NIS2 Compliance Quick Scan – Comply with EU Cybersecurity Legislation
Does your organization fall under NIS2? From 17 October 2024, the NIS2 Directive comes into effect. Essential entities (energy, transport, healthcare) and Important entities (digital services, postal services) must comply with 17 cybersecurity measures. Fines of up to €10M are possible, and management can be held personally liable.
NIS2 in 60 Seconds
- EU Cybersecurity Legislation (from 17 October 2024). First fines issued in 2026
- Essential: Energy, Transport, Drinking Water, Healthcare, Telecom
- Important: ICT Services, Digital Platforms, Postal Services, Waste Management
- 17 mandatory security measures (Art. 21)
- Fines: €10M for Essential entities, €7M for Important entities
- Management: personally liable
What We Do
- Applicability check (Essential / Important / Not Applicable)
- Gap analysis of 17 NIS2 security measures
- Current state assessment (documentation + interviews)
- Maturity scoring per measure (1–5)
- Priority matrix (Impact vs. Effort)
- 12–18 month implementation roadmap
- Budget estimate: €50K–€150K
- Management briefing (board-ready)
17 NIS2 Security Measures
- Risk analysis & information security policies
- Incident handling
- Business continuity & crisis management
- Supply chain security
- Security in acquisition, development, maintenance
- Policies on vulnerability disclosure
- Measures to assess effectiveness
- Basic cyber hygiene & training
- Cryptography & encryption
- Human resources security
- Access control
- Asset management
- Authentication (MFA)
- Network security
- Physical security
- Data security (backups, encryption)
- Logging & monitoring
Pricing Plan
Small
€9.5K
- Applicability
- High-level scan
Medium
€16K
- Complete 17 measures assessment
Large
€24K
- Complex multi-site organization