NIS-2

We Support You on Your Path to Compliance

NIS-2

We Support You on Your Path to Compliance

With the NIS‑2 Directive (Network and Information Security Directive 2, NIS-2), the EU is significantly tightening Cyber Security requirements. In addition to traditional operators of critical infrastructure, numerous other companies now fall within the scope of the Directive. Cybersecurity risk-management measures, reporting obligations, evidence requirements and the direct involvement of management bodies are becoming mandatory.

Key Requirements of the NIS-2 Directive

NIS-2 requires a structured interplay of governance, risk management and operational implementation, and therefore goes well beyond individual technical measures. Cybersecurity thus becomes an integral part of corporate governance.

Companies must systematically assess risks, derive appropriate measures and demonstrate their effectiveness. Responsibilities, decision-making paths and escalation processes must be clearly defined. In addition, NIS-2 requires reliable evidence and timely reporting of security incidents. The decisive factor is not the sum of individual measures, but their structured and verifiable integration into the organization — depending on the classification as an essential or important entity.

Companies Operating Internationally Face an Additional Challenge

Since the NIS-2 Directive is transposed into national law, requirements, deadlines and competent authorities may differ from country to country. We support you with central coordination and governance matters when dealing with different regulatory requirements.

Why NIS-2 with usd AG?

Industry Experience

We have supported companies in critical and regulated sectors for many
years and understand typical challenges, decision-making paths and
regulatory interfaces. We apply this understanding to your
NIS-2 implementation.

Integration of Regulatory Requirements

We integrate regulatory requirements into existing management
systems and structures, reducing complexity and duplicate effort,
especially in large organizations

ISMS Expertise

ISMS is a core part of our work – from implementation to audit readiness.
Drawing on our experience from extensive ISO 27001, KRITIS and
comparable projects, we develop practical structures

Support Through Implementation

We support you from assessing whether NIS-2 applies to your organization,
through designing suitable measures, to implementing and
embedding them in policies and processes.

Why NIS-2 with usd AG?

Industry Experience

We have supported companies in critical and regulated sectors for many years and understand typical challenges, decision-making paths and regulatory interfaces. We apply this understanding to your NIS-2 implementation.

Integration of Regulatory Requirements

We integrate regulatory requirements into existing management systems and structures, reducing complexity and duplicate effort, especially in large organizations.

ISMS Expertise

ISMS is a core part of our work — from implementation to audit readiness. Drawing on our experience from extensive ISO 27001, KRITIS and comparable projects, we develop practical structures.

Support Through Implementation

We support you from assessing whether NIS-2 applies to your organization, through designing suitable measures, to implementing and embedding them in policies and processes.

How usd AG Supports You with NIS-2 Compliance

NIS-2 Services by usd AG

Companies face very different challenges when it comes to NIS-2: while some still need to establish fundamental structures such as an ISMS, others need to adapt existing processes to new requirements, provide evidence or clarify responsibilities. We start exactly where you have a concrete need for action. 

1. Readiness Assessment (including Gap Analysis)

You receive a structured assessment of your implementation status against the requirements of NIS-2. We examine your organization, processes and technology, taking into account existing documentation and key stakeholders.

The result is a reliable assessment of your maturity level and the identified areas for improvement. Based on this, we prioritize the next steps and translate the results into an implementation roadmap that is aligned with the state of the art and takes your strategic objectives into account.

2.  Implementation of NIS-2 Measures

Based on the readiness assessment, we support you in implementing the identified measures. Together, we establish policies, processes and controls that are aligned with your individual risk profile.

Structured Implementation with an ISMS (ISO 27001)

An ISMS based on ISO 27001 provides a proven framework for implementing NIS-2 requirements in a structured, transparent and sustainable way  from defining responsibilities to regularly reviewing effectiveness.

Even if your organization is based on other frameworks, we support you on the basis of existing standards such as BSI C5 or in line with the relevant regulatory requirements. At the same time, we support you in classifying and aligning NIS-2 in relation to existing regulatory requirements, for example from KRITIS regulation, the Cyber Resilience Act (CRA) or sector-specific requirements.

Key Areas of Action for NIS-2 Implementation 

The following areas are often particularly relevant during NIS-2 implementation:

Incident Management
We support you in establishing structured processes so that security incidents are detected early, assessed and handled effectively.

Business Continuity Management
We support you in establishing robust business continuity and recovery processes to maintain critical business processes in the event of disruptions.

Supply Chain Security
We support you in the risk-based selection, management and monitoring of service providers and suppliers.

3. Effectiveness Review and Internal Audit

Internal audits provide you with an independent and realistic assessment of your ISMS and associated processes with regard to NIS-2 requirements. We review effectiveness and maturity and clearly identify where concrete improvement is needed.

4. Operational Support

Even after implementation and audit, we support you in ongoing operations. We help you continuously improve your processes and, if desired, take on operational tasks within an ISMS, such as maintaining policies, conducting reviews or preparing for audits.
In addition, we support you in identifying new requirements at an early stage (e.g. from DORA, CRA or the EU AI Act) and integrating them into existing structures.

In-Depth Services for Selected NIS-2 Topics

Practical Check of Your Reporting and Incident Processes
Clear reporting and decision-making processes are essential for reliably detecting and classifying security incidents and reporting them to the competent authorities within the required deadlines. In tabletop exercises, we simulate real security incidents and work with your teams to review whether reporting channels, escalation levels and decision-making processes also work under time pressure.

NIS-2 Training 
In role-specific training sessions, we provide specialists and managers with the NIS-2 requirements relevant to them and support them in integrating these requirements into existing workflows. In addition to awareness formats, we also deliver the mandatory management training required under NIS-2.

Due Diligence Assessments
As part of due diligence assessments, we analyze the security-related processes and measures of service providers and suppliers and support you in systematically assessing and addressing existing risks.

Crisis Team Exercises 
In crisis team exercises, we simulate complex disruption and outage scenarios and work with your crisis team to review whether roles, decision-making paths and communication processes also work under realistic conditions.

Please Contact Us with Any Questions or Queries.

Felix Schmidt
Executive Board Member usd Security Consulting

More Information on NIS-2

NIS-2 Implementation Act Now in Force

NIS-2 Draft Bill under Examination: Everything You Need to Know

NIS-2 and DORA: Why Two Pieces of EU Cybersecurity Legislation?