Services

The NIS-2 directive – Cybersecurity becomes a corporate obligation

The NIS 2 directive (Network and Information Security Directive 2) is an EU-wide directive aimed at strengthening cybersecurity. It was introduced as a further development of the original NIS Directive and is a direct response to the increasing number of cyberattacks, ransomware, supply chain attacks, and IT failures across Europe.

The aim of the directive is to create a uniformly high level of security for network and information systems in the European Union. Companies should be better able to identify and minimize cyber risks and manage security incidents in a structured manner. At the same time, the resilience of critical and economically important organizations should be strengthened.

Implementation will take place at national level – in Germany via the NIS-2 Implementation Act (NIS2UmsuCG) – and will entail binding requirements that go significantly beyond the previous NIS Directive.

< back to overview

accompio is your IT service provider for NIS-2 implementation

Analysis & classification using our NIS-2 self-check
Security assessment & gap analysis based on your existing IT structure
Technical protective measures, including implementation and support
Organizational & procedural support for raising employee awareness
Long-term support & compliance to keep measures up to date

We support you with the implementation of NIS-2

Who does NIS-2 affect?

NIS-2 is the second EU directive on network and information security. It is primarily aimed at medium-sized and large companies that:

are active in critical or important sectors (e.g., energy, health, IT services, industry, logistics, food, water, waste management, digital services)

Important facilities are recorded if they:

have at least 50 employees or
more than €10 million in annual turnover/balance sheet total

Particularly important facilities are recorded if they:

are active in one of the sensitive sectors listed in NIS-2
and have at least 250 employees or
more than €50 million in annual revenue and €43 million in annual balance sheet total

CRITIS operators in particular are an attractive target for cyberattacks, as they can cause potentially high economic damage, including supply disruptions. Organizations affected by NIS-2 are subject to different but clearly defined obligations.

Introduction of systematic information security management
Implementation of risk analyses and protective measures
Timely reporting of security incidents
Active involvement of senior management
Measures to secure the supply chain and service providers

Violations can result in heavy fines, liability risks for management, and significant damage to reputation.

Start NIS-2 self-check now!(German form)

How accompio supports you as an IT service provider with NIS-2

The implementation of NIS-2 is complex – and affects technology, organization, and processes. This is exactly where we come in as an experienced IT service provider.

We provide you with practical, understandable, and targeted support in the implementation of NIS-2 – regardless of whether you are just starting out or want to further develop existing security measures.

With us as your IT service provider, you gain:

Support with the implementation and introduction of NIS-2 requirements
Transparency regarding risks and necessary actions
Relief for your internal resources
Increased IT security and resilience for your company

View the NIS-2 white paper now! (German version)

Your path to NIS-2 compliance

NIS-2 requires companies to take a proactive role in securing their network and information systems. For successful implementation, organizations should consider the following steps:

1

Risk analysis and security concepts
Implement comprehensive risk analysis procedures and develop security concepts that are tailored to all your information systems. Dies ist der Grundstein für eine solide Cybersicherheitsstrategie.a
2

Evaluation of risk management
The methods and processes of your risk management should be evaluated regularly to ensure their effectiveness and make adjustments where necessary.
3

Incident management
Create a robust concept for dealing with security incidents. This should include clear instructions on how to react in the event of an incident, as well as guidelines for reporting and resolving the situation.
4

Set up reporting systems
A transparent and efficient reporting system for security incidents is essential in order to meet the requirements of the NIS 2 directive and to be able to react quickly.
5

Risk analysis and security concepts
Implement comprehensive risk analysis procedures and develop security concepts that are tailored to all your information systems. Dies ist der Grundstein für eine solide Cybersicherheitsstrategie.a
6

Employee training
Provide your employees with regular cyber security training. A well-informed team is one of your best lines of defense against cyber threats.
7

Security of the supply chain
Ensure the security of your supply chain by reviewing and assessing the cybersecurity measures of your direct suppliers.

Quick start: the accompio NIS-2 self-check

The accompio NIS-2 self-check uses specific questions to provide you with direct information on whether your company could be affected by NIS-2. Contact our experts directly and get advice on implementing NIS-2.

Start NIS-2 self-check now!(German form)

accompio support for NIS-2 – at a glance

That’s what we ensure as your IT service provider:

Initial assessment of whether and to what extent your company falls under NIS-2
Analysis of your existing IT and security infrastructure
Identification of risks, vulnerabilities, and areas requiring action
Implementation of technical and organizational security measures
Support with documentation, processes, and reporting requirements
Ongoing support to ensure NIS-2 compliance

Back to overview

The NIS-2 directive – Cybersecurity becomes a corporate obligation