We make your company fit for IT security

NIS-2-Compliance for companies

Successfully implement cyber security requirements with UNITY!

Many companies in the European Union are facing a very important issue: the NIS 2 Directive. This directive, which was adopted in December 2022, concerns network and information security and sets requirements for companies to ensure it.

The NIS 2 directive aims to strengthen the EU's resilience to cyber attacks and thus increase public safety. Companies affected by this directive must adapt their security measures and ensure that they comply with the requirements. This particularly affects companies operating in the energy, transport, banking or healthcare sectors.

As a management consultancy, we specialize in advising companies on security and risk management issues in Europe. We would be happy to support you in implementing the requirements of the NIS 2 Directive and help you improve your network and information security. Feel free to contact us to learn more about how we can support you.

The Impacts of NIS-2 on European companies

Many companies are affected

Medium sized: >50 Employees and >10 millionen euros in revenue

Large: >250 Employees and >50 millionen euros in revenue

To whom does the directive apply?

A total of 18 sectors are affected, including digital infrastructure, public administration and the manufacturing industry

Very high penalties

Major companies: 10 Million euros or 2% of global revenue

Important companies: 7 Million euros or 1.4% of global revenue

Stricter reporting obligations

Security incidents must be reported after 24 hours (early warning) and 72 hours (assessment)

High demands on IT security

Much stricter requirements for e.g., risk management, BCM, suppliers and IT systems

Monitoring by authorities

Establishment of Computer Security Incident Response Teams in EU member states, regular checks and reporting to the EU authority

Unsere Consulting Services für NIS-2-Compliance für Unternehmen

Umsetzung der Anforderungen und Richtlinien

Die NIS-2-Richtlinie ist ein komplexes Thema, das viele Anforderungen an Unternehmen stellt, insbesondere in Bezug auf die Netz- und Informationssicherheit. UNITY hilft Ihnen, die Anforderungen der Richtlinie zu verstehen und umzusetzen.

Identifizierung von Schwachstellen und Risiken

UNITY hilft bei der Identifizierung von Schwachstellen und Risiken, die im Zusammenhang mit der Netz- und Informationssicherheit stehen. Hierzu kann eine umfassende Risikoanalyse durchgeführt werden, um mögliche Bedrohungen zu erkennen und geeignete Schutzmaßnahmen zu ergreifen.

Entwicklung eines effektiven Sicherheitskonzepts

UNITY entwickelt mit Ihnen ein effektives Sicherheitskonzept, das den Anforderungen der NIS-2-Richtlinie entspricht. Dies umfasst die Auswahl geeigneter Sicherheitstechnologien, die Schulung von Mitarbeitern im Bereich der IT-Sicherheit sowie die Einführung von Maßnahmen zur Überwachung und zum Schutz des Netzwerks.

Sicherstellung der Informationssicherheit

Über die NIS-2-Richtlinie hinaus wirft UNITY einen gesamtheitlichen Blick auf Ihre Informationssicherheit, um Security-Prozesse effektiver und effizienter zu gestalten. Profitieren Sie durch Anwendung von Best Practices im Bereich der Netz- und Informationssicherheit, stärken Sie Ihre Wettbewerbsfähigkeit oder erschließen Sie neue Geschäftsmöglichkeiten.

Large and medium-sized companies from the following sectors are affected

Major companies:

  • Energy
  • Traffic
  • Banking
  • Financial market infrastructure
  • Healthcare
  • Drinking water
  • Sewage
  • Digital infrastructure
  • Management of ICT services B2B
  • Public administration
  • Space

Important companies:

  • Postal and courier services
  • Waste management
  • Chemistry
  • Food
  • Manufacturing industry
  • Digital service providers
  • Research (facultative)

NIS-2-Schedule and deadlines


EU agency ENISA draws up guidelines for the application of the NIS 2 Directive


NIS 2 must be implemented in national legislation


Individual states will create lists of which companies are classified as major and important (to be reviewed every 2 years)

FAQ on the NIS-2-Compliance

  • What specific details have to be taken into account in Germany?

    In Germany, there are a number of technical standards and certifications that can help companies meet the requirements of the NIS 2 Directive. Examples include ISO 27001 certification for information security management systems and the BSI IT Grundschutz Compendium of the Federal Office for Information Security.

    Companies that are already subject to the BSI Critical Infrastructure (KRITIS) Regulation or the Security Act 2.0 of the Federal Office for Information Security have already established a high level of security in the past. Nevertheless, it is also advisable here to use a gap analysis to identify possible gaps for NIS 2.

    A successor for the implementation of the NIS 2 Directive is still open, but this should be in place by October 2024 at the latest.

  • How will NIS-2 be applied in Austria?

    In Austria, the previous EU NIS Directive was implemented through the Austrian NIS Ordinance (BGBl. II No. 215/2019) and the Austrian NIS Act (BGBl. I No. 111/2018). A successor for the NIS 2 Directive is still open, possibly the NIS Act will be amended for the new requirements.

    In Austria, there are a number of technical standards and certifications that can help companies meet the requirements of the NIS 2 Directive. Examples include the ISO 27001 certification for information security management systems and the Austrian Information Security Handbook.

  • What specific details apply in Switzerland?

    Switzerland is not a member of the European Union and is therefore not directly bound by the NIS 2 Directive. However, Switzerland has similar cyber security provisions, and the requirements for critical infrastructure operators and service providers are similar to those specified in the NIS-2 Directive.

    In Switzerland, the National Cyber Security Center (NCSC) is responsible for coordinating and implementing cyber security measures. The NCSC works closely with critical infrastructure operators and other relevant partners to ensure the security of the Swiss cyberspace.

  • When should I get involved in NIS-2?

    As a company or organization, you should address the NIS 2 Directive as early as possible, especially if you are a critical infrastructure operator or digital service provider.

    If the NIS 2 Directive applies to you, you must take appropriate action promptly once your industry is brought within the scope of the NIS 2 Directive to avoid large penalties.

    Even if your company is not directly affected by the NIS 2 Directive, it can still benefit from the regulations by improving its cyber security measures and better protecting itself against cyber attacks. We can help you take appropriate measures to improve your cyber security and make your business processes more secure.

Make an appointment with our experts

Depending on the topic, we provide you with the right experts. Select your preferred date from our calendar and discuss your concerns with our experts by phone or via Microsoft Teams without any obligation. We look forward to getting to know you!

Book an appointment

Your contacts for NIS-2-Compliance

Michael Happ

Head of Cyber Security

Cologne, Germany
Contact us

Sebastian Befeld

Head of Business Area

Paderborn, Germany
Contact us

Christoph Plass

Executive Board Member

Paderborn, Germany
Contact us