EU DirectiveEnforcement Active

NIS2 Is Here.
Are You Ready?

Expanded scope, stricter requirements, personal liability for management. We help you determine if NIS2 applies to you and build a clear path to compliance. personal liability for management

Get a compliance quote

€10M

Max penalty

24h

Early warning

18

Sectors

Entity Classification

Essential EntitiesHigh Risk

Critical infrastructure, strict requirements

EnergyTransportBankingHealthcare
Important EntitiesMedium Risk

Extended scope, lighter regime

PostalFoodChemicalDigital Providers

Penalties: up to €10M or 2%

Why NIS2 Compliance?

NIS2 enforcement is active — non-compliance carries personal liability

Penalties up to €10M or 2% of global turnover

NIS2 penalties are among the strictest in EU cybersecurity regulation. Unlike GDPR, enforcement is aimed at both the organization and its management personally.

Management bears personal responsibility

Under NIS2, senior management can be held personally liable for cybersecurity failures. Directors and C-level executives must demonstrate they approved and oversaw cybersecurity measures.

24-hour early warning requirement

Significant incidents must be reported within 24 hours. Without established incident response procedures, meeting this deadline is extremely difficult.

Supply chain security obligations

NIS2 requires organizations to assess and manage cybersecurity risks in their supply chain. Your vendors' security posture directly affects your compliance.

What You Gain

Full NIS2 readiness before enforcement deadlines

100%

Coverage of Article 21 requirements

24h

Incident reporting workflow established

Complete

Supply chain risk assessment

Ongoing

Compliance monitoring and updates

Scope

Covered Sectors

NIS2 significantly expands scope compared to NIS1, covering both essential and important entities across 18 sectors with mandatory cybersecurity obligations and cross-border cooperation requirements

Energy

Essential

Transport

Essential

Banking

Essential

Healthcare

Essential

Water Supply

Essential

Digital Infrastructure

Essential

Manufacturing

Important

Digital Providers

Important

Article 21

Key Requirements

Minimum measures for cybersecurity management

Risk Management

Measures for security risk management

Risk assessmentSecurity policiesTechnical measures

Incident Handling

Procedures for handling incidents

DetectionResponseRecovery

Business Continuity

Continuity of critical services

BCP/DRPBackup systemsCrisis management

Supply Chain Security

Supply chain security

Vendor assessmentThird-party riskContractual security

Incident Reporting Timeline

24h

Early Warning

For significant incidents

72h

Incident Notification

Update + assessment

1 month

Final Report

Detailed analysis

Comparison

NIS1 vs NIS2

What changed with the new directive

Aspect

NIS1 (2016)

NIS2 (2024)

Scope

7 sectors, ~400 operators

18+ sectors, 10,000+ organizations

Penalties

Left to member states

€10M or 2% of turnover

Incident Reporting

No specific deadlines

24h early warning, 72h notification

Management Liability

No

Yes, personal responsibility

Frequently Asked Questions

Имате друг въпрос? Свържете се с нас

Fines up to €10M.
Management held personally liable.

Find out if NIS2 applies to you — and what you need to do

Talk to an expert