We walk you through NIS2. Point by point.
You know NIS2 applies to you and you would rather not carry the implementation alone. We sit down with you for 30 minutes once a week and work through the requirements in order. The platform stays free and open source, the guidance is optional.
Made in Cologne. Hosted in Germany.
Already know the steps and want to start on your own? Here is the roadmap.
How the guidance works
Weekly call, 30 minutes
One fixed slot a week. No project month, no endless alignment loops. We take the next item on your roadmap and get it done together.
We lead, your IT lead implements
Your personal effort as managing director is about three hours a year, then approval and oversight under Article 20 NIS 2 (in Germany § 38 BSIG) is done. Four obligations under Article 21 are fixed, the rest scales with your risk and is proportional. The operational part, the asset inventory, risk register, suppliers and the ten measures, is handled by your team.
You keep everything. No lock-in.
Your data, the audit trail and the evidence are yours. The platform is open source. If you want to continue without us, export everything and take it with you.
What each is for
We do not run anyone else down. Each option has its place. Here is the honest read so you know whether we fit you.
Consultants
A consultant does the work for you and takes real accountability. Worth it if you have the budget and no one in-house to own NIS2 long term. The knowledge does leave with the consultant, though.
Full-service GRC platform
Full-service GRC platforms cover many frameworks at once and are built for large organizations with their own GRC team. Strong if that is exactly what you need and the budget is there.
International platform
International platforms are polished and fast for common certifications. Strong if you certify internationally and English as the primary language fits.
nisd2.eu
nisd2.eu is free and open source, EU-hosted. One standard, done to depth. Everything exportable, no lock-in. What we do not do: no full-service hand-holding, no phone support walking you through it step by step. You need someone in-house who owns NIS2. That is exactly who this is built for.
What we work through with you
The obligations from Article 21 NIS2
Every duty broken into structured forms with clear instructions. No compliance background needed: you answer the questions, we do the mapping.
Evidence and audit trail
Documents, sign-offs and a tamper-evident audit trail build themselves from your work. Everything timestamped, ready for the audit.
Deadlines and reporting
Registration, the incident reporting cascade under Article 23 (24 hours, 72 hours, one month) and training renewals. Every deadline tracked, nothing slips.
Registration with the authority
Guided preparation for registration under Article 27, with all required documents and a pre-flight checklist.
Common questions
Book a free intro call
Prefer to write directly? contact@nisd2.eu
Sources and transparency: NIS2 Directive (EU) 2022/2555, BSIG, CIR 2024/2690, ENISA Technical Implementation Guidance. Open source, hosted in Germany, GDPR-compliant. This page is structured guidance and is not legal advice. Operational implementation is handled by your IT lead or CISO.