NIS-2: What matters now

With Pently's free NIS-2 Assessment, find out in just a few clicks whether your company falls under NIS-2 and what you need to do to become compliant.

What is NIS-2, and why does it matter for your business?

Previous EU cybersecurity rules (like NIS1) applied to very few companies and are no longer sufficient. Since 2025, NIS-2 has introduced significantly stricter requirements. It applies to companies considered essential or important to society, including:

  • Energy
  • Logistics & Transport
  • Manufacturing
  • Critical Supply Chains
Important:Mid-sized companies in particular are often affected, without knowing it, or without knowing whether they're properly prepared.

What's actually new with NIS-2?

The NIS-2 Directive is already in force. Many mid-sized companies are affected but don’t know it, or they underestimate how urgent the need to act is. At the same time, many other companies are unsure whether they need to do anything at all. The key priority now is to gain clarity on whether action is required—and if so, what needs to be done.

Management liability

CEOs and executives are now personally responsible, and potentially personally liable. Responsibility can no longer simply be delegated to IT.

Reporting obligations

Significant cyber incidents must be reported within 24 hours. A detailed report is required within 72 hours. This can be particularly challenging for SMEs without large IT teams or on-site resources.

Due diligence

Companies must implement concrete technical and organizational security measures. Including access controls, encryption, backup concepts, and defined incident response processes.

Supply chains

NIS-2 doesn't just apply to your company, it extends to the supply chain too. Service providers and suppliers can be indirectly held accountable if they're part of critical business processes.

Penalties

Violations can result in fines of up to €10 million or up to 2% of global annual revenue. For SMEs in particular, the consequences can be severe.

Why many companies aren't NIS-2-compliant yet

  • No continuous 24/7 monitoring of IT and cloud infrastructure
  • Unclear responsibilities in the event of an incident
  • Lack of personnel and financial resources
  • No clear picture of existing security and compliance measures

A clear path to NIS-2 compliance. With Pently.

1.NIS-2 Assessment

A free analysis of your current situation.

2.NIS-2 Registration

If required, we handle your BSI registration at no cost. So you don't have to worry about anything.

3.NIS-2 Roadmap

A clear, step-by-step roadmap with actionable measures to get you to compliance.

4.24/7 Monitoring & Support

Round-the-clock monitoring from Germany, including support for reporting security incidents.

Why Pently

  • Local contacts who speak your language
  • Transparent, predictable services
  • Clear roadmaps, no ad hoc actions
  • Relief for internal IT teams
  • End-to-end responsibility: from consulting to operations

What mattered most to us was having a local contact who speaks our language and can handle all NIS-2 matters quickly and easily. We're very happy with Pently.

MM

Michael M.

CEO

Get in Touch with our Experts Now

Secure your business today - with Pently as your trusted partner. As your local partner, we’re always close - and focused on keeping your business safe.

Contact us now