Compliance & strategy · Plan

NIS-2 understood, applicability checked, delivered.

Applicability clarity in 15 minutes. A pragmatic roadmap in four weeks. Delivery instead of consultant jargon, from practitioners who know both audits and operations.

BSI-aligned · Executive Management briefing · Supply Chain Obligations covered

At a glance

15 mins
Online applicability check
4 wk
until a concrete roadmap
21+
NIS-2 obligations mapped
€10 million
Executive liability addressed

100.000+ mitigated cyber incidents

  • SecuriTy Made in Germany
  • Microsoft Solutions Partner Security
  • Microsoft Solutions Partner Infrastructure Azure
  • Microsoft Solutions Partner Infrastructure Data & AI
  • Kununu Top Company 2025
  • Alliance for Cyber Security

NIS-2 takes effect – whether you are prepared or not.

How Pently does it differently

NIS-2 as practice, not as a slide war.

Free online check.

Clarity on sector, size class and concrete applicability in 15 minutes, including a take-away PDF for the Executive Management.

Roadmap after four weeks.

We deliver a gap analysis, prioritised measures and effort estimates, not an 80-page concept to read by yourself.

Consultants who run operations themselves.

Our NIS-2 consultants also work in the SOC and on audits. They know which measure works in daily operations, not just which one looks good in an audit.

Supply Chain Obligations included.

We deliver contract clauses, supplier evaluation grids and escalation templates. This ensures your obligation is properly anchored in supplier relations.

At a glance

  • NIS-2 applicability analysis with Executive Management briefing
  • Gap analysis against the 21+ NIS-2 obligation areas
  • Prioritised measures roadmap with effort and ownership
  • Risk-management framework that protects the Executive Management
  • Incident and reporting processes including the 24-hour BSI deadline
  • Supplier obligation pack: contracts, rating, escalation
  • Executive Management training – mandatory under NIS-2
  • Optional delivery support: in-house or as a managed service

How we work.

  1. 1

    Online check

    Clarity on applicability in 15 minutes. Free, instant.

  2. 2

    Workshop

    One-day strategy workshop with Executive Management, IT and compliance.

  3. 3

    Roadmap

    Gap analysis, prioritised measures, effort. Completed in four weeks.

  4. 4

    Delivery

    With your team or as a managed service – you decide per measure.

What mattered most to us was having a local contact who speaks our language and lets us resolve any NIS-2 matter quickly and easily. We are very happy with Pently.

Michael M.

Managing Director

Frequently asked questions.

When should we start?+

Now. The obligations already apply, and realistic delivery takes 9–18 months. An early roadmap significantly reduces stress and cost.

What penalties really apply?+

Up to €10 million or 2 % of worldwide group turnover per violation. Personal liability of the Executive Management for failing to approve risk measures.

Are we as an SME affected at all?+

Directly only from 50 employees or €10 million turnover in an affected sector. Indirectly, however, often earlier via supply chains – the online check verifies this.

Do we have to get our suppliers certified?+

No, but you must contractually anchor and verify security requirements. We provide rating grids and contract clauses.

Clarity on NIS-2 applicability, in 15 minutes.

Start with our free online check. Receive a concrete assessment of how your company is affected and concrete recommendations for action.