company-specific questions
- Available as online or on-site training (1–2 hours for a focused session or 2–4 hours for comprehensive training)
- Provision of all training materials
Scope
- Focus on training and raising awareness among senior management
- Clear and structured overview of legal and regulatory requirements
- Comprehensive coverage of management responsibilities without unnecessary legal complexity or the need for technical expertise
Format
- In-house or online training for executives and board members
- Interactive and practical training format
- Transparent fixed-price model, regardless of the number of participants
Deliverables
- Evidence of compliance with management training requirements
- Certificates of participation for documentation purposes
- Stronger decision-making and oversight capabilities
- Reduced liability risks related to NIS2 compliance
NIS2 – Securing Your Supply Chain
NIS2 Supply Chain Compliance
Ensure that cybersecurity requirements are effectively managed throughout your supply chain and reflected appropriately in relationships with customers, suppliers, and service providers.
Objective
Help your organisation meet NIS2 supply chain requirements while ensuring that contractual obligations are practical, achievable, and aligned with legal requirements.
Scope of Services
- Development of minimum cybersecurity requirements for suppliers and service providers
- Review and adaptation of procurement terms and conditions
- Drafting or updating cybersecurity-related contract clauses
- Support during contract negotiations with suppliers and customers
- Assessment of customer security requirements against legal obligations and operational capabilities
Deliverables
- Legally sound and practical contractual documentation
- Improved security and compliance across the supply chain
- Prevention of unrealistic or unachievable customer requirements
NIS2 – Questions & Ongoing Support
Legal Support for NIS2 Implementation
Ongoing legal guidance to help your organisation implement and integrate NIS2 requirements into existing business processes and governance structures.
Objective
Ensure the efficient and legally compliant implementation of NIS2 by aligning legal requirements with IT, cybersecurity, and organisational processes.
Scope of Services
- Translating regulatory requirements into practical policies and guidelines
- Collaboration with IT, cybersecurity, and compliance teams
- Review and integration of existing frameworks (e.g. data protection, ISMS)
- Support in establishing incident reporting processes and cyber risk management procedures
- Development of documentation and internal resources (e.g. guidelines, FAQs)
- Ongoing legal support for NIS2-related questions and implementation challenges
Deliverables
- Legally compliant implementation of NIS2 requirements
- Integrated and efficient compliance processes
- Complete and well-documented governance and compliance framework
Modular NIS2 Compliance Implementation
Modular Approach
Flexible combination of individual modules, tailored to your organisation's NIS2 obligations and current level of compliance.
Practical Cybersecurity Compliance
Integrating legal, technical, and organisational requirements into a practical and effective compliance strategy.
Predictable Scope & Fixed Pricing
Clearly defined services and transparent fixed pricing provide planning certainty and predictable project costs.
Integration with Existing Processes
Efficient use of existing processes and systems to avoid duplication and streamline NIS2 compliance.