What nisd2.eu actually is
A free, open-source NIS 2 platform for the European Mittelstand. No lock-in, no fear selling.
An obligation register, not another form filler
nisd2.eu is not another GRC tool that breaks every requirement into forms. It is a structured obligation register. It takes the duties from the NIS 2 Directive (EU) 2022/2555 and its German transposition in the BSIG, assigns each requirement its legal basis, and walks you through implementation in a sensible order.
The real problem in the Mittelstand is rarely a lack of knowledge. It is a lack of structure. That is where the platform starts.
Most companies postpone NIS 2 because the effort looks unbounded, or they overspend out of fear. The directive demands neither. Article 21(1) NIS 2 requires appropriate and proportionate measures; Section 30(1) BSIG adds the word effective.
That is a duty to reason, not a maximum catalogue. A platform that reflects this replaces the folder of Word templates that is out of date three months later.
Asset register, risk register, policy management and supplier management in one system. For each requirement: the legal basis, a responsible person, a deadline, and a piece of evidence.
A management training module that satisfies the obligation in Article 20(2) NIS 2 (Section 38(3) BSIG), a supplier portal for the duties in Article 21(2)(d), and an end-to-end audit trail that records who approved what and when. The platform features are themselves the evidence: assignments, deadlines, sign-offs.
The platform is free and open source. We expect to earn through training, hosting and partner offerings, not through per-requirement licence fees.
That is a deliberate choice. NIS 2 should not cost the Mittelstand tens of thousands of euros.
We are not a US SaaS that locks your compliance data into a closed cloud. No lock-in: your data and your process belong to you.
No vendor audit risk. The code is open, so an auditor can trace how data is processed instead of trusting a promise.
Frequently asked questions
Is the platform really free?
Yes. Use is free and the code is open source. We plan to fund the project through training, hosting and partner offerings.
Do I need an account?
Yes, the platform requires sign-up. There is no lock-in: you can export your data and self-host the open-source code.
Does it replace a consultant?
For the structure, yes. For judgement calls, such as whether a risk is acceptable or a measure is fit for a BSI audit, a human still adds value.
Who is it for?
Companies of roughly 50 to 250 people in the European Mittelstand that know they fall under NIS 2 and want structure, not a sales pitch.
Does it only cover NIS 2?
NIS 2 is the focus. ISO 27001 is activated alongside it, and overlapping GDPR duties are carried over rather than duplicated.