Implement NIS2 requirements systematically

All cybersecurity obligations of the NIS2 directive in one integrated platform - from risk management to incident reporting.

Official name: EU Directive 2022/2555 on Measures for a High Common Level of Cybersecurity (NIS2)

The Challenge

The NIS2 directive significantly expands cybersecurity obligations: more sectors and organizations are affected, risk management and reporting requirements are stricter, and personal liability for management is newly established. Implementation requires tight integration of IT security, risk management and compliance.

Our Solution

Aldric supports NIS2 implementation with modules for ISMS management, incident management, business continuity and TOM documentation. The integrated platform enables structured documentation of cybersecurity measures and timely fulfillment of reporting obligations.

Key Regulations

Art. 21 - Risk Management Measures

Obligation to implement appropriate technical, operational and organizational risk management measures.

Art. 23 - Reporting Obligations

Tiered reporting obligations for significant security incidents (24h, 72h, 1 month).

Art. 20 - Governance

Responsibility of management bodies for approving and overseeing cybersecurity measures.

Art. 29 - Information Sharing

Voluntary exchange of cybersecurity information between essential and important entities.

Supported Modules

๐Ÿ›ก๏ธ

Cybersecurity Risk Management

Implement systematic risk management for network and information systems according to NIS2 requirements.

๐Ÿšจ

Incident Reporting

Report significant security incidents within the tiered NIS2 deadlines (24h early warning, 72h initial assessment).

๐Ÿ”„

Business Continuity

Plan backup management, crisis management and recovery measures for emergencies.

๐Ÿ”—

Supply Chain Security

Assess security risks from suppliers and service providers and document requirements.

๐Ÿ“‹

Governance & Training

Fulfill NIS2 obligations for cybersecurity training of management and employees.

Your Path to Compliance

  1. 1

    Scope assessment

    Determine whether your organization qualifies as an essential or important entity under NIS2.

  2. 2

    Risk assessment

    Identify and assess cybersecurity risks for your network and information systems.

  3. 3

    Implement measures

    Deploy technical and organizational measures for risk mitigation.

  4. 4

    Set up reporting

    Establish processes for timely reporting of security incidents.

  5. 5

    Monitor & demonstrate

    Document all measures and prepare for regulatory inspections.

Frequently Asked Questions

Which organizations are subject to NIS2?

NIS2 covers organizations across 18 sectors, including energy, transport, healthcare, digital infrastructure and manufacturing. Essential entities (250+ employees or EUR 50M+ turnover) and important entities (50+ employees or EUR 10M+ turnover) are affected.

What are the key reporting obligations under NIS2?

For significant security incidents, organizations must submit an early warning within 24 hours, an initial assessment within 72 hours and a final report within one month to the competent authority.

Is management personally liable under NIS2?

Yes, NIS2 establishes personal responsibility for management bodies regarding the implementation of cybersecurity measures. Management must undergo training and approve risk management measures.

How do NIS2 and ISO 27001 relate to each other?

ISO 27001 provides a recognized framework for information security that covers many NIS2 requirements. An existing ISO 27001 ISMS significantly facilitates NIS2 compliance. Aldric supports both standards in parallel.

When does NIS2 need to be implemented?

EU member states were required to transpose NIS2 into national law by October 2024. In Germany, implementation is through the NIS2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG).

Related Modules

ISMS / ISO 27001 Controls

Implement and monitor your information security management system.

Learn more

Incident & Breach Management

Detect, report and document data breaches within the 72-hour deadline.

Learn more

Business Continuity Management

Plan and test your business continuity and emergency processes.

Learn more

Technical & Organizational Measures

Manage and document your TOMs according to Art. 32 GDPR and ISO 27001.

Learn more

Policies & Training

Create, distribute and track compliance policies and employee training.

Learn more

Related Use Cases

Chief Information Security Officer
Executive Management
Compliance Manager

Ready for Efficient Compliance Management?

Start with a free demo and discover how Aldric simplifies your compliance processes.

Request Demo View Pricing