EU Directive 2022/2555 — enforcement underway

NIS2 readiness for mid-market EU and Swiss operators

Close the cybersecurity, governance, and supply-chain gaps that competent authorities now expect to see — before your next audit. Swiss-precision methodology built for in-scope essential and important entities.

Book a 30-min call
ISO 27001:2022 certified
Swiss-precision methodology
EU + Switzerland advisory experience

What you get in 90 days

Concrete deliverables, on a fixed timeline, with named outcomes per phase.

30 days

Scope, gap assessment, governance baseline

Formal scoping memo confirming essential/important entity classification, NIS2 gap assessment against the 10 minimum measures, and a governance role map naming the accountable executive.

60 days

Risk register, supplier inventory, incident playbook

Tiered ICT supplier inventory with risk ratings, risk register linked to controls, and an incident-response procedure aligned to the 24h / 72h / 1-month reporting cadence.

90 days

Audit-ready evidence pack and management training

Evidence pack mapped to the NIS2 minimum measures, board-level training delivered, and a compliance dashboard handed over for ongoing monitoring.

Implementation Approach

Our NIS2 Implementation Method

We map our proven Operational Integration framework to NIS2 requirements, delivering measurable compliance outcomes with Swiss precision.

1

Risk Assessment & Gap Analysis

2-3 weeks

Comprehensive evaluation of your current cybersecurity posture and NIS2 compliance gaps

Weeks 1-3

Deliverables:

NIS2 compliance gap analysis across all systems
Cybersecurity risk assessment framework
Vendor compliance evaluation and mapping
Incident response capability review
Security controls audit and scoring
2

Security Framework Implementation

4-6 weeks

Implement required security controls and processes to meet NIS2 requirements

Weeks 4-9

Deliverables:

Security policies and procedures documentation
Incident response playbooks and workflows
Vendor management and monitoring framework
Security monitoring and alerting systems
Business continuity and disaster recovery plans
3

Operational Integration

2-4 weeks

Integrate NIS2 compliance into daily operations and team workflows

Weeks 7-10

Deliverables:

Real-time security monitoring dashboard
Automated incident detection and reporting
Vendor compliance monitoring system
Employee training and awareness program
Continuous improvement and audit framework
4

Testing & Validation

1-2 weeks

Validate compliance and test incident response capabilities

Weeks 9-10

Deliverables:

Incident response tabletop exercises
Security controls testing and validation
Vendor compliance verification
Audit trail and logging verification
Compliance certification and documentation

Expected Outcomes

100%

Vendor compliance rate

-75%

Manual security effort

<24h

Incident response time

0

Compliance violations

Frequently asked questions

The questions compliance leads ask us most about NIS2.

NIS2 covers medium and large entities (50+ employees or €10M+ turnover) in 18 sectors including energy, transport, banking, health, digital infrastructure, and digital service providers. Smaller entities are also in scope when they are sole providers of an essential service. Switzerland is not bound by NIS2 directly, but Swiss subsidiaries of EU entities and Swiss firms providing services into the EU are typically pulled into scope through contractual flow-down.

Ready to start? Book a 30-min scoping call.

We diagnose where you stand against the standard, scope the right engagement, and send a written brief within 48 hours.

Diagnose your gap against the standard in 30 minLive walkthrough on your call
Receive a written engagement brief in 48 hoursScope, timeline, fixed deliverables
Decide on terms before any work startsNo commitment until you sign
Book a 30-min callTalk to our team