NIS-2
We Support You on Your Path to Compliance
With the NIS‑2 Directive (Network and Information Security Directive 2, NIS-2), the EU is significantly tightening Cyber Security requirements. In addition to traditional operators of critical infrastructure, numerous other companies now fall within the scope of the Directive. Cybersecurity risk-management measures, reporting obligations, evidence requirements and the direct involvement of management bodies are becoming mandatory.
Key Requirements of the NIS-2 Directive
NIS-2 requires a structured interplay of governance, risk management and operational implementation, and therefore goes well beyond individual technical measures. Cybersecurity thus becomes an integral part of corporate governance.
Companies must systematically assess risks, derive appropriate measures and demonstrate their effectiveness. Responsibilities, decision-making paths and escalation processes must be clearly defined. In addition, NIS-2 requires reliable evidence and timely reporting of security incidents. The decisive factor is not the sum of individual measures, but their structured and verifiable integration into the organization — depending on the classification as an essential or important entity.
Companies Operating Internationally Face an Additional Challenge
Since the NIS-2 Directive is transposed into national law, requirements, deadlines and competent authorities may differ from country to country. We support you with central coordination and governance matters when dealing with different regulatory requirements.
Why NIS-2 with usd AG?
Why NIS-2 with usd AG?
How usd AG Supports You with NIS-2 Compliance
Companies face very different challenges when it comes to NIS-2: while some still need to establish fundamental structures such as an ISMS, others need to adapt existing processes to new requirements, provide evidence or clarify responsibilities. We start exactly where you have a concrete need for action.
1. Readiness Assessment (including Gap Analysis)
You receive a structured assessment of your implementation status against the requirements of NIS-2. We examine your organization, processes and technology, taking into account existing documentation and key stakeholders.
The result is a reliable assessment of your maturity level and the identified areas for improvement. Based on this, we prioritize the next steps and translate the results into an implementation roadmap that is aligned with the state of the art and takes your strategic objectives into account.
2. Implementation of NIS-2 Measures
Based on the readiness assessment, we support you in implementing the identified measures. Together, we establish policies, processes and controls that are aligned with your individual risk profile.
Structured Implementation with an ISMS (ISO 27001)
An ISMS based on ISO 27001 provides a proven framework for implementing NIS-2 requirements in a structured, transparent and sustainable way — from defining responsibilities to regularly reviewing effectiveness.
Even if your organization is based on other frameworks, we support you on the basis of existing standards such as BSI C5 or in line with the relevant regulatory requirements. At the same time, we support you in classifying and aligning NIS-2 in relation to existing regulatory requirements, for example from KRITIS regulation, the Cyber Resilience Act (CRA) or sector-specific requirements.
Key Areas of Action for NIS-2 Implementation
The following areas are often particularly relevant during NIS-2 implementation:
Incident Management
We support you in establishing structured processes so that security incidents are detected early, assessed and handled effectively.
Business Continuity Management
We support you in establishing robust business continuity and recovery processes to maintain critical business processes in the event of disruptions.
Supply Chain Security
We support you in the risk-based selection, management and monitoring of service providers and suppliers.
3. Effectiveness Review and Internal Audit
Internal audits provide you with an independent and realistic assessment of your ISMS and associated processes with regard to NIS-2 requirements. We review effectiveness and maturity and clearly identify where concrete improvement is needed.
4. Operational Support
Even after implementation and audit, we support you in ongoing operations. We help you continuously improve your processes and, if desired, take on operational tasks within an ISMS, such as maintaining policies, conducting reviews or preparing for audits.
In addition, we support you in identifying new requirements at an early stage (e.g. from DORA, CRA or the EU AI Act) and integrating them into existing structures.
In-Depth Services for Selected NIS-2 Topics
Practical Check of Your Reporting and Incident Processes
Clear reporting and decision-making processes are essential for reliably detecting and classifying security incidents and reporting them to the competent authorities within the required deadlines. In tabletop exercises, we simulate real security incidents and work with your teams to review whether reporting channels, escalation levels and decision-making processes also work under time pressure.
NIS-2 Training
In role-specific training sessions, we provide specialists and managers with the NIS-2 requirements relevant to them and support them in integrating these requirements into existing workflows. In addition to awareness formats, we also deliver the mandatory management training required under NIS-2.
Due Diligence Assessments
As part of due diligence assessments, we analyze the security-related processes and measures of service providers and suppliers and support you in systematically assessing and addressing existing risks.
Crisis Team Exercises
In crisis team exercises, we simulate complex disruption and outage scenarios and work with your crisis team to review whether roles, decision-making paths and communication processes also work under realistic conditions.
Please Contact Us with Any Questions or Queries.
Felix Schmidt
Executive Board Member usd Security Consulting
More Information on NIS-2
NIS-2 Implementation Act Now in Force
NIS-2 Draft Bill under Examination: Everything You Need to Know
NIS-2 and DORA: Why Two Pieces of EU Cybersecurity Legislation?