NIS2
NIS2 without panic: check, prioritise, implement.
NIS2 makes IT security mandatory for far more companies — including SMEs. The good news: most of it is solid IT craftsmanship, not wizardry.
NIS2 is the EU cybersecurity directive; with the German implementation act, far more companies fall under BSI supervision than before — mid-sized ones included. The first step is not a consulting battle but an honest scope-and-status check.
What I help with
- Scope assessment: does your company fall under NIS2 at all?
- Status review: what do you already have, where are the gaps?
- Prioritisation: what comes first — and what can wait?
- Implementing the technical basics: backups with restore tests, monitoring, updates, MFA
- Running the measures afterwards as managed hosting
How it works
First call
Free: we establish whether NIS2 applies to you and where you stand.
Status review
I look at your IT — soberly, without sales pressure.
Action plan
A prioritised list: what first, what it achieves, what it costs.
Implementation
On request I implement and operate — or you continue on your own.
NIS2 self-check
Know within minutes whether your company is in scope — as a checklist to walk through and print.
Open the self-check →Honesty up front
I do technology, not legal advice: the legal assessment of your reporting duties belongs with your lawyer. I make sure the technical side — backups, monitoring, hardening, processes — stands and runs.
Frequently asked questions
Does NIS2 apply to me? +
With the German implementation act, around 29,500 entities fall under BSI supervision, up from about 4,500 before (BSI, 2025). Whether you are among them depends on sector and size — the self-check on the blog walks you through it in minutes.
What does NIS2 actually require? +
At its core: risk management, working backups, incident handling, reporting channels, and management accountability. Much of it is ordinary, well-done IT — no special magic.
Is managed hosting enough for NIS2? +
No, but it covers a relevant part of the technical duties: updates, backups with restore tests, monitoring, documented operations. Processes and reporting channels remain your job — I help structure them.
Do you handle the legal side too? +
No. For the legal assessment you work with your lawyer; I deliver the technical foundation that assessment can stand on.
From the blog
Am I Actually Covered by NIS2?
The honest scope test doesn't run on “how big are we”, but on sector and linked enterprises. Many are out — but for the wrong reason.
Team Passwords: Vaultwarden Instead of a US Datacenter
A shared password store belongs inside the company, not in a cloud you don't know. Why "we have MFA" isn't the finish line — and why rotation is dead.
Windows 10 Is Dead — Is This the Moment for Linux?
Windows 10 support has ended. When a Linux switch really pays off for a company — and the three cases where it goes wrong.
Not sure whether NIS2 hits you?
One free first call and you know where you stand — and what is actually urgent.