Which companies must implement NIS2?

Companies from sectors: energy, transport, banks, finance, healthcare, water, digital infrastructure, public administration, space, and large companies (250+ employees or 50M€ turnover) from selected sectors.

What requirements does NIS2 set?

NIS2 requires: risk management policies, technical security measures, incident response procedures, business continuity, supply chain security, staff training, and regular testing.

What penalties threaten for NIS2 non-compliance?

Financial penalties up to 10M€ or 2% of global turnover (whichever is higher), personal liability of management, temporary suspension of operations, and public reprimands.

How long does NIS2 implementation take?

Comprehensive implementation takes 6-12 months depending on organization size and security state. We recommend starting with gap analysis and gradual implementation of required security measures.

How much does NIS2 implementation cost?

Costs depend on company size and security state: small companies from 25,000 USD, medium from 75,000 USD, large organizations from 200,000 USD. We offer free compliance analysis and quotes.

NIS2 Implementation

Q: What is the NIS2 directive?

NIS2 is an EU cybersecurity directive effective from October 2024, which imposes requirements on companies in key sectors regarding cybersecurity risk management, incident reporting, and system resilience.

Comprehensive support in NIS2 directive implementation. We ensure compliance with the latest EU cybersecurity requirements.

Poland missed the October 17, 2024 deadline

What is the NIS2 directive?

NIS2 is the latest EU cybersecurity directive that will replace NIS and introduce significantly broader requirements for organizations in the EU.

NIS2 deadlines

24h

24 hours

To report a significant incident

72h

72 hours

To submit a complete report

Who must implement NIS2?

The NIS2 directive covers organizations from critical and important sectors employing at least 50 employees or achieving annual turnover above 10 million EUR

Important for companies in Poland

In Poland, it is estimated that NIS2 will cover approximately 3000-4000 organizations from various sectors. Even smaller companies may be covered if they provide digital services or cooperate with critical sectors.

CRIT

Critical sector

Organizations providing services essential for society's functioning

NIS2 coverage criteria

≥50 employees or ≥10 million EUR annual turnover

Example sectors:

Energy (power plants, distribution networks)

Transport (railways, ports, airports)

Banking and financial market infrastructure

Digital infrastructure (IXP, DNS, TLD)

Crisis management

Public administration

Obligations:

High compliance requirements and severe penalties up to 10 million EUR

Additional information:

Personal responsibility of management for cybersecurity

IMP

Important sector

Organizations important for economy and society

NIS2 coverage criteria

≥50 employees or ≥10 million EUR annual turnover

Example sectors:

Postal and courier operators

Waste management

Chemical production

Food production

Medical device manufacturing

Digital service providers (cloud, marketplace, search engines)

Obligations:

Standard NIS2 requirements, penalties up to 7 million EUR

Additional information:

Smaller companies may be covered when meeting thresholds

NIS2 requirements

Six main areas of cybersecurity requirements

Risk management

Comprehensive approach to identifying, assessing and managing cybersecurity risks.

Cybersecurity risk management policies

Regular risk analysis and assessment

Risk mitigation measures

Risk monitoring and review

Systems security

Securing IT systems and networks against cyber threats.

Current security systems

System configuration and management

Sensitive data encryption

Access control and authorization

Incident response

Procedures for detecting, responding to and recovering from cybersecurity incidents.

Incident response plan

Incident response team

Escalation procedures

Communication with CSIRT/CERT

Business continuity

Ensuring continuity of critical systems operation and rapid service restoration.

Business continuity plan

Backup and recovery procedures

Emergency plan testing

Alternative systems

Supply chain

Managing cybersecurity risk in supply chain and with suppliers.

Supplier security assessment

Partner requirements

Supply chain monitoring

Contracts with security clauses

Reporting

Reporting obligations to supervisory authorities and cooperation with CSIRT.

Incident reporting procedures

Cooperation with CSIRT/CERT

Documentation for authorities

Regular compliance reports

NIS2 implementation stages

Structured process for implementing directive requirements

Initial consultation

Time: 1-2 days

Analysis of current cybersecurity state and determination of NIS2 requirements scope for your organization.

Deliverables:

Initial compliance assessment

Security gap identification

Remediation action plan

Implementation timeline

NIS2 audit

Time: 1-2 weeks

Detailed audit of all aspects required by the NIS2 directive in the context of your infrastructure.

Deliverables:

Complete NIS2 audit report

Cybersecurity risk map

IT asset inventory

Current policies assessment

Remediation action plan

Time: 3-5 days

Development of detailed implementation plan for all NIS2 requirements with action prioritization.

Deliverables:

Detailed implementation plan

Timeline with milestones

Budget and required resources

Implementation risk analysis

Policy implementation

Time: 4-12 weeks

Implementation of security policies, procedures and technical measures compliant with NIS2.

Deliverables:

Cybersecurity policies

Incident response procedures

Process documentation

Security configuration

Testing and training

Time: 2-4 weeks

Conducting compliance tests and training the team on new policies and procedures.

Deliverables:

Penetration tests

Incident simulations

Training materials

Completion certificates

Ongoing support

Time: Ongoing

Continuous support in maintaining NIS2 compliance and updating documentation and procedures.

Deliverables:

Compliance monitoring

Documentation updates

Regular reviews

24/7 technical support

Benefits of NIS2 implementation

Why it's worth professionally implementing NIS2 requirements

Legal compliance

Full adaptation to NIS2 directive requirements and Polish implementing regulations.

Avoiding penalties

Protection against financial penalties reaching 10 million EUR or 2% of revenue.

Enhanced security

Real improvement of organization's cybersecurity level and data protection.

Competitive advantage

Building customer and partner trust by demonstrating high security standards.

Don't delay NIS2 implementation

Although Poland missed the October deadline, implementation in 2025 is inevitable. Prepare now to avoid penalties and be ready for new regulations.

Free

Initial consultation

1-2 days

Initial compliance assessment

12 weeks

Full NIS2 implementation

Implementation status in Poland

Poland did not implement NIS2 on time (October 17, 2024). The European Commission initiated infringement procedures against 23 member states, including Poland.

New Polish regulations will come into force in 2025. Non-compliant organizations may be penalized with fines up to 10 million EUR or 2% of annual turnover. Management bears personal responsibility for cybersecurity.

Start cooperation today

Get a free consultation and personalized offer for your business

We'll respond within 5 minutes