NIS2

NIS2 without panic: check, prioritise, implement.

NIS2 makes IT security mandatory for far more companies — including SMEs. The good news: most of it is solid IT craftsmanship, not wizardry.

NIS2 is the EU cybersecurity directive; with the German implementation act, far more companies fall under BSI supervision than before — mid-sized ones included. The first step is not a consulting battle but an honest scope-and-status check.

What I help with

  • Scope assessment: does your company fall under NIS2 at all?
  • Status review: what do you already have, where are the gaps?
  • Prioritisation: what comes first — and what can wait?
  • Implementing the technical basics: backups with restore tests, monitoring, updates, MFA
  • Running the measures afterwards as managed hosting

How it works

01

First call

Free: we establish whether NIS2 applies to you and where you stand.

02

Status review

I look at your IT — soberly, without sales pressure.

03

Action plan

A prioritised list: what first, what it achieves, what it costs.

04

Implementation

On request I implement and operate — or you continue on your own.

NIS2 self-check

Know within minutes whether your company is in scope — as a checklist to walk through and print.

Open the self-check →

Honesty up front

I do technology, not legal advice: the legal assessment of your reporting duties belongs with your lawyer. I make sure the technical side — backups, monitoring, hardening, processes — stands and runs.

Frequently asked questions

Does NIS2 apply to me? +

With the German implementation act, around 29,500 entities fall under BSI supervision, up from about 4,500 before (BSI, 2025). Whether you are among them depends on sector and size — the self-check on the blog walks you through it in minutes.

What does NIS2 actually require? +

At its core: risk management, working backups, incident handling, reporting channels, and management accountability. Much of it is ordinary, well-done IT — no special magic.

Is managed hosting enough for NIS2? +

No, but it covers a relevant part of the technical duties: updates, backups with restore tests, monitoring, documented operations. Processes and reporting channels remain your job — I help structure them.

Do you handle the legal side too? +

No. For the legal assessment you work with your lawyer; I deliver the technical foundation that assessment can stand on.

Not sure whether NIS2 hits you?

One free first call and you know where you stand — and what is actually urgent.